Here's a step-by-step guide on how to host the Cloudflare Tunnel Docker image on TrueNAS SCALE and use it to expose your self-hosted applications without requiring port forwarding.
Hosting Cloudflare Tunnel on TrueNAS SCALE¶
This guide will walk you through deploying Cloudflare Tunnel (Cloudflared) as a Docker container on TrueNAS SCALE. This allows you to securely expose your self-hosted services without opening ports on your router.
1. Prerequisites¶
- TrueNAS SCALE 24.10 (or latest)
- Cloudflare Account
- A Cloudflare-protected domain
- Docker Installed on TrueNAS SCALE
- Access to Cloudflare Zero Trust Dashboard
2. Setup Cloudflare Tunnel on Cloudflare Dashboard¶
- Log in to Cloudflare Zero Trust:
- Go to Cloudflare Zero Trust Dashboard.
-
Navigate to Access β Tunnels and click Create a tunnel.
-
Create a New Tunnel:
- Name your tunnel (e.g.,
truenas-tunnel). -
Select Docker as your environment.
-
Generate the Cloudflare Configuration File:
-
Cloudflare will give you a command similar to:
docker run -v /path/to/cloudflared:/etc/cloudflared cloudflare/cloudflared:latest tunnel --no-autoupdate run -
Copy the tunnel token that is generated.
3. Deploy Cloudflare Tunnel as a Docker Container on TrueNAS¶
Option 1: Using TrueNAS SCALE UI¶
- Go to Apps β Launch Docker Image
- Enter Image Details:
- Image Repository:
cloudflare/cloudflared:latest -
App Name:
cloudflare-tunnel -
Set Environment Variables:
- Add the following environment variable:
TUNNEL_TOKEN=<your-cloudflare-tunnel-token> -
Replace
<your-cloudflare-tunnel-token>with the token copied earlier. -
Mount a Persistent Volume:
-
Mount a dataset for Cloudflareβs configuration:
Host Path: /mnt/data/cloudflared Container Path: /etc/cloudflared -
Network Settings:
-
Set the networking mode to host.
-
Deploy the Container by clicking "Save & Deploy".
Option 2: Using TrueNAS SCALE CLI¶
If you prefer the command line, SSH into your TrueNAS server and run:
docker run -d --name cloudflare-tunnel \
--restart unless-stopped \
-e TUNNEL_TOKEN=<your-cloudflare-tunnel-token> \
-v /mnt/data/cloudflared:/etc/cloudflared \
cloudflare/cloudflared:latest tunnel run
4. Exposing Self-Hosted Applications¶
Once the Cloudflare tunnel is running, you need to configure routes for your self-hosted applications.
Add an Application Route in Cloudflare¶
- Go to Cloudflare Zero Trust Dashboard β Access β Tunnels.
- Select the tunnel you created (
truenas-tunnel). - Click Public Hostname β Add a Public Hostname.
- Subdomain:
app - Domain:
yourdomain.com - Service:
http://192.168.1.100:3000(Change to your actual service IP and port) - Click Save.
5. Verify Everything Works¶
- Run the following command inside the container to check logs:
docker logs -f cloudflare-tunnel - Open a browser and visit
https://app.yourdomain.com. - You should see your self-hosted application without needing to open any ports!
6. Additional Configurations¶
Updating the Cloudflare Tunnel Container¶
To update the cloudflared container:
docker pull cloudflare/cloudflared:latest
docker stop cloudflare-tunnel
docker rm cloudflare-tunnel
docker run -d --name cloudflare-tunnel \
--restart unless-stopped \
-e TUNNEL_TOKEN=<your-cloudflare-tunnel-token> \
-v /mnt/data/cloudflared:/etc/cloudflared \
cloudflare/cloudflared:latest tunnel run
Running Cloudflare Tunnel as a Systemd Service (Optional)¶
If you want to run cloudflared outside Docker, you can install it directly on TrueNAS SCALE:
curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared
chmod +x /usr/local/bin/cloudflared
cloudflared service install <your-cloudflare-tunnel-token>
systemctl start cloudflared
systemctl enable cloudflared
7. Summary¶
β
No need for port forwarding
β
Secure connection through Cloudflare
β
Easily expose multiple self-hosted apps
β
Automatic SSL with Cloudflare
You can now securely serve TrueNAS Web UI, Home Assistant, Gitea, and any other self-hosted applications using Cloudflare Tunnel! π