This blog post provides a guide on remotely accessing a local server, such as a Koha server, from anywhere using Cloudflare Tunnel. This free service eliminates the need for router configurations like port-forwarding and works without a static public IP address.
This tutorial leverages a Debian 11 server running on a NUC mini PC, a domain name from GoDaddy (although Freenom is a free alternative), and Cloudflare’s Zero Trust service.
Acquiring a Domain Name
Begin by securing a domain name using either GoDaddy (https://www.godaddy.com/en-in) or Freenom (https://www.freenom.com/en/index.html?lang=en). Choose a domain name that suits your needs and complete the registration process.
Creating a Cloudflare Account
Next, navigate to the Cloudflare Dashboard in your browser (https://dash.cloudflare.com/). Create a new account if you haven’t already and proceed to the dashboard.
Register your new site on Cloudflare using the domain name you obtained earlier. Enter the domain name and click “Add site.” Ensure you select the free tier during the process. Cloudflare will automatically scan for existing DNS records, but none will be found for a newly registered domain.
Updating Nameservers from GoDaddy to Cloudflare
Within the Cloudflare dashboard, navigate to DNS -> Records and scroll to the bottom to locate the provided nameservers. Copy these nameservers.
Log in to your GoDaddy account and go to My Products -> Account Settings -> Select Your Domain. Click on DNS and scroll down to find the existing Godaddy nameservers. Click on “Change,” select “Enter my own nameservers,” input the Cloudflare nameservers, and save the changes.
Nameserver updates typically take 1-12 hours. You can monitor the update status on your Cloudflare portal. A tick mark beside your site name confirms a successful update, while “Pending Nameserver Update” indicates an ongoing process.
Installing Cloudflared on Your Local Server
With your domain name linked to Cloudflare, proceed to the Zero Trust dashboard: Site Name -> Access -> Launch Zero Trust.
Access your local server via SSH or directly on your desktop.
Software Installation
- Update your server’s packages:
sudo apt update && sudo apt upgrade -y
- Install essential packages:
sudo apt install -y curl lsb-release
Adding the Cloudflare Repository
- Retrieve the Cloudflared repository’s GPG key and save it to your server:
curl -L https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-archive-keyring.gpg >/dev/null
This GPG key is vital for package verification.
- Add the Cloudflared repository to your local server:
echo “deb [signed-by=/usr/share/keyrings/cloudflare-archive-keyring.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main” | sudo tee /etc/apt/sources.list.d/cloudflared.list
- Update the package list cache after adding the repository:
sudo apt update
Installing Cloudflared
- Install the Cloudflared package on your server:
sudo apt install -y cloudflared
Cloudflare Tunnel Setup
With your local server prepared, it’s time to set up the Cloudflare tunnel for routing your traffic.
Authentication
- Establish a connection between your server and the Cloudflare service:
cloudflared tunnel login
Keep Cloudflared running during this process.
A URL will be displayed in your terminal. Open this URL in your browser and log in to your Cloudflare account.
A confirmation message indicating successful authentication will appear.
Tunnel Creation
- Create a Cloudflare tunnel on your server:
cloudflared tunnel create mytunnel (Replace “mytunnel” with your preferred tunnel name)
- Note the displayed tunnel ID, as it will be needed later.
Confirm tunnel creation:
cloudflared tunnel list
Domain Name Routing
- Assign a Cloudflare domain name to your tunnel:
cloudflared tunnel route dns mytunnel your-domain-name.com (Replace “mytunnel” and “your-domain-name.com” with the appropriate values)
- A confirmation message will appear indicating the creation of a CNAME record pointing to your tunnel.
Access your Cloudflare website’s DNS settings and create two more CNAME records: one for the Koha Staff interface (e.g., koha-admin) and one for the OPAC interface (e.g., koha-opac). Use the same target as the initially created DNS record.
Local Server Port Forwarding
Retrieve your tunnel ID:
cloudflared tunnel list
Edit the Cloudflared configuration file, replacing “XXXX” with your tunnel ID:
sudo nano ~/.cloudflared/config.yml
Add the following configuration, adjusting port numbers to match your Koha setup:
tunnel: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX credentials-file: /home/mahesh/.cloudflared/XXXXXXXXX.json ingress: ** # Rules for Koha Staff Interface:** ** - hostname: koha-admin.your-domain-name.com** ** service: http://localhost:8080** ** # Rules for Koha OPAC Interface:** ** - hostname: koha-opac.your-domain-name.com** ** service: http://localhost:80** ** - service: http_status:404**
Save the configuration file.
Install Cloudflared as a service:
sudo cloudflared –config ~/.cloudflared/config.yml service install
Enable the Cloudflared tunnel service to start on server boot:
sudo systemctl enable cloudflared
Start the tunnel:
sudo systemctl start cloudflared
Restart the Tunnel:
cloudflared tunnel run mytunnel
Test access by visiting your subdomains in a web browser:
koha-admin.your-domain-name.com koha-opac.your-domain-name.com
References: