If you are running a local server at your home on an old laptop or PC—such as a Plex Media server, a file server, a web server, or any other server—you can expose it to the internet by using the port forwarding option in your router. However, it’s neither secure nor recommended to access a server that way in a production environment.
We will show you how to expose your local servers securely with an HTTPS connection to the internet using the free Cloudflare Tunnel service—without disclosing your public IP.
What is Cloudflare Tunnel?
Cloudflare Tunnel, formerly known as Argo Tunnel, helps users to securely expose their resources, such as local servers, to the internet without a public IP address or having to enable port forwarding in the router. When you set up a Cloudlfare Tunnel in your Windows, macOS, or Linux system, a lightweight tunneling daemon (cloudflared) is installed and sits between your resource (local server) and the Cloudflare network. With Cloudflare Tunnel, you can safely expose and connect any local HTTP web servers, remote desktops, SSH servers, or various other protocols to the internet.
Below, our stepwise instructions show how to set up the cloudflared tunneling daemon on Windows, macOS, Linux, and Raspberry Pi for exposing local servers to the internet.
Before You Begin
To install and set up the cloudflared tunneling daemon on your system, you need to fulfill these prerequisites:
- Register a domain name. You can either purchase one from the service providers, such as GoDaddy, or you may get a free domain from freenom.com.
- After registering the domain name, create a Cloudflare account and add your domain—see Cloudflare setup.
- Then change or update the domain nameservers to the Cloudflare nameservers—see the Cloudflare documentation. This setting is available on the portal from where you registered or purchased the domain.
Once these requirements are met, you can follow the steps below to set up the Cloudflare Tunnel on your Windows, macOS, Linux, or Raspberry Pi computer.
Install Cloudflare Tunnel on Windows
Setting up Cloudflare Tunnel on a Windows system requires you to install a lightweight server-side daemon. Go the cloudflared releases page and download the correct version for your version of Windows:
- 32-bit Windows: cloudflared-windows-386.exe
- 64-bit Windows: cloudflared-windows-amd64.exe
After downloading the cloudflared daemon setup, go to the folder where the setup is located and rename the file to cloudflared.exe. Then open the Command Prompt and navigate to the location where the cloudflared daemon is located using the cd command. For instance:
cd C:\Users\Ravi Singh\Downloads\Programs
Then run the following commands to check the version and install the latest update.
If you see an output as shown in the screenshot below, you are good to go.
You must check for cloudflared updates every once in a while, to keep the setup updated and avoid connectivity issues.
Install Cloudflare Tunnel on macOS
On macOS, you can use the Terminal app to download and install the cloudflared daemon and then use commands to create a secure tunnel and expose local servers to the internet.
To download cloudflared, run the following command in the Terminal:
brew install cloudflare/cloudflare/cloudflared
Alternatively, you may run this command to download cloudflared:
brew install cloudflared
Install Cloudflare Tunnel on Linux
Based on the Linux operating system you are using, download the cloudflared package. Then open the Terminal app, navigate to the location where the package is downloaded, and install it. Alternatively, depending on your Linux distro, you can use one of the following commands to download and install cloudflared.
wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && dpkg -i cloudflared-linux-amd64.deb
wget -q https:
On Arch Linux, use the pacman tool to install cloudflared.
pacman -Syu cloudflared
Install Cloudflared Tunnel on Raspberry Pi
There’s no official cloudflared build or repository for Raspberry Pi Zero, 2, 3, or 4. However, you can install and use the ARMv6 unofficial builds for Raspberry Pi to set up the cloudlfared tunnel in Raspberry Pi OS. We have already covered a few tutorials, such as the self-hosted BitWarden password manager on Raspberry Pi Zero, where we have used the unofficial builds to expose our local servers to the internet with an HTTPS connection via a Cloudflare Tunnel.
To install cloudflared on Raspberry Pi OS Bullseye (or another version), run the following command in the Terminal.
sudo wget https:
sudo tar -xvzf cloudflared_2022.8.2_arm.tar.gz
sudo cp ./cloudflared /usr/local/bin
sudo chmod +x /usr/local/bin/cloudflared
To check for the latest unofficial versions for Raspberry Pi, check out the ARMv6 builds page.
Create and Set Up a Cloudflare Tunnel
Once the cloudflared daemon is downloaded and installed on your Windows, macOS, Linux, or Raspberry Pi, you can create a Cloudflare Tunnel by using the following command in the Terminal app or Command Prompt:
On Windows, macOS, or Linux, this will open the Cloudflare login page in your default web browser. If the browser window does not open automatically, copy the URL displayed in the command output and then paste it into the web browser and log in to your Cloudflare account.
Once logged in, select the domain you added to the Cloudlfare account and click Authorize.
Once authorized, you will see the “You have successfully logged in…” message. It will also generate a cert.pem file and store it in the default cloudflared directory location:
- Windows: %USERPROFILE%\.cloudflared
- macOS: ~/.cloudflared
- Linux: /etc/cloudflared,
- Raspberry Pi: /usr/local/etc/cloudflared
Next, we need to create a tunnel by using the following command:
cloudflared tunnel create <YourTunnelName>
You can name your tunnel whatever you like. For instance, we hosted a WordPress site on an old laptop and used the site name as the tunnel name; this makes it easy to remember.
The command will create a tunnel and also a JSON file with a unique alphanumeric tunnel UUID. Copy the JSON file path and tunnel UUID, paste it in a Notepad or Notes List, and keep it safe as we will need these to create a configuration file.
To create the configuration file in macOS, Linux, or Raspberry Pi OS, run the following command,
sudo nano ~/.cloudflared/config.yml
In the editor, paste the following code.
- hostname: myhome.smartghar.org
- service: http_status:404
Make sure to replace the TunnelUUID and the JSON file path in the credentials-file code line. Press CTRL + X or Command + X (macOS) and then the Y key followed by Enter to save the changes in the config.yml file.
On Windows, you can use File Explorer and navigate to the following location:
Then right-click, select New > Text Document, and paste the aforementioned block of code.
Click View in the File Explorer and enable the File name extensions option.
Then edit the text document named config.yml.
You can add multiple hostnames and services in the configuration file to access them via the internet via a Cloudlfare Tunnel. Simply, copy the first two lines below the ingress: code line and paste them before the -service: http_status:404. Replace the hostname and the local server IPs to forward the traffic from the internet to the particular local server. See an example below.
An example for multiple hostnames and services:
- hostname: myhome.smartghar.org
- hostname: plex.smartghar.org
- service: http_status:404
Save the changes and then create the CNAME records in Cloudflare DNS using the following command.
cloudflared tunnel route dns <TunnelName> <hostname>
cloudflared tunnel route dns smartghar myhome.smartghar.org
Once the CNAME is added, you can start the tunnel to access your local server via the internet using the hostname you assigned.
cloudflared tunnel run <TunnelName>
If you see a similar output as in the screenshot above, the tunnel has started successfully. You can now open the web browser on any device connected to the internet and visit the hostname. For this case, it’s myhome.smartghar.org.
Since we want the hostname to load our router configuration page, we added the IP 192.168.0.1, which otherwise was only accessible via the local network.
You must enable the SSL/TLS option to Flexible or Full (whichever works for you) to enable a secure HTTPS connection with your local instance.
With Cloudlfare Tunnel, you can access any server setup in your home via the internet for free. You can use this service to host a website on a local system and test it before deploying it on a web server or allowing access to the public. You can also use it to securely access your local smart home running on Home Assistant or any other server via the internet.
We have set up the Cloudflare Tunnel service on a Raspberry Pi Zero W, which has a smaller footprint, consumes less power, and works perfectly fine, allowing us to access all our local servers remotely.