← Back to Home ☕ Buy Me a Coffee

cloudflared

Cloudflared is Cloudflare’s lightweight command‑line client that creates secure tunnels between your local services and the Cloudflare network, allowing you to expose applications without opening public ports. It’s the tool behind Cloudflare Tunnel, often used to safely publish web apps, APIs, or even SSH access through Cloudflare’s edge

Features

Secure tunnel creation: Connects your Pi, server, or app directly to Cloudflare without exposing its IP.
Zero Trust access: Integrates with Cloudflare Access to enforce identity and device policies.
Local development: Lets you share a dev server (e.g., localhost:3000) with a public URL instantly.
Service proxying: Works as a reverse proxy for HTTP, TCP, and UDP traffic.
DNS management: Can run as a DNS over HTTPS (DoH) proxy.
Metrics and logging: Provides detailed logs and monitoring for tunnel health.

Overview

Since I installed Kaunta on my pi and my Ugreen NAS, I had to find a way to route the appropriate traffic to the correct system. Since I use Cloudflare for my DNS services, I setup a tunnel to my Pi and my Ugreen NAS. This guide walks through how to setup the tunnels and how to configure Kaunta to use them. This guide is assuming we're setting this up for the Pi. It's the same for any other system.

🚀 Docker Installation Steps

This guide assumes that you already have docker installed. If not, you can look at my other guides to see how to do it. I also assume that you have your website setup in Cloudflare and have an A record configured.

📁 Setup Cloudflare

Browse to https://cloudflare.com
In the Quick Search box, type in tunnel and click on Zero Trust | Networks | Tunnels. This will open https://one.dash.cloudflare.com
On the left hand menu, click on Networks and then on Connectors
When the Connectors page loads, click on Create a tunnel
Now click on Select Cloudflared. Give your tunnel a name (Ex. kauntapi) and click on Save tunnel
Click on Docker and copy the code snippet. It will look like this: docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token CLOUDFLARE_TOKEN where CLOUDFLARE_TOKEN is a very long string. You will need this later so save it. At the bottom of the screen, you'll see a message that says No Conectors Installed and Searching for Connectors flashing back and forth.
ssh to your Raspberry PI, paste that command in, and hit enter
After a few seconds, back on the one.dash.cloudflare.com screen, you'll see, at the bottom, Connectors. Click on Next
Fill in your Domain (for me it's dockerplaybooks.dpdns.org), Type (I use HTTPS) and URL (I use kaunta:3106 since I publish Kaunta over port 3106).
You should now see your tunnel with a Connector ID and a Tunnel ID. I will refer to this Tunnel ID as TUNNEL_ID in the rest of this guide.
Browse to https://cloudflare.com
In the left hand menu, click on DNS and then Records. You should see your A record there.
Click on Add record
Set Type to CNAME, give it a Name (I used kauntapi), and a Target (this is TUNNEL_ID.cfargotunnel.com). Proxy Status should be Proxied and TTL should be Auto
Click on Save

Setup cloudflared on your Raspberry PI

Make a directory for cloudflared: mkdir ~/docker/kaunta/cloudflared and create ~/docker/kaunta/cloudflared/config.yml

tunnel: TUNNEL_ID
credentials-file: /home/nonroot/.cloudflared/TUNNEL_ID.json
ingress:
  - hostname: kauntapi.dockerplaybooks.dpdns.org
    service: http://kaunta:3106
  - service: http_status:404

🧾 Docker Compose File

Assuming that you used my guide to setup Kaunta, edit the docker-compose.yml file in ~/docker/kaunta and add the cloudflared block at the bottom.

services:
  db:
    image: postgres:18-alpine
    container_name: kaunta-db
    hostname: kaunta-db
    security_opt:
      - no-new-privileges:false
    healthcheck:
      test: ["CMD", "pg_isready", "-q", "-d", "kaunta", "-U", "jrmckins"]
      timeout: 45s
      interval: 10s
      retries: 10
    environment:
      POSTGRES_DB: kaunta
      POSTGRES_USER: jrmckins
      POSTGRES_PASSWORD: Mcjim011
    volumes:
     - ./kauntadb:/var/lib/postgresql/data
    restart: on-failure:5

  kaunta:
    image: kaunta:pi
    container_name: kaunta
    healthcheck:
      test: ["CMD-SHELL", "nc -z 127.0.0.1 3106 || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 90s
    environment:
      PORT: 3106
    volumes:
      - data:/data
    ports:
      - "3106:3106"
    depends_on:
      db:
        condition: service_healthy
    restart: on-failure:5
  cloudflared: 
    image: cloudflare/cloudflared:latest
    container_name: cloudflared
    command: tunnel --no-autoupdate run --token CLOUDFLARE_TOKEN  #This is from step 4
    volumes:
      - ./cloudflared/config.yml:/etc/cloudflared/config.yml:ro
      - ./cloudflared:/home/nonroot/.cloudflared
    restart: unless-stopped

volumes:
  kauntadb:
  data:

▶️ Start Kaunta and cloudflared

From within ~/docker/kaunta run:

docker compose up -d

📜 View Logs

View logs for kaunta

docker logs kaunta

View logs for kaunta-db

docker logs kaunta-db

View logs for cloudflared

docker logs cloudflared

Setup the database

Add the tracker snippet to HTML

This is the snippet that you'll need to add after <head> in all your html files for your website.

<!-- Kaunta tracking script -->
<script async defer
  data-website-id="WEBSITE ID"
  src="https://kauntapi.your_website.com/k.js">
</script>

The easiest way to do this is to cd to the main directory for your website and run this

cd /home/your_id/your_website
find . -name "*.html" -exec sed -i '' '/<head>/a\
<!-- Kaunta tracking script -->\
<script async defer\
  data-website-id="WEBSITE ID"\
  src="https://kauntapi.your_website.com/k.js">\
</script>' {} +

This finds all your html files in /home/your_id/your_website and inserts the snippet after the <head> tag in each one.

🌐 Access Web Interface

Open your browser and go to https://kauntapi.dockerplaybooks.dpdns.org

If you find my content useful, please consider supporting this page:

☕ Buy Me a Coffee