There’s often a need to host a website, be it a personal blog, a test project, or a small service, directly on a home computer. This is convenient, economical, and provides full control. However, many face the problem of not having a “white” (public) IP address from their internet provider, making direct external access virtually impossible. And even if they do, it’s often dynamic, requiring constant updates via DDNS.

Don’t worry! Today, we’ll dive into the world of network technologies and show you how to overcome this limitation and publish your website online using a powerful and free tool from Cloudflare – Cloudflare Tunnel (formerly known as Argo Tunnel). You won’t need a white IP, port forwarding on your router, or other complex configurations!

What is Cloudflare Tunnel and How Does It Work?

Cloudflare Tunnel is a secure and elegant way to connect your local web server to the global Cloudflare network without needing to open incoming ports on your router. It creates an encrypted outbound tunnel between your home computer and the nearest Cloudflare server. All incoming traffic to your website will pass through Cloudflare’s infrastructure, providing you with many benefits: from their CDN and caching to DDoS protection and a free SSL/TLS certificate.

How it works “under the hood”:

1. You install a small utility called cloudflared on your Linux computer.
2. cloudflared establishes an outbound HTTPS connection to the nearest Cloudflare server, creating a persistent tunnel.
3. When someone requests your website via its domain name, Cloudflare directs that request through the established tunnel to your local web server.
4. Your web server processes the request and sends the response back through the same tunnel, and Cloudflare delivers it to the user.

Sounds great, doesn’t it? Let’s get started!

What You’ll Need

1. A Domain Name: This is a mandatory requirement. You can buy one from any registrar or get a free domain (e.g., through Freenom, but be aware of their potential limitations).
2. A Cloudflare Account: A free plan is perfectly sufficient for most tasks.
3. A Web Server Installed on Your Linux Computer: This can be Nginx, Apache, Caddy, a Node.js server, Python Simple HTTP Server, or any other that can listen for HTTP requests on a local port (e.g., 80, 8000, 3000, etc.).
4. A Linux computer to host your website.

Part 1: Domain Preparation and Cloudflared Installation

This section covers the initial steps for integrating your domain with Cloudflare and installing the necessary software.

Step 1: Add Your Domain to Cloudflare

If your domain isn’t already managed by Cloudflare, this is the first and most crucial step:

1. Log in to your Cloudflare account.
2. Click “Add a Site.”
3. Enter your domain name and select the Free plan.
4. Cloudflare will scan your current DNS records. After this, you’ll be prompted to change your domain’s nameservers to the ones Cloudflare provides (e.g., xxx.ns.cloudflare.com and yyy.ns.cloudflare.com). This is a critical point – without it, Cloudflare cannot manage your domain name. You’ll find instructions on how to change nameservers with your domain registrar.

After updating the nameservers, wait some time (from a few minutes to several hours) for the changes to propagate across the internet. Your domain’s status in Cloudflare should change to “Active.”

Step 2: Install cloudflared on Your Linux Computer

Cloudflare strongly recommends using their official repository to install cloudflared. This ensures you always have the most up-to-date version of the utility and can receive automatic updates.

1. Add the Cloudflare GPG key:

   sudo mkdir -p --mode=0755 /usr/share/keyrings
   curl -fsSL [https://pkg.cloudflare.com/cloudflare-main.gpg](https://pkg.cloudflare.com/cloudflare-main.gpg) | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
   

2. Add the Cloudflare repository to your system:

   • For Debian/Ubuntu and derivatives (using apt):

     echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] [https://pkg.cloudflare.com/cloudflared](https://pkg.cloudflare.com/cloudflared) stable main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
     

   • For CentOS/RHEL/Fedora and derivatives (using yum/dnf):

     echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] [https://pkg.cloudflare.com/cloudflared](https://pkg.cloudflare.com/cloudflared) stable main' | sudo tee /etc/yum.repos.d/cloudflared.repo
     

3. Update your package list and install cloudflared:

   • For Debian/Ubuntu:

     sudo apt update
     sudo apt install cloudflared
     

   • For CentOS/RHEL/Fedora:

     sudo yum install cloudflared
     # Or for Fedora: sudo dnf install cloudflared
     

After installation, you can quickly verify that cloudflared is installed and accessible by running:

cloudflared --version

Step 3: Authenticate cloudflared with Your Cloudflare Account

Now you need to link the installed cloudflared utility to your Cloudflare account. Open a terminal on your Linux computer and execute:

cloudflared tunnel login

This command will automatically open a web browser. You’ll need to log in to your Cloudflare account and select the domain for which you are creating the tunnel. Upon successful authentication, you’ll see a message indicating that the certificate has been successfully saved in your home directory (usually in /root/.cloudflared/cert.pem or /home/youruser/.cloudflared/cert.pem). This certificate is used to authenticate your cloudflared agent with Cloudflare.

Part 2: Creating and Configuring the Cloudflare Tunnel

In this phase, we’ll create the tunnel itself and configure its routing.

Step 4: Create a Cloudflare Tunnel

It’s time to create your first tunnel! Choose a unique and memorable name for it, for example, my-website-tunnel.

cloudflared tunnel create my-website-tunnel

In response, you’ll receive your tunnel’s UUID (a long string like a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6) and the path to its credentials file (e.g., /root/.cloudflared/a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6.json). Make sure to save this UUID and file path, as we’ll need them in the next step.

Step 5: Configure the Tunnel (config.yml file)

Now, let’s create a configuration file for our tunnel that will define how Cloudflare should direct traffic to your local web server. Cloudflare recommends placing this file in the /etc/cloudflared/ directory.

Create a file named config.yml (or any other name with a .yml extension):

sudo nano /etc/cloudflared/config.yml

Example content for config.yml:

tunnel: <your_tunnel_UUID>
credentials-file: /root/.cloudflared/<your_tunnel_UUID>.json # Specify the full path to the JSON file from Step 4

ingress:
  - hostname: your-domain.com # Replace with your domain, e.g., myblog.ru
    service: http://localhost:80 # The port your web server listens on locally
  - hostname: [www.your-domain.com](https://www.your-domain.com) # If you want it to work with www, e.g., www.myblog.ru
    service: http://localhost:80
  - service: http_status:404 # Mandatory rule to catch all other requests

Explanation of config.yml:

• tunnel: This is the UUID you received in the previous step.
• credentials-file: The full path to the JSON file containing the tunnel’s credentials. Double-check and specify the correct path to this file on your system.
• ingress: This is an array of rules that define how Cloudflare will route incoming requests. Rules are processed from top to bottom.
  • hostname: The domain name (or subdomain) to which this rule applies.
  • service: The address of your local web server and the port it’s listening on. For example, if your web server listens on port 3000, change it to http://localhost:3000.
  • service: http_status:404: This is the mandatory last rule in the list. It ensures that any request not matching the preceding hostname rules will receive an HTTP 404 (Not Found) error, preventing potential unwanted access.

After editing, save and close the file (for nano: Ctrl+O, Enter, then Ctrl+X).

Step 6: Configure DNS Records in Cloudflare for the Tunnel

For Cloudflare to know that your domain should use the created tunnel, you need to create a special CNAME DNS record.

1. Go to the “DNS” section of your domain in the Cloudflare management console.
2. Click the “Add record” button.
3. Select record type: CNAME.
4. In the “Name” field, enter:
   • @ – for the root domain (e.g., your-domain.com).
   • www – for the www subdomain (e.g., www.your-domain.com).
5. In the “Target” field, enter: <your_tunnel_UUID>.cfargotunnel.com.
   • Important: Replace <your_tunnel_UUID> with the actual UUID obtained in Step 4.
6. Ensure the “Proxy status” icon is orange (Full Proxy) – this means traffic will flow through Cloudflare.
7. Click “Save.”

Repeat this step for the www subdomain if you want your site to be accessible via both www.your-domain.com and your-domain.com.

Part 3: Starting and Verifying the Tunnel

The final steps involve starting cloudflared as a system service and verifying its operation.

Step 7: Start the Tunnel as a System Service

Cloudflare recommends running cloudflared as a system service (systemd for most modern Linux systems). This ensures it automatically starts on system boot and runs reliably in the background.

In your terminal, execute the following command:

sudo cloudflared tunnel service install

This command will install cloudflared as a system service, using the configuration file you created in /etc/cloudflared/config.yml.

After installation, you can manage the service using standard systemctl commands:

sudo systemctl start cloudflared     # Start the tunnel
sudo systemctl status cloudflared    # Check the current tunnel status
sudo systemctl enable cloudflared    # Enable the tunnel to start automatically on system boot
sudo systemctl stop cloudflared      # Stop the tunnel
sudo systemctl restart cloudflared   # Restart the tunnel (useful after changes in config.yml)

Step 8: Verify Operation!

Everything’s set up! Your local web server should be running, cloudflared should be operating as a service, and your DNS records in Cloudflare should point to your tunnel.

Open a web browser and enter your domain name (e.g., your-domain.com). If all steps were followed correctly, you should see your website, running directly from your home Linux computer!

Important Notes and Recommendations

• Local Web Server: Ensure your web server on the Linux machine is running and listening on the port specified in config.yml. For example, if you’re using Python for quick testing: python3 -m http.server 8000 and configure service: http://localhost:8000 in the config.
• Security: Cloudflare Tunnel significantly enhances security by eliminating the need to open ports. However, always ensure the security of your Linux server itself.
• Monitoring: Cloudflare provides basic traffic statistics. For more detailed monitoring of your local server, use standard Linux tools (htop, netstat, web server logs).
• Internet Speed: Your website’s performance will, of course, depend on the upload speed of your home internet connection. Cloudflare CDN will help cache static content, but dynamic requests will pass through the tunnel.

I hope this detailed guide helped you understand the process of publishing your own website from a home Linux computer via Cloudflare Tunnel. This opens up a world of possibilities for personal projects, testing, and even small commercial websites.

If you have any questions, feel free to ask them in the comments!