Setting Up Cloudflare Tunnels on Umbrel

Guides
1

These steps have been updated further below with an in-depth walkthrough click here or scroll down to the next post

_______________________________________________________________

pre-requsites:
- have a cloudflare account
- have a domain name
- added to your cloudflare account
- with nameservers pointed at cloudflare

ssh into your umbrel

ssh umbrel@umbrel.local
(password is same as you use to log into umbrel)

run these commands to install the cloudflare tunnel daemon

sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt-get update
sudo apt-get install cloudflared
cloudflared tunnel login
(it will give you a url starting with https://dash.cloudflare.com, copy and paste that into your browser)

in your web browser

paste the url from the last step
when prompted, select the domain name you want to use
now, go to dash.teams.cloudflare.com
left navigation -> access -> tunnels -> create a tunnel
give it a name, "Umbrel" ? or whatever and click create
choose "Debian" under "Choose your environment"
copy the text under "If you already have cloudflared installed on your machine:", starts with sudo cloudflared service install ....

back in your terminal

paste the command we copied from the last step and run it

back in your web browser

click "Next"
now, set up a forwarding rule.
under "Public hostname" set
    enter a subdomain, say "mempool"
    choose the domain name we selected previously
under "Service" set
    type HTTP
    URL should be localhost:3003 (same port that you see in your address bar when using the umbrel app in your web browser locally)
click Save Hostname

All done, you should now be able to access the subdomain we set up in the last step.

4 Likes
2

Interesting. What would be the reasons for doing this?

3

Say you’re running BTCPayServer on your Umbrel and want to use it to collect payment in Bitcoin for a product sold on your e-commerce website. You’ll need to get BTCPayServer exposed to the public internet. Cloudflare tunnels works around NAT so you don’t have to do any port forwarding. It also handles TLS and gives you always up to date certificates.

2 Likes
5

This has been a great post by x11r0n and I want to iron out some of the steps with helpful screenshots!

Pre-requsites:

A Cloudflare account
Go to https://www.cloudflare.com/ and click Sign Up!

A domain name
Choose your domain registrar and signup for a domain!

Step 1: Add your domain to your cloudflare account

Go to https://dash.cloudflare.com/ and click “Add a site”

image
image932Ă—98 3.8 KB

  • Have your nameservers pointed at cloudflare,

  • In your Cloudflare dashboard after you click on your added website go to the far right > DNS Settings
    image

Then scroll down to find your nameservers:

image

This is for your domain’s nameserver settings so go to your chosen domain provider > DNS settings > Nameservers and enter in your Cloudflare Nameservers there (yours might be different from above), for GoDaddy that’s how this looks:

image
image1100Ă—324 6.48 KB

Step 2: Now we can SSH into your Umbrel and install the Cloudflare tunnel:
You can reference the FAQ under How to SSH here

After you’ve SSH’d to run these commands to install the cloudflare tunnel daemon, you’ll need to run each line one by one:

sudo mkdir -p --mode=0755 /usr/share/keyrings

curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list

sudo apt-get update

sudo apt-get install cloudflared

cloudflared tunnel login

Running each command should look something like this, except as opposed to already installed, you’ll see installed successfully:

image
image1091Ă—418 19 KB

Then the output of this last command will display a URL in the terminal window starting with https://dash.cloudflare.com

Copy the output you get after you run the last command:
cluodflared tunnel login
and paste that it into your web browser

Step 3: Create the tunnel!

After you paste URL from the last step it will take you to your Zero Trust page on Cloudflare, when prompted, select the domain name you want to use! It will be the only thing you can click on in the middle.

Now, go to https://dash.teams.cloudflare.com
Then click on your domain on this page to open its settings,

On the left click Access > Tunnels > Create a Tunnel:

image

Give it a name, “Umbrel” or whatever you’d like, the tunnel name can be anything:
image

Click Save tunnel on the bottom right

Then choose “Debian” under “Choose your environment”
Like so:

image
image935Ă—239 10.7 KB

Under this copy the text on the right under “If you already have cloudflared installed on your machine:”

1
11012Ă—240 16.4 KB

Paste that text back in your terminal from the last step, and then hit enter to run it

Back in your web browser click “Next” or you can navigate to the next Public Hostname tab,

Now, we will set up the forwarding rule.

image

Under “Public hostname” enter a subdomain, you can make this anything you want,

Choose the domain name we selected previously

Under “Service” the details are:
Type: HTTP
URL should be localhost:3003
(This is the same port that you see in your address bar when using the Umbrel App in your web browser locally)

Click Save Hostname

Here is an example of that screen:

image
image1066Ă—310 10.7 KB

All done! You should now be able to access the subdomain we set up in the last step.

You can see it’s working if its status is “Healthy”

image

You can now manage your BTCPay Server via your web link, creating your store there or from within your Umbrel app and edit its settings. Then you can provide your store’s web link direct to your consumers or embed it in any other website.

Let us know here in a post if you have any issue or in our Telegram Help and Support Channel!

2 Likes
6

yoo so I followed these instructions but unfortunately BTCPay Server gives an error "You cannot login over an insecure connection. Please use HTTPS or Tor.
" when setting up in WooCommerce if you use HTTP. Apparently HTTPS is required.

Changing to HTTPS in Cloudflare tunnel settings breaks the connection and it’s a bad gateway.

What do you do in this situation? I feel like the tunnel needs to be deleted from Umbrel and reinstalled with HTTPS.

7

From what I’ve read on it. Umbrel does not yet support https. If you are curious there is a post on this forum that touches on it. I wont go into it here as I did in the other post but it would be beyond useful if the devs got this figured out as in my opinion Umbrel could not possibly leave beta until this is done as alot of the apps are functionally broken (ie. Nextcloud, Vaultwarden, etc.)

Here is the discussion about https on Umbrel:
How can I turn on https?