Setting Up Cloudflare Tunnels on Umbrel

- have a cloudflare account
- have a domain name
- added to your cloudflare account
- with nameservers pointed at cloudflare

ssh into your umbrel

ssh umbrel@umbrel.local
(password is same as you use to log into umbrel)

run these commands to install the cloudflare tunnel daemon

sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt-get update
sudo apt-get install cloudflared
cloudflared tunnel login
(it will give you a url starting with, copy and paste that into your browser)

in your web browser

paste the url from the last step
when prompted, select the domain name you want to use
now, go to
left navigation -> access -> tunnels -> create a tunnel
give it a name, "Umbrel" ? or whatever and click create
choose "Debian" under "Choose your environment"
copy the text under "If you already have cloudflared installed on your machine:", starts with sudo cloudflared service install ....

back in your terminal

paste the command we copied from the last step and run it

back in your web browser

click "Next"
now, set up a forwarding rule.
under "Public hostname" set
    enter a subdomain, say "mempool"
    choose the domain name we selected previously
under "Service" set
    type HTTP
    URL should be localhost:3006 (same port that you see in your address bar when using the umbrel app in your web browser locally)
click Save Hostname

All done, you should now be able to access the subdomain we set up in the last step.


Interesting. What would be the reasons for doing this?

Say you’re running BTCPayServer on your Umbrel and want to use it to collect payment in Bitcoin for a product sold on your e-commerce website. You’ll need to get BTCPayServer exposed to the public internet. Cloudflare tunnels works around NAT so you don’t have to do any port forwarding. It also handles TLS and gives you always up to date certificates.