Cloudflared

Cloudflare Tunnel Setup

Complete guide for setting up Cloudflare Tunnel to securely expose the Klinik Gunung application to the internet

Cloudflare Tunnel Setup

This guide explains how to use Cloudflare Tunnel (formerly Cloudflare Argo Tunnel) to securely expose the Klinik Gunung Health Screening System to the internet without opening ports on your server.

What is Cloudflare Tunnel?

Cloudflare Tunnel creates a secure, outbound-only connection between your server and Cloudflare's edge network. This allows you to:

Expose local services to the internet securely
Avoid opening inbound ports on your firewall
Get automatic HTTPS certificates
Access your application from anywhere with a custom domain

Prerequisites

Before setting up Cloudflare Tunnel, ensure you have:

A Cloudflare account
A domain managed by Cloudflare
SSH access to your server
The application running locally (e.g., on localhost:3000 for frontend, localhost:8000 for backend)

Installation

Step 1: Install cloudflared

Ubuntu/Debian

# Add Cloudflare's GPG key
curl -L https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-archive-keyring.gpg >/dev/null

# Add Cloudflare's repository
echo "deb [signed-by=/usr/share/keyrings/cloudflare-archive-keyring.gpg] https://pkg.cloudflare.com/cloudflared jammy main" | sudo tee /etc/apt/sources.list.d/cloudflared.list

# Update package list and install
sudo apt-get update
sudo apt-get install cloudflared

CentOS/RHEL

# Add repository
sudo rpm -ivh https://pkg.cloudflare.com/cloudflared-ascii.repo

# Install cloudflared
sudo yum install cloudflared

Manual Installation (any Linux)

# Download the latest release
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb

# Install the package
sudo dpkg -i cloudflared-linux-amd64.deb

Verify Installation

cloudflared version

Step 2: Authenticate with Cloudflare

cloudflared tunnel login

This command will:

Open your browser to Cloudflare's login page
Prompt you to select your domain
Create a certificate at ~/.cloudflared/cert.pem

Creating a Tunnel

Step 1: Create a Tunnel

cloudflared tunnel create <tunnel-name>

Example:

cloudflared tunnel create klinik-gunung-prod

Step 2: List Your Tunnels

cloudflared tunnel list

This will show your tunnel ID, which you'll need for the next steps.

Step 3: Configure DNS

Create a CNAME record in Cloudflare DNS pointing to your tunnel:

Type: CNAME
Name: app (or your preferred subdomain)
Target: <tunnel-id>.cfargotunnel.com
TTL: Auto
Proxy status: Proxied (orange cloud)

Example:

Type: CNAME
Name: app.klinikgunung.com
Target: abc12345-6789-0123-4567-890123456789.cfargotunnel.com

Running the Tunnel

Method 1: Quick Start (Development)

For development or testing:

cloudflared tunnel --url localhost:8000 run <tunnel-name>

This will start the tunnel and expose localhost:8000 at your configured domain.

Method 2: Configuration File (Production)

Create a configuration file for better control:

nano ~/.cloudflared/config.yaml

Example configuration:

tunnel: klinik-gunung-prod
credentials-file: /root/.cloudflared/<tunnel-id>.json

ingress:
  # Frontend (Next.js)
  - hostname: app.klinikgunung.com
    service: http://localhost:3000
  # Backend API
  - hostname: api.klinikgunung.com
    service: http://localhost:8000
  # Catch-all rule
  - service: http_status:404

Step 3: Run with Configuration

cloudflared tunnel run klinik-gunung-prod

Running as a Service (Production)

Create Systemd Service

sudo nano /etc/systemd/system/cloudflared.service

Service file content:

[Unit]
Description=Cloudflare Tunnel
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/cloudflared tunnel run klinik-gunung-prod
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

Enable and Start Service

# Reload systemd
sudo systemctl daemon-reload

# Enable service to start on boot
sudo systemctl enable cloudflared

# Start the service
sudo systemctl start cloudflared

# Check status
sudo systemctl status cloudflared

Multiple Services Configuration

If you need to expose multiple services, update your config.yaml:

tunnel: klinik-gunung-prod
credentials-file: /root/.cloudflared/<tunnel-id>.json

ingress:
  # Frontend
  - hostname: app.klinikgunung.com
    service: http://localhost:3000
    originRequest:
      noTLSVerify: false
  # Backend API
  - hostname: api.klinikgunung.com
    service: http://localhost:8000
    originRequest:
      noTLSVerify: false
  # Admin Panel (if separate)
  - hostname: admin.klinikgunung.com
    service: http://localhost:3001
  # Catch-all
  - service: http_status:404

Security Considerations

HTTPS Only

Cloudflare Tunnel automatically provides HTTPS certificates. Always access your application via https://.

Access Restrictions

Consider implementing additional security:

Cloudflare Access: Restrict access to specific email domains
IP Whitelisting: Limit access to specific IP ranges
Authentication: Implement application-level authentication

Firewall Configuration

Since tunnels are outbound-only, you can keep your firewall restrictive:

No inbound ports need to be opened
Only outbound connections to Cloudflare are required

Monitoring and Troubleshooting

Check Tunnel Status

# Check if tunnel is running
cloudflared tunnel list

# View tunnel logs
journalctl -u cloudflared -f

Common Issues

Tunnel Not Connecting

# Check credentials file exists
ls -la ~/.cloudflared/

# Test tunnel manually
cloudflared tunnel ping <tunnel-name>

DNS Issues

Ensure CNAME record is properly configured
Wait for DNS propagation (can take up to 5 minutes)
Check Cloudflare DNS settings

Certificate Issues

# Re-authenticate if needed
cloudflared tunnel login

Logs and Debugging

Enable verbose logging:

cloudflared tunnel --loglevel debug run <tunnel-name>

Updating Cloudflared

# Update package
sudo apt-get update && sudo apt-get upgrade cloudflared

# Or download latest binary
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
chmod +x cloudflared-linux-amd64
sudo mv cloudflared-linux-amd64 /usr/local/bin/cloudflared

Cost Considerations

Free Tier: Includes 50,000 requests per month
Paid Plans: Additional requests and features available
No bandwidth charges: Only request-based pricing

Alternatives

If Cloudflare Tunnel doesn't meet your needs, consider:

Ngrok: Similar service with paid plans
LocalTunnel: Open-source alternative
Serveo: SSH-based tunneling
Traditional reverse proxy: Nginx with Let's Encrypt

Support

For additional help:

Cloudflare Tunnel Documentation
Cloudflare Community
Check application logs for connection issues

Edit this pageorReport an issue

Frontend Introduction

Comprehensive guide to the Klinik Gunung frontend application built with Next.js, TypeScript, and modern React ecosystem

Troubleshooting Guide

Comprehensive troubleshooting guide for common issues in the Klinik Gunung Health Screening System