- cross-posted to:
- hackernews
- cross-posted to:
- hackernews
Everything you wanted to know about using Cloudflare Zero Trust Argo tunnels for your personal network. For those like me who were still confused even after reading the article, I think this is the lowdown:
- ZT tunnels let you expose private resources/services to the internet (or your users) via Cloudflare’s edge network. You install cloudflared on an internal host, and register a “tunnel” so that requests to a hostname or IP get forwarded securely into your network (similar to tailscale).
- Unlike classic VPNs (which open full network access) or traditional Cloudflare tunnels (which merely publish a service), this approach adds granular access control; you can define exactly who can access which resource, based on identity, device posture, login method, etc.
- It also solves NAT/firewall issues often faced by P2P-based overlays (e.g., Tailscale) by routing everything through Cloudflare’s network, avoiding connectivity failures when peer-to-peer fails.
For in-browser auth you can then use Cloudflare Access, or you can install the cloudflare Warp client which is a VPN-like thing that would give you full control over the access to whatever service(s) you were exposing this way.
You must log in or register to comment.
I only started using Cloudflare tunnels recently, but I’m now using the self hosted alternative Pangolin on a VPS for private services, and I keep the Cloudflare tunnel for public web hosting, i.e WordPress. This also allows easy restriction to the WordPress login page for other users via Google auth etc which is something very simple with CF.
Having split up my private/public services to seperate tunnels also means I don’t stand the chance of taking the public services offline with my constant tinkering of Pangolin and the VPS it runs on.
I have pushed the CF tunnel for file transfers occasionally (which is against their terms), but it hits remarkable speeds for a ‘free’ service.
