I have plans to eventually set up a VPN to access my home network, but in the meantime, I opted to set up a Cloudflare Tunnel to access certain local resources. I also just wanted to play around with Cloudflare Tunnel which is part of their Zero Trust platform. One might also want to do this if they're behind a CGNAT and can't VPN into their home network.
In order for any of this to work, you first you need a domain and an existing home server with some resource you want to access. Each service will have it's own subdomain, so you'll have URL something like nextcloud.example.com or homeassistant.example.com so you can access that specific service.
If you haven't done so already, set up an account with Cloudfare. Then click "Add a domain" and follow the steps to get your domain added. I went with Cloudflare's free tier, which is adequate for my needs. You also need to use Cloudflare as your nameservers, so it's important to note that you can't have any other nameservers associated with the domain. Registrars can take up to 24 hours to process nameserver changes, but mine only took a few minutes. Once completed, you'll receive an email.
After the domain is configured, click on "Zero Trust" in the sidebar. In the "Zero Trust Overview" sidebar, expand "Networks" and select "Tunnels".
In the Tunnels screen, select "Create a Tunnel".
Cloudflare offers two tunnel types: Cloudflared and WARP Connector. Cloudflared is primarily a command-line tool that acts as a connector, creating secure tunnels to Cloudflare's services. WARP is a mobile app that provides a VPN-like experience which essentially encrypts all network traffic from your device to Cloudflare's servers. I chose Clareflared.
Next, give your tunnel a name and select "Save tunnel".
Now choose an environment and start the configuration process. I personally went with Red Hat only because I have a preference for running it as a systemd service and because I'm running Fedora on my home server and the instructions for RHEL only needs to be slightly modified for Fedora. The only modification I had to make with the RHEL install script was to change "sudo yum localinstall..." to "sudo dnf localinstall...".
Assuming the install went smoothly, hit "Save" and go click on "Public Hostname" at the top of the screen. To add a local network service, click "Add a public hostname".
On this screen you'll set up your service by adding your subdomain name, select your domain, and the local IP address of the server and the port number your service is running at. In my example below, I'm (fictiously) running Jellyfin on my server at 10.10.1.40:9999, so I'm pointing "jellyfin.example.com" to it.
If everything went smoothly, you should now be able to access that resource from anywhere. I verified this by accessing it from my phone over my cellular connection.
What's really cool about this service is that I can access resources on my home network from anywhere. I have a few services set up, most noteably (and most fun) is Jellyfin so I can access my media from anywhere. Also, every subdomain that's set up has it's own SSL certification for HTTPS.
Thanks for reading. Feel free to send comments, questions, or recommendations to hey@chuck.is.