All you need to know about Cloudflare tunnel

KubeBlogs: Understanding Cloudflare Tunnel and Reverse Proxy
KubeBlogs: Understanding Cloudflare Tunnel and Reverse Proxy

Introduction

Imagine this: You're working on a cool new website or app on your computer, and you can’t wait to show it to a client or get some feedback from a team member. But here's the catch—you don’t want the hassle of setting up a cloud account, dealing with firewalls, or opening up risky ports that could expose your machine to the internet.

This is one of the scenarios where Cloudflare Tunnel can help you. It’s like having a secure, invisible bridge that connects your local project to the outside world, without any of the messy networking or security worries!


What’s Cloudflare Tunnel?

Cloudflare Tunnel is a service provided by Cloudflare that establishes a secure and encrypted connection between an origin server (your local application, server, or network) and Cloudflare's edge network without requiring the origin to have a publicly routable IP address. This eliminates the need to open inbound ports on the origin server or configure complex firewall rules.

The tunnel is facilitated by the cloudflared daemon, which securely routes incoming HTTP/HTTPS requests from Cloudflare to the local server over the encrypted tunnel, acting as a reverse proxy. This approach ensures the origin server remains isolated from direct internet exposure, enhancing security and simplifying configuration.

It uses a lightweight tool called cloudflared (you install this on your server or computer). This tool creates a secure connection (tunnel) between your server and Cloudflare. Now, instead of your server being directly exposed, Cloudflare becomes the “face” of your app on the internet.


What is a reverse proxy?

A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability.

Reverse Proxy Flow
Reverse Proxy Flow

Let’s use a real-life example to explain a reverse proxy:

Imagine you have a big, busy restaurant, but you don’t want customers barging into the kitchen. Instead, you have a waiter (the reverse proxy) who takes orders from customers and brings the food back to them.

In the tech world, Cloudflare acts like that waiter. Customers (users visiting your app) don’t talk directly to your app/server. Instead, they talk to Cloudflare, and Cloudflare talks to your app for them.

With a Cloudflare Tunnel, the reverse proxy part is handled automatically. Cloudflare gets the requests, decides if they’re legit, and then securely forwards them to your server through the tunnel. 

How does cloudflare tunnel work?

  1. Install and Run the Tunnel
    You install the cloudflared tool on your server or computer where the app is hosted.
  2. Secure Connection
    The tool creates an encrypted tunnel from your server to Cloudflare.
  3. DNS Setup
    Cloudflare assigns your tunnel a URL or connects it to your custom domain. For example, you can link myapp.example.com to the tunnel. When someone visits this URL, Cloudflare handles the traffic.
  4. Requests Flow Through Cloudflare
    • A user visits myapp.example.com.
    • Cloudflare checks the request (e.g., is it legit? Does it need to block attacks?).
    • If it’s valid, Cloudflare forwards it through the tunnel to your app.
    • Your app processes the request and sends the response back to Cloudflare, which delivers it to the user.

Conclusion

Cloudflare Tunnel makes it simple to securely access local applications over the internet without exposing ports or modifying firewall settings. Whether you're testing, hosting, or managing remote access, it provides a practical solution that keeps your setup protected.

With everything in place, your applications are now accessible without unnecessary network risks.

Need expert help with networking, cloud security, or infrastructure automation? KubeNine takes care of the technical work, so you can focus on what matters most—your product.