Cloudflare Tunnel lets you publish an application from an Ubuntu server without opening inbound ports to that server. The cloudflared daemon makes outbound-only connections to Cloudflare, and Cloudflare routes visitors to the service through that tunnel.
When should you use it?
Use Cloudflare Tunnel for public web apps, webhooks, preview environments, and selected internal tools protected by Cloudflare Access. Do not use it as a substitute for authentication.
Basic setup shape
- Confirm the local service works.
- Create a tunnel in Cloudflare Zero Trust.
- Install and run
cloudflaredon the Ubuntu server. - Add a public hostname route.
- Test from outside the server.
- Lock down the origin so the service is not also reachable directly.
curl -I http://localhost:8000
systemctl status cloudflared --no-pager
curl -I https://app.example.com
Safety notes before you run it
Do not paste tunnel tokens, private keys, origin hostnames, or sensitive dashboard URLs into public notes or support chats. Keep the origin service bound to localhost or a private interface where possible, and add authentication for anything that is not meant for the public.
If this is your first Cloudflare Tunnel setup, treat the first pass as a staging exercise: publish a harmless test service, confirm routing works, then apply the same pattern to the real application.
Link back to the hub
This guide belongs to the Secure Remote Access for a Linux Server cluster.