diff --git a/CLOUDFLARE-SETUP.md b/CLOUDFLARE-SETUP.md index f97c355..a7fc8e7 100644 --- a/CLOUDFLARE-SETUP.md +++ b/CLOUDFLARE-SETUP.md @@ -1,10 +1,14 @@ -# Setting Up Cloudflare Tunnel for ABforAbortion Website +# Setting Up Cloudflare Tunnel for Your Website: A Beginner's Guide -This guide will walk you through the process of setting up a Cloudflare Tunnel to securely expose your ABforAbortion website to the internet without opening ports on your firewall. +This guide will walk you through the process of setting up a Cloudflare Tunnel to securely expose your website to the internet without opening ports on your firewall. This is perfect for beginners who want to host a website securely. + +## What is Cloudflare Tunnel? + +Cloudflare Tunnel creates a secure connection between your local web server and Cloudflare's network, allowing visitors to access your site through Cloudflare without exposing your server's IP address. ## Prerequisites -1. A Cloudflare account +1. A Cloudflare account (free tier works fine) 2. A domain registered and using Cloudflare DNS 3. Docker and Docker Compose installed on your server @@ -24,15 +28,15 @@ sudo dpkg -i cloudflared.deb cloudflared login ``` -This command will open a browser window. Log in to your Cloudflare account and authorize the cloudflared application to access your account. +This command will open a browser window. Log in to your Cloudflare account and authorize the cloudflared application to access your account. This allows the tunnel to connect to your Cloudflare account. ## Step 3: Create a Tunnel ```bash -cloudflared tunnel create abforabortion-tunnel +cloudflared tunnel create my-website-tunnel ``` -This will create a new tunnel and store the credentials in `~/.cloudflared/[TUNNEL-ID].json`. +This will create a new tunnel and store the credentials in `~/.cloudflared/[TUNNEL-ID].json`. The tunnel ID is a unique identifier for your tunnel. ## Step 4: Get Your Tunnel ID @@ -40,49 +44,77 @@ This will create a new tunnel and store the credentials in `~/.cloudflared/[TUNN cloudflared tunnel list ``` -Note the tunnel ID - you'll need to update it in the `cloudflared-config.yml` file. +Note the tunnel ID - you'll need this for the next steps. It should look something like a UUID (e.g., "6ff42ae2-765d-4adf-8112-31c55c1551ef"). ## Step 5: Set Up DNS Records ```bash # Replace with your actual domain and tunnel ID -cloudflared tunnel route dns your-tunnel-id abforabortion.com -cloudflared tunnel route dns your-tunnel-id www.abforabortion.com +cloudflared tunnel route dns your-tunnel-id yourdomain.com +cloudflared tunnel route dns your-tunnel-id www.yourdomain.com ``` -## Step 6: Update the Configuration File +This links your domain name to the tunnel, allowing traffic to flow to your local server. -Edit the `cloudflared-config.yml` file: +## Step 6: Configure Your Tunnel -1. Replace `your-tunnel-id` with your actual tunnel ID -2. Update the hostnames to match your domain +Use the provided `cloudflared-config.yml` file and update the following: -## Step 7: Start the Docker Containers +```yaml +tunnel: your-tunnel-id # Replace with your actual tunnel ID +credentials-file: /root/.cloudflared/your-tunnel-id.json # Update with your tunnel ID +``` + +Also update the hostname in the ingress section to match your domain: + +```yaml +ingress: + - hostname: yourdomain.com # Replace with your actual domain + service: http://localhost:80 +``` + +## Step 7: Start the Tunnel Using Docker Compose + +We've provided a Docker Compose file that sets up both your web server and the Cloudflare tunnel: ```bash +# Start the services docker-compose -f docker-compose-with-cloudflare.yml up -d + +# Check the status +docker-compose -f docker-compose-with-cloudflare.yml ps ``` +This will start both your web server and the Cloudflare tunnel service connecting it to the internet. + ## Step 8: Monitor the Tunnel ```bash -# Check logs +# Check logs from your Docker setup docker-compose -f docker-compose-with-cloudflare.yml logs -f cloudflared -# Check status +# Check tunnel status using the CLI cloudflared tunnel info your-tunnel-id ``` ## Troubleshooting -- **Connection issues**: Check if the cloudflared container can access the web container -- **DNS issues**: Verify DNS records in your Cloudflare dashboard -- **Authentication issues**: Ensure credentials file exists and is mounted correctly +- **Connection issues**: Check if your web server is running and accessible locally +- **DNS issues**: Verify DNS records in your Cloudflare dashboard (orange cloud should be enabled) +- **Authentication issues**: Ensure credentials file exists and contains valid information +- **"No such tunnel" error**: Double-check your tunnel ID in all configurations -## Security Considerations +## Security Benefits -- The Cloudflare Tunnel provides secure access without exposing your server's IP address -- All traffic is encrypted between visitors and your origin server -- Authentication happens via Cloudflare's authentication system +- Your server's IP address remains hidden from the public +- All traffic is encrypted between visitors and your server +- Protection from DDoS attacks via Cloudflare's network +- No need to open ports in your firewall + +## Next Steps + +- Set up Cloudflare Access for additional authentication +- Configure Cloudflare Workers for edge computing capabilities +- Explore Cloudflare Pages for static site hosting For more information, visit the [Cloudflare Tunnel documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/). diff --git a/cloudflared-config.yml b/cloudflared-config.yml index a1f6c74..2fd8a51 100644 --- a/cloudflared-config.yml +++ b/cloudflared-config.yml @@ -1,28 +1,24 @@ ## Cloudflare Tunnel configuration file -## This config connects your local website to the internet securely using Cloudflare Tunnels +## This connects your local website to the internet securely without exposing your IP address -# Tunnel configuration -tunnel: your-tunnel-id # Replace with your actual tunnel ID from Cloudflare -credentials-file: /root/.cloudflared/your-tunnel-id.json # Path to your tunnel credentials file +# Tunnel configuration - UPDATE THESE VALUES +tunnel: your-tunnel-id # Replace with your actual tunnel ID from Step 4 +credentials-file: /root/.cloudflared/your-tunnel-id.json # Use your tunnel ID here too -# Ingress rules define how traffic is routed +# Ingress rules define how traffic is routed to your services ingress: - # First rule: route all traffic to your local website - - hostname: abforabortion.com # Replace with your domain - service: http://localhost:80 + # Route traffic from your domain to your local web server + - hostname: yourdomain.com # Replace with your actual domain + service: http://web:80 # This targets the web service in docker-compose - # Second rule: you can add additional hostnames/subdomains - - hostname: www.abforabortion.com # Replace with your subdomain - service: http://localhost:80 - - # Default catch-all rule (required) + # Catch-all rule (required) - returns 404 for any other requests - service: http_status:404 -# Log level options: debug, info, warn, error, fatal +# Log settings logfile: /var/log/cloudflared.log -loglevel: info +loglevel: info # Options: debug, info, warn, error, fatal -# Optional: Set to true in production +# Connection settings originRequest: connectTimeout: 30s - noTLSVerify: false + noTLSVerify: false # Keep this false for security diff --git a/docker-compose-with-cloudflare.yml b/docker-compose-with-cloudflare.yml index 4f8ffa8..b37c9bd 100644 --- a/docker-compose-with-cloudflare.yml +++ b/docker-compose-with-cloudflare.yml @@ -1,31 +1,32 @@ version: '3' services: - # Your existing web server + # Web server - serves your website content web: image: nginx:alpine ports: - - "80:80" + - "80:80" # Only exposed locally, not to the internet volumes: - - ./website:/usr/share/nginx/html - - ./nginx.conf:/etc/nginx/conf.d/default.conf + - ./website:/usr/share/nginx/html # Your website files go in the "website" folder + - ./nginx.conf:/etc/nginx/conf.d/default.conf # Nginx configuration restart: always networks: - web_network - # Cloudflare tunnel service + # Cloudflare tunnel service - connects your website to the internet securely cloudflared: image: cloudflare/cloudflared:latest command: tunnel --config /etc/cloudflared/config.yml run volumes: - - ./cloudflared-config.yml:/etc/cloudflared/config.yml:ro - - ~/.cloudflared:/root/.cloudflared:ro # Mount credentials from host + - ./cloudflared-config.yml:/etc/cloudflared/config.yml:ro # Your tunnel configuration + - ~/.cloudflared:/root/.cloudflared:ro # Your tunnel credentials restart: always depends_on: - - web + - web # Ensures web service starts first networks: - web_network +# Network used by both services to communicate networks: web_network: driver: bridge