Accessing Synology apps with Cloudflare Tunnel : I LOVE SIMPLICITY

Share This Article
Lentor Mansion Preview Starts on 1st March

A while back, I wrote about installing Uptime Kuma on my Synology NAS as a docker image. I did not “expose” that app to the internet. But today I did that as I tried out how to access Synology Apps with Cloudflare Tunnel.

Basically it is setting up Cloudflare as a reverse proxy to allow you to use your Synology apps when you are out and about, as if you are already at home in your home network. When you are actually at the beach or in Japan (like everyone else now).

What is a Reverse Proxy

A reverse proxy is a type of server that sits in front of web servers and forwards client requests to these web servers. It acts as an intermediary for requests from clients seeking resources from servers. Here are the key functions and benefits of a reverse proxy:

  1. Load Balancing: A reverse proxy can distribute incoming requests evenly across multiple servers, ensuring no single server gets overwhelmed. This improves the performance and reliability of the servers.
  2. Web Acceleration: By caching content, a reverse proxy can improve the speed of web content delivery. It stores copies of frequently accessed web pages, reducing the need to repeatedly fetch them from the web server.
  3. Security and Anonymity: It helps in hiding the characteristics and location of the backend servers. This can protect against certain types of attacks, like DDoS attacks, and ensures that backend servers remain anonymous.
  4. SSL Encryption: A reverse proxy can decrypt incoming requests and encrypt responses, thus offloading these tasks from the web servers. This is especially useful for SSL (HTTPS) sites.
  5. Compression: It can compress outbound data to improve performance, especially for slower internet connections.
  6. Content Switching: A reverse proxy can direct requests to different servers based on the type of content requested. This is useful in a network where multiple types of content are served by different servers.
  7. Application Firewall: It can also act as an application firewall, providing an additional layer of security by filtering malicious traffic before it reaches the web server.

In summary, a reverse proxy offers benefits in load balancing, security, performance enhancement, and content management, making it a valuable component in modern web architecture.

How does Cloudflare Tunnel then act as a reverse proxy

As usual, Cloudflare like to do things their own special way.

Cloudflare Tunnel, a feature offered by Cloudflare, acts as a reverse proxy in a unique and innovative way. Instead of exposing your server directly to the internet, Cloudflare Tunnel creates a secure, encrypted path from your server to the Cloudflare network. This is done without opening any public inbound ports. Here’s how it works:

  1. Connection Initiation: The server or service you want to protect establishes an outbound connection to Cloudflare’s edge network using the Cloudflare Tunnel software (formerly known as Argo Tunnel).
  2. Encryption and Security: This connection is encrypted and secured, ensuring that data transmitted is protected. This setup prevents direct attacks on the server since its IP address is not exposed to the public internet.
  3. Request Handling: When a user wants to access your service, their request goes to Cloudflare first. Cloudflare then forwards this request through the secure tunnel to your server.
  4. Performance and Reliability: Cloudflare’s network optimizes the traffic route for performance and reliability, leveraging their global network infrastructure.
  5. Content Delivery: The server processes the request and sends the response back through the tunnel to Cloudflare, which then delivers it to the user.

By using Cloudflare Tunnel, you effectively hide your server behind Cloudflare’s infrastructure, leveraging their security and performance features while reducing your server’s exposure to threats.

You can watch many Youtube videos on this, including the famous one by Crosstalk. But I prefer this one πŸ™‚ He is just too funny.

So let’s go ahead and set up Cloudflare Tunnel to act as a reverse proxy to my Synology App.

Synology Apps with Cloudflare Tunnel : Uptime Kuma Example

So the document I am using to set up Uptime Kuma with Cloudflare Tunnel to start my first Docker app in Synology to be “exposed” to the internet.

The Uptime Kuma page actually has its own document on how to do so ! It is pretty accurate and easy to use. So do visit that link to find out more.

But you can follow along with me too πŸ™‚

Step 1 : Buy a Domain

Get one of those cheap “personal” domain (you don’t need a dot.com) or those “xyz” domains etc. I use Hostinger (affiliate link) to get my domain as part of my hosting plan. Because you are just using the sub-domains of the domain, you can actually use any domains you own. But I prefer to have a “personalised one”…. eg “I-am-handsome.xyz”.

Step 2 : Add your web site to Cloudflare

It is free to add your web site to Cloudflare. I always add my sites I bought on Namecheap etc and then host them on Clouldflare for its DNS and protection.

Anyhow, add your web site you purchased in Step 1 to Cloudflare.

Add your web site to Cloudflare
Add your web site to Cloudflare

Step 3 : Change your Nameservers to Cloudflare

In your Domain registrar (e.g Namecheap, or Hostinger or Sugar Daddy.. I mean Go Daddy), change the name servers to point to Cloudflare. This is a compulsory step.

You will find the name servers in the steps when you add to the domain to Cloudflare.

Change your Nameservers to Cloudflare
Change your Nameservers to Cloudflare

Then you change the nameservers in your domain registrar. Here’s my Hostinger name server changing.

Change your Nameservers to Cloudflare
Change your Nameservers to Cloudflare

Success and wait for a while for the name server changes to take place. At most it takes 10-15 mins…

Change your Nameservers to Cloudflare
Change your Nameservers to Cloudflare

Step 4 : Set up a Clouldflare Trust Account

Yes.. more work to access Synology apps with Cloudflare Tunnel. You need to set up a Cloudflare Trust Account. This is separate from the Cloudflare account itself. Oh well… it is free πŸ™‚

Set up a Clouldflare Trust Account
Set up a Clouldflare Trust Account

Team name !!

Set up a Clouldflare Trust Account
Set up a Clouldflare Trust Account

Make sure you choose the FREE PLAN.

Set up a Clouldflare Trust Account
Set up a Clouldflare Trust Account
Set up a Clouldflare Trust Account
Set up a Clouldflare Trust Account

Step 5 : Set up your Cloudflare Tunnel

On the left side, choose Tunnels.

Set up your Cloudflare Tunnel
Set up your Cloudflare Tunnel

Then choose ADD A TUNNEL on the bottom left.

Set up your Cloudflare Tunnel
Set up your Cloudflare Tunnel

Note how Cloudflare recommends one TUNNEL per network. So you really need only 1 for each home network.

Set up your Cloudflare Tunnel
Set up your Cloudflare Tunnel

In the next screen, you will notice some code to copy and paste, depending on your choice of OS (usually that’s DOCKER for me in Synology) but you might be running some other servers (Windows anyone..)…

Set up your Cloudflare Tunnel
Set up your Cloudflare Tunnel

But for Uptime Kuma, it is easier.

Just copy the CODE for Cloudflare TOKEN on the right hand side.

Step 6 : Copy the Cloudflare Token to Uptime Kuma

Uptime Kuma is so cool. They already provide you a place in their FRONT END to add the code to their app.

Under Settings > Reverse Proxy, you will see the Clouldflare Tunnel field.

Easy to set up Cloudflare Tunnel on Uptime Kuma
Easy to set up Cloudflare Tunnel on Uptime Kuma

Copy and paste the TOKEN from Step 4 into the field and then press “START CLOUDFLARE”.

If you go back to Cloudflare Tunnel now, you will see it is CONNECTED. That’s is very good news.

Cloudflare Tunnel is up and running
Cloudflare Tunnel is up and running

Step 7 : Set up your Clouldflare Public Host name

Now you can choose the EASY NAME for your Uptime Kuma. Or rather the public hostname for this app.

This will be your URL to access the app from outside your home network. You will be using this URL to access the Synology apps with Cloudflare Tunnel.

Example.

Mine is uptime.mypersonaldomain.xyz.

Set up your Clouldflare Public Host name
Set up your Clouldflare Public Host name

The service will be http://localhost:3001 for Uptime Kuma. Different apps will have different service.

Step 8 : Check if it works

Now using your URL you set up, add a https to the front.

Example. My case will be https://uptime.mypersonaldomain.xyz

You can check in your home network wifi

And you can also disable your phone’s wifi and then use 4G/5G network (and hence pretending you are outside your home) to check.

They will all be directed to the Uptime Kuma log In page.

With a SSL ! πŸ™‚

Uptime Kuma is successfully running on Cloudflare Tunnel
Uptime Kuma is successfully running on Cloudflare Tunnel

Log in and you will have your dashboard !!

Uptime Kuma is successfully running on Cloudflare Tunnel
Uptime Kuma Dashboard is successfully running on Cloudflare Tunnel

Easy to allow you to access Synology apps with Cloudflare Tunnel !!

What about the Synology Native Apps

To be honest, I would not use the Clouldflare Tunnel with the Synology Native Apps such as Synology Photos, Synology Files, Synology Drive etc.

I am happy using Synology QuickConnect to do so as I have already set it up for use.

However, I will be using Cloudflare Tunnel for the Docker apps such as Uptime Kuma, and perhaps my Unifi Controller for my Ubiquiti products.

In fact, these are some of my upcoming plans to self host some of these applications on my Synology but time is not my best friend. I wish I have the time. If I do, I will write a blog post on each πŸ™‚

PurposeSoftware
PhotosImmich
Document ScanPaperless NG
FeedFreshRSS
FilesNextCloud or Seafile
WebsitePlausible or Matomo
PasswordBitwarden
Media ServerJellyfish
Self Hosting Apps on my Synology (or so I claimed to do so).

Do you like to self-host open source apps and then expose them to internet to use them on the go ? Share with me your favourite apps !

Share This Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.