A while back, I wrote about installing Uptime Kuma on my Synology NAS as a docker image. I did not “expose” that app to the internet. But today I did that as I tried out how to access Synology Apps with Cloudflare Tunnel.
Basically it is setting up Cloudflare as a reverse proxy to allow you to use your Synology apps when you are out and about, as if you are already at home in your home network. When you are actually at the beach or in Japan (like everyone else now).
Table of Contents
What is a Reverse Proxy
A reverse proxy is a type of server that sits in front of web servers and forwards client requests to these web servers. It acts as an intermediary for requests from clients seeking resources from servers. Here are the key functions and benefits of a reverse proxy:
- Load Balancing: A reverse proxy can distribute incoming requests evenly across multiple servers, ensuring no single server gets overwhelmed. This improves the performance and reliability of the servers.
- Web Acceleration: By caching content, a reverse proxy can improve the speed of web content delivery. It stores copies of frequently accessed web pages, reducing the need to repeatedly fetch them from the web server.
- Security and Anonymity: It helps in hiding the characteristics and location of the backend servers. This can protect against certain types of attacks, like DDoS attacks, and ensures that backend servers remain anonymous.
- SSL Encryption: A reverse proxy can decrypt incoming requests and encrypt responses, thus offloading these tasks from the web servers. This is especially useful for SSL (HTTPS) sites.
- Compression: It can compress outbound data to improve performance, especially for slower internet connections.
- Content Switching: A reverse proxy can direct requests to different servers based on the type of content requested. This is useful in a network where multiple types of content are served by different servers.
- Application Firewall: It can also act as an application firewall, providing an additional layer of security by filtering malicious traffic before it reaches the web server.
In summary, a reverse proxy offers benefits in load balancing, security, performance enhancement, and content management, making it a valuable component in modern web architecture.
How does Cloudflare Tunnel then act as a reverse proxy
As usual, Cloudflare like to do things their own special way.
Cloudflare Tunnel, a feature offered by Cloudflare, acts as a reverse proxy in a unique and innovative way. Instead of exposing your server directly to the internet, Cloudflare Tunnel creates a secure, encrypted path from your server to the Cloudflare network. This is done without opening any public inbound ports. Here’s how it works:
- Connection Initiation: The server or service you want to protect establishes an outbound connection to Cloudflare’s edge network using the Cloudflare Tunnel software (formerly known as Argo Tunnel).
- Encryption and Security: This connection is encrypted and secured, ensuring that data transmitted is protected. This setup prevents direct attacks on the server since its IP address is not exposed to the public internet.
- Request Handling: When a user wants to access your service, their request goes to Cloudflare first. Cloudflare then forwards this request through the secure tunnel to your server.
- Performance and Reliability: Cloudflare’s network optimizes the traffic route for performance and reliability, leveraging their global network infrastructure.
- Content Delivery: The server processes the request and sends the response back through the tunnel to Cloudflare, which then delivers it to the user.
By using Cloudflare Tunnel, you effectively hide your server behind Cloudflare’s infrastructure, leveraging their security and performance features while reducing your server’s exposure to threats.
You can watch many Youtube videos on this, including the famous one by Crosstalk. But I prefer this one π He is just too funny.
So let’s go ahead and set up Cloudflare Tunnel to act as a reverse proxy to my Synology App.
Synology Apps with Cloudflare Tunnel : Uptime Kuma Example
So the document I am using to set up Uptime Kuma with Cloudflare Tunnel to start my first Docker app in Synology to be “exposed” to the internet.
The Uptime Kuma page actually has its own document on how to do so ! It is pretty accurate and easy to use. So do visit that link to find out more.
But you can follow along with me too π
Step 1 : Buy a Domain
Get one of those cheap “personal” domain (you don’t need a dot.com) or those “xyz” domains etc. I use Hostinger (affiliate link) to get my domain as part of my hosting plan. Because you are just using the sub-domains of the domain, you can actually use any domains you own. But I prefer to have a “personalised one”…. eg “I-am-handsome.xyz”.
Step 2 : Add your web site to Cloudflare
It is free to add your web site to Cloudflare. I always add my sites I bought on Namecheap etc and then host them on Clouldflare for its DNS and protection.
Anyhow, add your web site you purchased in Step 1 to Cloudflare.
Step 3 : Change your Nameservers to Cloudflare
In your Domain registrar (e.g Namecheap, or Hostinger or Sugar Daddy.. I mean Go Daddy), change the name servers to point to Cloudflare. This is a compulsory step.
You will find the name servers in the steps when you add to the domain to Cloudflare.
Then you change the nameservers in your domain registrar. Here’s my Hostinger name server changing.
Success and wait for a while for the name server changes to take place. At most it takes 10-15 mins…
Step 4 : Set up a Clouldflare Trust Account
Yes.. more work to access Synology apps with Cloudflare Tunnel. You need to set up a Cloudflare Trust Account. This is separate from the Cloudflare account itself. Oh well… it is free π
Team name !!
Make sure you choose the FREE PLAN.
Step 5 : Set up your Cloudflare Tunnel
On the left side, choose Tunnels.
Then choose ADD A TUNNEL on the bottom left.
Note how Cloudflare recommends one TUNNEL per network. So you really need only 1 for each home network.
In the next screen, you will notice some code to copy and paste, depending on your choice of OS (usually that’s DOCKER for me in Synology) but you might be running some other servers (Windows anyone..)…
But for Uptime Kuma, it is easier.
Just copy the CODE for Cloudflare TOKEN on the right hand side.
Step 6 : Copy the Cloudflare Token to Uptime Kuma
Uptime Kuma is so cool. They already provide you a place in their FRONT END to add the code to their app.
Under Settings > Reverse Proxy, you will see the Clouldflare Tunnel field.
Copy and paste the TOKEN from Step 4 into the field and then press “START CLOUDFLARE”.
If you go back to Cloudflare Tunnel now, you will see it is CONNECTED. That’s is very good news.
Step 7 : Set up your Clouldflare Public Host name
Now you can choose the EASY NAME for your Uptime Kuma. Or rather the public hostname for this app.
This will be your URL to access the app from outside your home network. You will be using this URL to access the Synology apps with Cloudflare Tunnel.
Example.
Mine is uptime.mypersonaldomain.xyz.
The service will be http://localhost:3001 for Uptime Kuma. Different apps will have different service.
Step 8 : Check if it works
Now using your URL you set up, add a https to the front.
Example. My case will be https://uptime.mypersonaldomain.xyz
You can check in your home network wifi
And you can also disable your phone’s wifi and then use 4G/5G network (and hence pretending you are outside your home) to check.
They will all be directed to the Uptime Kuma log In page.
With a SSL ! π
Log in and you will have your dashboard !!
Easy to allow you to access Synology apps with Cloudflare Tunnel !!
What about the Synology Native Apps
To be honest, I would not use the Clouldflare Tunnel with the Synology Native Apps such as Synology Photos, Synology Files, Synology Drive etc.
I am happy using Synology QuickConnect to do so as I have already set it up for use.
However, I will be using Cloudflare Tunnel for the Docker apps such as Uptime Kuma, and perhaps my Unifi Controller for my Ubiquiti products.
In fact, these are some of my upcoming plans to self host some of these applications on my Synology but time is not my best friend. I wish I have the time. If I do, I will write a blog post on each π
| Purpose | Software |
| Photos | Immich |
| Document Scan | Paperless NG |
| Feed | FreshRSS |
| Files | NextCloud or Seafile |
| Website | Plausible or Matomo |
| Password | Bitwarden |
| Media Server | Jellyfish |
Do you like to self-host open source apps and then expose them to internet to use them on the go ? Share with me your favourite apps !
