Cloudflare provides a solution that will help you make your server, which is hosted at your home under NAT, visible from the internet—did you know? It also gives you all the features of Cloudflare, such as DDoS protection for your website. It’s completely free and easy to configure. As an example, let’s configure a website hosted on our local Raspberry Pi to make it visible from the internet. All we need is to have our own domain name attached to Cloudflare.

First, we have to add Cloudflare’s GPG key and repository to our system:

Then update the apt list and install cloudflared:

Then, go to your Cloudflare control panel. Find the Tunnels service in the Networking category. Click the “Create Tunnel” button and use a tunnel name of your choice. On the opened page, select your OS (“Debian -> arm64” for RPi), and you will see instructions on how to install it. Since we already installed cloudflared, just ignore the first instruction and follow the second one. It will give you two commands: one to install the tunnel as a service and launch it automatically, and a second one to launch it just once. Each command will contain your unique ID, so it will look like this:

After it’s installed and launched, select your tunnel from the list, then open the “Routes” tab and use the “Add route” button. Select the option “Public application”, configure your subdomain and local port, and that’s it.

Limitations

If you want to use protocols other than HTTP (such as SSH), you need to have cloudflared on the client system as well. You don’t need to register it, it will be used only to proxy the traffic. To use a specific server port, you need to select the option “Private hostname” during the creation of the new route. Basically, everything there is intuitively simple and has good documentation.