How to use Cloudflare Tunnels with HCS.
Cloudflare Tunnels
A guide on how to use Cloudflare Tunnels with HCS.
You can run HCS on your local machine (like old laptop/Raspberry PI) and expose it to the internet without opening any ports on your router with Cloudflare Tunnels.
For more details about CF Tunnels, please visit this page.
Setup Cloudflared
You have at least two ways to setup Cloudflare Tunnels with HCS.
Automated
Setup Tunnels on Cloudflare
Go to
https://one.dash.cloudflare.com/
.Select your account.
Open
Networks
->Tunnels
->Create a Tunnel
Connector:
Cloudflared
Choose any name you like.
Copy your
Cloudflare Tunnel Token
from any of the commands.
The token starts with
eyJ...
.
On the
Route Tunnel
tab, add the following tunnels:
You can use any domains/subdomains. This will make sure you can reach your server through Cloudflare Tunnels
Setup Tunnels on HCS
Add a new server with your server’s
IP Address
- it will be reconfigured later on.
Validate the server.
After the server is validated, click on
Configure
in theCloudflare Tunnels
section.Paste
Cloudflare Tunnel Token
from the previous step and set theSSH Domain
to the domain you set in the previous step.
Manual
WIP
Setup Resources in HCS
You have several options to use Cloudflare Tunnels with HCS.
One domain -> One resource.
Wildcard subdomain -> All resources.
One domain -> One resource
In this case, you need to add a public domain every time you would like to expose a new resource through Cloudflare Tunnels.
Go to your tunnel settings on Cloudflare. (https://one.dash.cloudflare.com/ -> Networks -> Tunnels -> Select your tunnel)
Switch to
Public Hostname
tab.Go to HCS and to your resource settings: - Remove any
Domains
settings. - SetPort Mappings
to the same port that you set in thePublic Hostname
settings.
Deploy & enjoy.
Wildcard subdomain -> All resources
In this case, you only need to setup a wildcard domain once and you can expose all your resources through it.
Go to your tunnel settings on Cloudflare. (https://one.dash.cloudflare.com/ -> Networks -> Tunnels -> Select your tunnel)
Switch to
Public Hostname
tab.In Cloudflare go to your
DNS
settings and add a newCNAME
record with the following settings:Name
:*
Target
:<Tunnel ID>.cfargotunnel.com
TTL
:Auto
Go to HCS and to your resource settings.
Set the Domains
to any subdomain of the wildcard domain you set in the previous step.
Deploy & enjoy.
Post Setup
After everything is setup, you can fully disable direct access to your server by disabling all the ports (except SSH (port:22 by default)
) on your firewall.
Setup self-hosted HCS
You can use the one domain without HCS Proxy
or wildcard setup with HCS Proxy
to expose your self-hosted HCS instance to the internet.
With the wildcard
setup, you have nothing to do.
With the one domain
setup, you need a bit more setup with HCS to make it work.
Let’s say you configured the following Public Hostnames
in Cloudflare:
app.HCS.io
mapped tolocalhost:8000
realtime.HCS.io
mapped tolocalhost:6001
After you installed HCS, you need to add 3 lines your .env
file, located in /data/HCS/source
folder.
This tells HCS how to connect to it’s realtime server through Cloudflare Tunnels.
Restart HCS with the installation script.
If you have a firewall, you also need to allow the following ports.
Verify
Navigate to your HCS instance, as in the example:
https://app.HCS.io
.Login with the root user (the first user you created after installation).
Open another tab/window and navigate to
https://app.HCS.io/realtime
. On the other tab (opened in point 2), you should see a notification about the test event.If you know what are you doing, you can check the network tab as well. Search for a websocket connection.
Last updated