Loading...
Caption
This is how to access your #homelab from outside your home #network using #cloudflare tunnels. Skip 2min in if you know the details#.
Performance Category
Above Average
Score
4.5/5
Shares: 5/5
Comments: 5/5
Retention: 4/5
Views: 5/5
Likes: 5/5
Followers: 5/5
Script: 3.0/5
Total Views
79258
Likes
5340
Shares
213
Comments
165
Duration
5m 6s
Traffic Sources
For You
71,649
90.4% of views
Personal Profile
3,567
4.5% of views
Search
2,219
2.8% of views
Others
1,744
2.2% of views
Follow
79
0.1% of views
Sound
0
0.0% of views
Performance vs Median
Views
+1729.0%
Likes
+3557.5%
Shares
+4160.0%
Comments
+1733.3%
For You Traffic
+2264.3%
Profile Traffic
0%
Search Traffic
+2749.7%
Audience Origin
Non-Followers
93.0%
73,710 views
Followers
7.0%
5,548 views
19.6% of followers reached
Audience Growth
New Followers
1165
Performance vs Median
+23200.0%
Transcript
No transcript available.
Generate Script Scorecard
Extract Actions & Impact
Script Scorecard
No scorecard available.
Run the script scorecard evaluation to generate insights.
Action & Impact
Run the AI evaluation to identify actions and analyze their impact.
Actionable Tips
No tips available.
Run the script scorecard evaluation to generate actionable tips.
*5 comments hidden by TikTok
StormynightCan you help me?
Mr The Plaguewhat happens if you need to access http (not https)? I can't see how to get that working with cloudflared tunnels
1
Creator
Nov 24, 2025The you could use the ip address, but that's on your local only.
1
Azher Mohammedi am using pfsense as a vm at home, wireguard installed, lightweight droplet on digital ocean approx 6$ per month, which gives public ip and acts as wireguard server, now i have 2 way traffic, when i connect my laptop to the droplet via wireguard client
Creator
Nov 23, 2025Nice, im going to be installed Opnsense on a device soon!
drapie_i like this set up to explain and record videos, Nice explanation
1
Creator
Nov 3, 2025I'm just using draw.io as the diagram tool.
1
dude123I use cloudflare tunnels for everything, but I see a couple comments about how there not the best. can anyone explain, i’ve never heard bad about them and don’t understand how they could be a security risk
Creator
Oct 28, 2025Im not sure, I also rely pretty hard on Cloudflare tunnels, and haven't had any real issue with them. It's important to learn about your rules though,
David Jtailscale also has mDNS for URL based addresses too.
1
mal_locThis is my primary use for my “homelab” (windows PC running Docker Desktop and virtualized Linux lmao)! I used the Cloudflared docker container and cloudflare tunnels to point to my custom domain! Still required some mucking about but at least I got to stick with windows for ease of use
1
Creator
Oct 25, 2025That's awesome though.
Derrick Winslow167Apache guacamole reverse proxy with caddy
dickels122why not vpn OpenVPN on your router?
1
Creator
Oct 20, 2025Vpn works perfectly well yes, but sometimes it's easier to just go to a url.
1
Juan Joséa vpn made with wireguard
1
Creator
Oct 18, 2025If your technical the this is a great option.
🇵🇱 trikenzero-tier 😏
1
Creator
Oct 18, 2025Love them.
JuannI skip the problem with the IP dynamic issue using tp link ddns and to be honest, is the fastest way if you use tp link routers
1
@haij_Samiropenvpn access server 2 users free nice appliance
Creator
Oct 10, 2025Love it
Andi HereIM SO GLAD YOU POPPED BACK UP ON MY FYP, your tiktok about messing with your router to block ads was on my mind
1
Creator
Oct 9, 2025Well, glad I could help!
Brenwould a reverse proxy help with this ?
1
Creator
Oct 7, 2025If you're not behind a CGNAT, it can work
Chris 🇬🇧🏳️🌈Port forwarding and firewall/routing is the best way to go. if you do not have a static ip address you can use dyndns and a domain name. If your router does not have port forwarding then ditch it and setup a vm using openwrt and link a nic to it for your Internet and another for your local lan. or buy a router than is better. Don't use tailscale and cloudflare solutions, you are using big tech and tieing yourself into their infrastructure is not a solution you should want
4
Creator
Oct 1, 2025If you're behind a CGNAT from your ISP you may not have many other options though.
Chris 🇬🇧🏳️🌈true enough 😋
2
Creator
Oct 2, 2025Not at all :)
user1239744685836after I put my server behind my router overseers can't log in using plex anymore. it was working fine when the server was connected directly to the modem. any ideas?
1
Creator
Sep 30, 2025Check its on the same network, did you create Vlans?
user1239744685836thanks for the reply. no vlans(I should read up on those more). I did manage to figure it out. I edited the setting of overseerr and added my external ip under the applicationUrl and that allowed the login to go through successfully
1
backpackingkoopa😂
1
RickySpanish210Tailscale up. But yeah I struggle with ACL rules. I get confused.
lokinamo😳😳😳
1
xenoplebWhat about auth and security on the tunnel entry point.. You don't anyone just dropping by
Creator
Sep 22, 2025I have spoken about tunnels and zero trust access tools
xoro.racerI use duckdns, with an OMV server, hosting wireguard and nginx...
AMTraxTGEPangolin is a self hosted version of cloudflare tunnel like system. Need an external server though.
1
Creator
Sep 16, 2025the external server is the kicker, its good as its not controlled but still a cost for that VPS. Im going to investigate though :)
2
KodaTheWolf27They have/had a promotion for a 1GB VPS at racknerd for $12 a year but you could also run it via an always free Oracle cloud instance although Oracle is kinda ban happy for homeland stuff
KodaTheWolf27I've been using pangolin for 6+ months and have had almost no issues, I run it along with komodo for automatic updates although you could do the same with watchtower and not have that extra attack vector exposed to the Internet but I use Autehtik for oauth so everything is decently secure.
Mike ThompsettDDNS also a good option
GrenBurldns.afraid.org is another simple solution to redirect your private domain URL to a dynamic IP. they have lots of app tools that monitor your dynamic IP and update the DNS record hosted on their service. and it's all Free.
Mr DrakoolaCan you tell me why is the tunnel through a provides a better solution? Can’t you create your home VPN and solve the IP problem using a DDNS service? Then you can access anything you need in your home network. No? I feel like the solution proposed is for the case when the router cannot provide a VPN and or cannot resolve the dynamic IP issue using a dynamic DNS.
Creator
Sep 12, 2025It requires portforwading and if your behind a CGNAT it's hard to do, and many people are.
tiktommdmilI just manage an IP access list, modern routers have easy remote access so it's easy to add a new IP anytime. I know the convenience of any IP is nice but comes with a trade off.
2
VESL15And what's so nice about tail scale is that they don't really take any data from you, even though it's free simply because they sell a enterprise level subscription and they get their money that way. the free version is just a simple way of spreading the word of tailscale
1
VESL15tailscale IS IT!! SO NICE
Justin DobnerReverse proxy too
MrFuzzyPeachA little off topic, but what are you using to create this diagram? I’m using LucidChart right now, but I’d love to cut down on my subscriptions.
Creator
Sep 8, 2025Im using the self hosted version of Drawio.
1
Creator
Sep 27, 2025I just did a video on how to install and use drawio, if you're interested.
zilvesta123Please, setup zerotrust as well for those tunnels. Its easy with Cloudflare.
Sep 8, 2025
I use tails scale to access my internal network from outside.
1
KavenDDNS, static ip too munch expensive
1
Fearnoevil175Tailscale funnel.
1
Creator
Sep 7, 2025I've not used yet, but I think it's as good as cloudflare tunnels
D$I use a WireGuard vpn
3
Andrew Nuno188😁😁😁
YuithinasiaI setup a Jellyfin server last night and took me hours to figure out why I couldn’t connect. I had opened the port but it wasn’t working. Because Xfinity has CGNAT. So I ended up using Zerotier and routing through it for connection.
LeavibesThank you!
1
Jame VicianSince I’m sharing my jellyfin with friends and family I found the easiest method for them and me is a reverse proxy (nginx) and duckdns, just a simple https url that works great and has a simple level of security
1
BitbyBitCan you just do a screened subnet(DMZ) ?
panthroI use Tailscale to connect to my home server. Then I use an app called LunaSea, I’ve got local and Tailscale instances so that I can then connect to radarr, sonarr etc
1
Creator
Sep 4, 2025Tailscale and Cloudflare all the way for me!
Dani - 🩵🤍🩷zerotier is great, just the new device limits is a pain
Creator
Sep 5, 2025Tailscale for me.
@bestGTARPHey man I messaged you a video idea. I could use some help understanding something and it could also be a good video. Two birds one stone
Creator
Sep 5, 2025I'll see what I can do!
1
DisDadGamingWhy not just VPN? Most top tier routers have this ability
Creator
Sep 4, 2025A solid option, but not always the cleanest
Tik TokerWhat is the tool you used to draw the flowchart?
Creator
Sep 4, 2025Im using Draw.io and yes, its hosted on my homelab! DOWN WITH SUBSCRIPTIONS!
user8355054584137I know cloudflare sucks, but it’s just so easy. I use their tunneling
6
Creator
Sep 2, 2025It really is
CoachPaskalis it better than ngrok ?
Creator
Sep 2, 2025Not sure if better, but easier yes.
Goose Willisjust setup a vpn inside your home network, and only expose the vpn port
1
Creator
Sep 2, 2025Im thining about doing this
Goose WillisI am doing this 😄 lets me avoid Plex's external streaming fees
zero80473reverse proxy and certs trust only :)
1
chefkoch555You can do it by yourself without cloudflare if you want. Get a cheap or free VPS with a static IP, set up a vpn tunnel like wireguard between your server and the vps, use a reverse proxy to direct requests to the ip on the vps to your server over the tunnel.
Creator
Sep 2, 2025I just worry about the data ingress/egress costs.
bobbytailscale is king
31
Creator
Aug 31, 2025Yes it is.
1
bobbymy current setup is a zimaboard running casaos with plex and jellyfin as backup all automated with a mediastack made up of sonarr radarr prowlarr, qbit with gluten with Nord vpn total attached storage 100TB so far my plex server has 4120 movies and 165 TV series I also run pi-hole for network wide ad blocking all remotely accessed with tailscale if need be homelabs/severs alway start as a hobby and turn into an addiction lol need more stuff more space more more more then thiaes dread full druve failure days aha
2
BugajPCMRis piVPN + duckdns safe to use?
Creator
Aug 31, 2025I haven't had much experience with them. For DNS I use nextdns and VPN I use muillvad, they are great, for me and my usecase.
randomconductorTailscale.
2
acidicMate NordVPN mesh
Creator
Aug 31, 2025Looking into this!
AndyM1177Received an email from NordVPN, they are shutting down mesh feature. Sad.
Creator
Sep 2, 2025Oh no!
KingBjordDynDNS not needing a static IP, but question, I don’t trust Ombi, how is overseer as a port facing app security wise? Any known exploits with it?
Creator
Aug 31, 2025Personally I use cloudfalre rather than portforwarding for access, so the ports/ip are obsficated. Ill look into it!
2
sarongpartyyou can use tailscale behind traefik to access to your hosted services
7
Creator
Aug 30, 2025Nice, I was trying to make this very beginner friendly, so traefik and tailscale. Amp up the complexity a lot
2
randomconductorPort forwarding is way harder than setting up tailscale.
1
Martin :)I went through lots of solutions until I found the one that I like the most. First Iiterally set up a Wireguard VPN on my Rasp. PI, but ran into issues. Later I tried OpenVPN, which was better, but didn't like it. Now for my personal 'local' stuff like Home Assistant access, I'm using Twingate which is ZTNA based. Running a connector on a PI in a Docker container. And for stuff like Bitwarden server or Plex which I need to expose publically, I'm using the Cloudflare tunnel called Cloudflared running as a docker container. I'm really happy with this setup, had literally NO issues! I recommend a setup like this. Currently I bought something called QNAP which is directly attached storage, connected it to RPI with USB C and planning to run Nextcloud with that storage, essentially creating a NAS. Wish my luck, last time I tried this I ran into issues hahaha
1
qmni run openwrt with wireguard on it. would recommend to anyone who would listen.
5
Creator
Sep 2, 2025I'm listening :)
qmnSo openwrt is a foss that you can run on most routers to get more control and configurability over stock firmware. One thing it allows is community plugins like wireguard, allowing the creation of vpn client credentials. It can also run on a raspberry pi.
Gideon VisbeenTake a cheap virtuele server with contabo for example. Set up a vpn with reverse proxy.
2
Creator
Sep 2, 2025I can't see to find if they have data limits for ingress/egress
Gideon Visbeen32TB per month default (10TB for Australian/New Zealand)
thehonestview101What do you think about OpenVPN?
Creator
Aug 30, 2025Between cloudflare or tailscale, I think openvpn is more work for potentially less, But, it depends on your use case really.
W0nk3yD0nk3ytechnically not true about the isp static ip, you can use cloudflare DDNS for example
1
Creator
Aug 30, 2025True, I do go into how you can use cloudflare.
Ketispyakr😑😐 Need to learn cloudflare ddns.
1
Wouterif you use watchlistarr instead of overseer you can just use the plex interface to request media
Creator
Aug 30, 2025Definitely going to take a look at that
WouterYou may also try Pulsarr, that seems to be better maintained.
I don't know man...my soulotion was a vm with wiergurd and playit.gg tunnel free persistent tunnel and only my wiergurd is exposed to it
user9485496336213Host a tunnel yourself on an external server running rathole. $5/month from any server provider and no restrictions.
Creator
Aug 29, 2025Have been really considering this, but data egress/ingress costs as I'm a big data user are a pain. There aren't many unlimited data providers
user9485496336213I think you’re prematurely worrying. Most of the time you’ll be at home accessing things locally. I have family accessing my Jellyfin instance remotely and it barely breaks 100GB/month and I have 1TB/month transfer on my linode.
Creator
Aug 30, 2025I was considering using it as a dedicated ip, and accessing all my services remotely, but you're probably right
Eduarcloudflared tunnels aswell for exposing services to the internet
51
Porco RossoI find them a lot easier
1
Alex Crawford517this works nicely for me
1
Eduarplayit.gg if you want TCP or UDP tunnels 👌🏻👌🏻
ODD_MAN_IVwhat's their TOS re streaming? I can't imagine they'd be happy with me pumping 4k Blu-ray over their proxy
1
Eduaryeah I don't think so either haha but it's a free option for small stuff
1
Aug 29, 2025
cloudflares TOS cover any part of their CDN including web browser traffic, be careful. tailscale might pop you too. if youre gonna be sharing the love with ur mates and you need a tunnel to your proxy host maybe look at running headscale
Creator
Aug 29, 2025Yeah I thought cloudflare was a problem, wasn't sure on tailscale. Headscale is a good idea.
ODD_MAN_IVtailscale is just wireguard + a coordination server. since none of your traffic is actually routed through tailscale's servers, it shouldn't be an issue. you can also just setup a wireguard interface without tailscale, but it will be a pain if behind CGNAT.
Creator
Sep 2, 2025I've never had an issue with either Tailscale or Cloudflare BUT doens't mean I won't in the future.
user6920959065054got it setup already. by the looks as watched but of your videos nice and easy guide. I transferred mine to a wtr-pro NAS with Intel n150 cpu. such good cpu compared to running it on my old gaming computer Ryzen 5800x and 48gb ram. the Intel transcode so much better. and it only uses 40w power. (4x 3.5 spinning drives and 1 NVME). running home assistant vm and 10 other docker's.
1
Creator
Aug 29, 2025Yeah I would always go Intel over amd that's for sure.
Creator
Sep 2, 2025Solid!
Nakatokwhat would be the bandwidth required to share this with like 3-4 friends? would 100/100 MB be enough for bufferless streaming?
1
Creator
Aug 29, 20251080p thanks around 20mbps on a local network, so it's possible, but lots of variables, that said, it's worth trying.
ODD_MAN_IVit depends. for friends, the only thing that matters is out upload and bitrate. higher resolution/quality = higher bitrate. 4k blurays are using around 250mbps across my internal network. You would need at least a 1gbps upload for your friends to all enjoy that at the same time, plus they'd need a good download. Enter transcoding. Transcoding compresses video on the server before sending out the stream, so a 250mbps stream could be compressed to 20mbps. This comes at the cost of quality (not resolution), as well as using a significant amount of processing power - either on your CPU or GPU. to answer your question, a 100mbps upload is probably enough for the amount of people you're looking at as long as you have sufficient transcoding infrastructure installed. if you're not able to transcode on the fly due to resource limitations, check out tdarr. it can transcode files in the background so that you have compressed video ready to go when your friends start streaming.
2
ODD_MAN_IVDon't need a static IP if you use a dynamic DNS client. Just make sure you're not behind a CGNAT (ask your ISP, they'll know). I'm using an opnsense router on my homelab server with caddy as a reverse proxy. Caddy automatically updates my DNS/proxy records when my public IP updates.
24
Creator
Aug 29, 2025Not all ISP's will support it, and for a beginner its a little more complex, Cloudflare is the most basic I think.
9
Max HeadroomThis is exactly how I am set up 👌🏼
1
Creator
Aug 29, 2025Yup, I'm based in Thailand and for me, it's dead in the water.
ODD_MAN_IVAh, apologies I thought you were also in Australia. Out of curiosity - is your WAN IP a bogon (i.e. CGNAT) IP or is it a public IP?
Creator
Aug 29, 2025No need to apologise! I'm stuck being CGNAT
IT-Labrat | NSAin Asia most of the ISP provider are using CGNat for extra cash. 😂😂
Creator
Aug 29, 2025Yup!
/home/thankarezosif an ip doesn't support opting out of cgnat they are trash. if i can have a vm with its own ip on Amazon that means the exhaustion its not that serious.
sb_mavYep, a 3 minute call to GloFiber and I had my CGNAT disabled.
1
Aug 29, 2025
Hey Benny after you’re finished with your homelab series, can you show variations ie using a mini pc (elite desk ect) + nas with this arr* setup?
2
Creator
Aug 29, 2025Yes 100% planning on that!
2
Creator
Sep 29, 2025Are you using proxmox?
Sep 29, 2025
Haven’t bought a elitedesk or anything yet. Still planning at the moment but watching all your content
the_networkingwizardTwinGate is also another really great service, and personally find it better than Tailscale.
70
Creator
Aug 29, 2025I was looking it the other day, I'll give it another look
15
the_networkingwizardGood thing with TwinGate is it’s a ZTNA based approach. So by default no one has access to anything, and then you allow “other users” you to have access certain a parts of your network.
1
Creator
Aug 29, 2025I saw that yeah, don't know too much about ZTNA but it's interesting!
bob+1 twingate is fantastic
2
the_networkingwizardZTNA = Zero Trust Network Access , It goes by the PoLP (Principle of Least Privilege). Users aren’t given access to anything and you must specify what users can/have access to. Network Chuck has a great video on TwinGate.
4
Creator
Aug 29, 2025Oh yeah, I remember now, time to play!
_pirolla_I rather stay with the Canadian company, though
3
DejavooooThis all seems easier with your explanations…. Well done
1
Creator
Aug 29, 2025I'm really happy to hear that :)
Second-by-Second Performance
Total viewers and likes aligned with spoken words.