giteaadmin
/
HomeLabDocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
HomeLabDocs/cloudflare-full.md

3.6 KiB
Raw Permalink Blame History

☁️ Cloudflare & Tunnel Configuration - Home Lab

This document outlines the Cloudflare account, tunnel configurations, connector deployments, certificate handling, and service exposure details for secure external access to homelab services.

🌐 Cloudflare Account

Field Value
Email chris.darrigo@gmail.com
Domains Managed wtfsolutions.cc, whatsolutions.us
DNS Provider Cloudflare (nameservers: aspen.ns.cloudflare.com, jeremy.ns.cloudflare.com)
Cloudflare Access Not in use currently

🔒 TLS & Certificate Management

Field Value
TLS Termination Cloudflare Proxy (edge termination)
TLS Mode (wtfsolutions.cc) Full or Full (Strict) (recommended)
TLS Mode (whatsolutions.us) Flexible or Full
Home Assistant Cert Issued by Google Trust Services (CN=WE1)
Nextcloud Cert Issued by Cloudflare Origin CA
Cert Expiry (HA) Sep 20, 2025
Cert Expiry (Nextcloud) Sep 19, 2025
Renewal Automatic (Cloudflare-managed)

🔁 Tunnels & Service Routing

Tunnel 1: nextcloud-tunnel

Field Value
Tunnel ID 18240cbb-71f2-4767-89e7-f6f18186da3b
Connector Location LXC 111 (Nextcloud container)
Version cloudflared 2025.7.0
Binary Path /usr/bin/cloudflared
Config File /root/.cloudflared/config.yml
Tunnel Command cloudflared tunnel --config /root/.cloudflared/config.yml run
Credentials File /root/.cloudflared/18240cbb-71f2-4767-89e7-f6f18186da3b.json

Ingress Rules:

ingress:
  - hostname: drive.whatsolutions.us
    service: http://localhost:11000
    originRequest:
      originServerName: drive.whatsolutions.us
      noTLSVerify: true
      http2Origin: true
      disableChunkedEncoding: true
  - service: http_status:404

Tunnel 2: homeassistant

Field Value
Tunnel ID 8a3cb4ad-4538-4709-bf3c-aa52db05bfc4
Status Created, not actively running
Expected Hostname wtfsolutions.cc
Connector Location LXC 111 (same as Nextcloud + cloudflared)
Config Not registered in config.yml
Expected Routing Home Assistant (192.168.1.36:8123) via tunnel

🔐 Notes

  • cloudflared is installed and managed in LXC 111
  • The config file /root/.cloudflared/config.yml currently runs nextcloud-tunnel only
  • homeassistant tunnel credentials exist but the tunnel is not active (yet)
  • No Cloudflare Access (SSO or 2FA policies) is enforced for either subdomain
  • All service credentials stored in Bitwarden → folder homelab
  • Tunnel routing is HTTP-only behind Cloudflare (TLS at edge)