Welcome to this article, which is a follow-up to my previous post on using MikroTik Container to set up your web hosting. If you haven’t read the previous post, I recommend checking it out first to get an overview of the process. In this article, I’ll expand on the previous post by demonstrating how to make a hosted website accessible and protected online using Cloudflare Zero Trust Tunnel, even if no public IP address is available.
To achieve this, I will walk through the following steps:
- Register for a free Cloudflare account, which is ideal for personal or hobby projects.
- Configure one of my domain names (mikrotik.xyz) to be operated by Cloudflare DNS service.
- Set up the Cloudflare Zero Trust Tunnel by obtaining a token, configuring the public hostnames, and preparing the initial configuration for MikroTik.
- Implement the necessary MikroTik Docker-specific settings.
Please keep in mind that the approach outlined in this article is a high-level overview of the concept, and your specific needs and preferences may require you to adjust the process. I encourage you to use this article as a starting point and tailor the approach to suit your specific requirements.
Cloudflare account
Creating an account in Cloudflare is a simple and straightforward process. To get started, visit their website and follow the instructions to create an account. One of the best things about Cloudflare is that they offer a free subscription, which is perfect for personal or hobby projects.
A domain name in Cloudflare
When it comes to configuring your domain for Cloudflare, there’s a handy guide available to help you through the process. This guide will walk you through the necessary steps to get your domain set up and running on Cloudflare, including importing your DNS records. This can save you a lot of time and effort, and ensure that your domain is properly configured for use with Cloudflare.
Once you’ve completed the configuration process, the final step is to set elliot.ns.cloudflare.com and isla.ns.cloudflare.com as the nameservers for your mikrotik.xyz domain name. This is an important step, as it will ensure that your domain is properly connected to Cloudflare and able to take advantage of all the features and benefits that Cloudflare has to offer. With your domain properly configured, you’ll be able to move on to the next steps of setting up your Cloudflare Zero Trust Tunnel and protecting your website online.
Cloudflare Zero Trust Tunnel
To set up the Cloudflare Zero Trust Tunnel for your website, start by navigating to the Cloudflare Zero Trust dashboard. From there, go to the Access menu and select the Tunnels submenu. Next, click on the “Create tunnel” button to start the process of creating your tunnel.
When setting up your Cloudflare Zero Trust Tunnel, it’s important to remember that the tunnel name is a required field. This name will be used to identify your tunnel within the Cloudflare network, so be sure to choose a name that is both descriptive and easy to remember.
Once you’ve created your tunnel, you’ll need to retrieve the tunnel token configuration. This configuration contains the information you’ll need to set up your MikroTik Docker container to work with the Cloudflare Zero Trust Tunnel.
To retrieve the tunnel token configuration, navigate to the Tunnels page in the Cloudflare Zero Trust dashboard and click on the name of the tunnel you just created. This will bring up the tunnel settings page, where you’ll be able to access the token configuration. Be sure to copy and save this configuration, as you’ll need it later when setting up your MikroTik Docker container.
With your token configuration in hand, you’re ready to move on to the next steps of setting up your MikroTik container and configuring the necessary settings to connect to the Cloudflare Zero Trust Tunnel.
tunnel --no-autoupdate run --token <long_unique_tunnel_id>To set up your public hostnames and configure them to the relevant services, follow these steps:
- Navigate to the Tunnels page in the Cloudflare Zero Trust dashboard and select the tunnel you just created.
- Click on the “Add public hostname” button and select the hostname for your website. For example, if your website is hosted at mikrotik.xyz, select “mikrotik.xyz” in the hostname field.
- Select the relevant service for your hostname. In this case, you’ll want to select the “WordPress” service and point it to the IP address of your MikroTik Docker container, which is 172.1.0.3 based on your scenario.
- Click “Save” to save your changes.
Once you’ve configured your hostnames and services, you’ll need to configure your MikroTik Docker container to work with the Cloudflare Zero Trust Tunnel.
MikroTik initial preparation
To add the needed VETH interface so that your Docker container can communicate with other containers, run the command:
/interface/veth/
add address=172.1.0.5/24 gateway=172.1.0.1 name=CLOUDFLAREThe next step is to add the CLOUDFLARE VETH interface as port of the already created bridge (docker):
/interface/bridge/port/
add bridge=docker interface=CLOUDFLAREDocker-specific settings
To create a container from the official Cloudflare Docker image and use your Cloudflare Zero Trust Tunnel token, replace <long_unique_tunnel_id> with and run:
/container/
add remote-image=cloudflare/cloudflared:latest cmd="tunnel --no-autoupdate run --token <long_unique_tunnel_id>" hostname=cloudflare interfa
ce=CLOUDFLARE logging=yes root-dir=disk1/docker/cloudflare/CLOUDFLARE