Here’s a clean and concise English guide for setting up Cloudflare Tunnel (cloudflared) to expose your NAS or local service via a subdomain — using the full CLI workflow.
1. Install cloudflared
Download the correct version for your system (e.g., ARM for Raspberry Pi):
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm -O cloudflared chmod +x cloudflared sudo mv cloudflared /usr/local/bin/
Test it:
cloudflared –version
2. Login to Cloudflare
cloudflared tunnel create my-nas
A browser tab will open. Log into your Cloudflare account and select your domain.
3. Create a Tunnel
cloudflared tunnel create my-nas
This generates:
A unique tunnel-id
A credentials JSON file (usually saved to /root/.cloudflared/xxxxxxxx-xxxx.json)
4. Configure the Tunnel
Create the config file:
sudo nano /root/.cloudflared/config.yml
Example config:
tunnel: YOUR_TUNNEL_ID credentials-file: /root/.cloudflared/YOUR_TUNNEL_ID.json ingress: - hostname: nas.yourdomain.com service: http://localhost:80 - service: http_status:404
Replace:
YOUR_TUNNEL_ID with the actual tunnel ID (get it from cloudflared tunnel list)
nas.yourdomain.com with your real subdomain
Step 5 – Configure DNS on Cloudflare
After creating your tunnel, you need to link a subdomain to it via Cloudflare DNS.
You have two options:
✅ Option A: Automatically via cloudflared command
cloudflared tunnel route dns my-nas nas.yourdomain.com
Cloudflare will automatically:
Add a CNAME record to your DNS
Point it to the correct cfargotunnel.com domain
Enable proxying (orange cloud ☁️)
🛠️ Option B: Manually via Cloudflare Dashboard
Go to your Cloudflare DNS settings, and add the following record:
::: tip Cloudflare DNS Record 📌 **Type:** CNAME 🔖 **Name:** nas 🌐 **Target:** `<tunnel-id>.cfargotunnel.com` ☁️ **Proxy:** Enabled (Proxied ✅) :::
📝 Replace
Example:
CNAME nas 123abc456def7890.cfargotunnel.com Proxied ✅
6. Install as System Service
sudo cloudflared service install
This installs the tunnel as a systemd service and enables it to start on boot.
7. Start & Check Status
sudo systemctl start cloudflared sudo systemctl status cloudflared
Logs:
journalctl -u cloudflared -f
Test It
Visit: https://nas.yourdomain.com
Ensure your local NAS service is running (e.g., Nginx/HTTPS enabled)
Port 80/443 must be listening internally, but no port-forwarding is needed.