Everything you wanted to know about using Cloudflare Zero Trust Argo tunnels for your personal network. For those like me who were still confused even after reading the article, I think this is the lowdown:
- ZT tunnels let you expose private resources/services to the internet (or your users) via Cloudflare’s edge network. You install cloudflared on an internal host, and register a “tunnel” so that requests to a hostname or IP get forwarded securely into your network (similar to tailscale).
- Unlike classic VPNs (which open full network access) or traditional Cloudflare tunnels (which merely publish a service), this approach adds granular access control; you can define exactly who can access which resource, based on identity, device posture, login method, etc.
- It also solves NAT/firewall issues often faced by P2P-based overlays (e.g., Tailscale) by routing everything through Cloudflare’s network, avoiding connectivity failures when peer-to-peer fails.
For in-browser auth you can then use Cloudflare Access, or you can install the cloudflare Warp client which is a VPN-like thing that would give you full control over the access to whatever service(s) you were exposing this way.
I see SO much cloudflare stuff on here, I have to believe they are ads/astroturfing. I can’t understand why so many self-hosting people would tie their services to them. In my mind it completely defeats the point to self hosting in the first place.
I recommend what I use. I have no interest in shilling for any company, opensource or closed. I can understand not liking a company. That’s fine. The animosity is a bit overboard imho, but with 8.4 billion people on this planet, opinions range widely. It works for what I use it for, and when it no longer does, I’ll move on to something else.
shilling or not for something you use is one thing, I made my comment because this post has a guerilla marketing smell to it.
it certainly educated me on their product and even tempted me to use it because of the real-life applications they provided. this is likely the “smell” that makes me distrust it.
top it off, I hate cloudflare because of all the engineers that use it. the unsurmountable percentage of the internet that is entirely dependent on cloudflare staying up is frustratingly apparent (especially recently).
If we were all board execs, maybe you might have a point…I guess. However, we are selfhosters, homelab’ers. As such, no one here will probably be pumping millions of dollars into the Cloudflare machine or attempting to persuade others to do so as well. As I mentioned in another comment, I can only think of around 10 major outages going back 5 years or so. Sure there have been hiccups, glitches, etc. Welcome to the internet. Shit breaks…all of it from time to time.