This guide will help you with finding the port, setting up correct firewall rules and adding it to cloudflare. I’m going to skip important Cloudflare steps as this is purely aimed add users who already now how to use Cloudflare tunnels but are stuck at the YunoHost part.
Important:
- If Cloudflared (your tunnel), is running on the same machine as YunoHost, skip part 2 and 3. If Cloudflared is running in the same network on a different machine/host, then step 2 is mandatory.
Step 1 (find the port of the application):
- Go to the YunoHost admin page
- Click on Tools < services: look for the application that you want to host through the tunnel, click on the application.
- Now on this new page, you should see “Journalctl (logs)”, in the logs it will tell you which port it is.
Step 2 (Open the port with the firewall)
- Go back to the YunoHost admin page
- Click on Tools < Firewall
- Scroll down towards “Operations”
- Fill in the port and click save, after a couple of seconds you will see that the port is added and open.
Step 3 (test it)
Step 4 (Cloudflare)
- I’m skipping many steps here as explained in the beginning.
- On the Public Hostname Page of the Cloudflare tunnel, add the following under service:
Type: HTTP
URL: IpOfYunoHost:PortOfApplication
Note: If you have any questions, feel free to ask and I will try my best to help you.
hello,
i’m quite stuck here with cloudflare tunnel and yunohost. i use cloudflare tunnel to serve many apps on my proxmox server but it looks impossible to make it work with yunohost.
How do you setup domain name on yunohost to make this work ? or do you have to setup a cloudflare domain name or subdomain ?
it seems that when you add hostname to an app inside yunohost, it directly requests a certificate witch seems useless with tunnels.
Moreover some apps configurations need a domain to setup their own web interface (vikunja, wallabag, …) so i you dont setup the hostname correctly you dont have access to anything
could you explain a little more detailed procedure how to setup yunohost domains ? do we have to set .local domains ?
I got this working today. Do you still help?
Hi there … I have exactly the same issue. I’m running a yunohost server and would like to avoid punching firewall holes. Cloudflare tunnels have saved me for other applications but there are so many Yunohost ports than seem to be needed (I dont need email) so I’m not sure Cloudflare Tunnels will work…I’ll be interested to see if you have this working?
I am replying because I fought this for a week before I finally figured out how to make it work. There is no port information in my Journalctl (log) file that I could see. I finally figured I should poke around in the nginx config files on the machine running YunoHost. I found what I was looking for in /etc/conf.d/name.of.app.d/ (in this case it was goto social I was looking for).
Inside that directory was a gotosocial.conf file. View it (but don’t edit it). Right near the top is a line that read: proxy_pass http ://127.0.0.1:XXXXX
The :XXXXX is the port number.
You’ll need to add it to your ‘service’ line on the cloudflared config.yml file. In my case I added ‘service: http ://localhost:XXXXX’ under my goto social subdomain in my config.yml file.
I hope this helps someone (or even me when I eventually forget what I did and Google it again) down the line.
UDATE: This trick worked for the GoTo Social app but did NOT work for the Bonfire app. For Bonfire I had to view /etc/yunohost/apps/bonfire/settings.yml
But that trick did NOT work for my WordPress or Roundcube installations. So finding the port number to link my tunnel to (http : // localhost:XXXX) is turning into a nightmare. This might be what drives me from Yunohost and trying to run things with Docker containers instead.
I solved it after weeks of banging my head into the wall! The way to connect apps through a Cloudflare Tunnel, HAS to be done on the Cloudflare web site (ignore the Cloudflared config.yml file).
This is assuming you already have your tunnel set up correctly - you need to set your Route in the Zero Trust pages and not your main “front” page of options. So log into your Cloudflare account. On the main front page there is a list of options on the left side of your screen. Click on the Zero Trust link towards the bottom of the list. This takes you to a new page with a new set of options on the left. Click the carrot to expand the menu under Networks (near the top). Then select Connectors under that.
You should now see your Tunnel Name listed on the main page. Click on it. Now you should see a page with info about your Tunnel. Near the top there are options running across the page. “Overview - CIDR routes - Hostname routes - Published application routes - Live logs”. Click on Published application routes.
On the next screen, click the “Add a published application route” button. This will bring up a screen that allows you to enter a subdomain at the top, a path if you need a path. Then at the bottom there is a spot to enter the service to load with the subdomain above. For Type - you MUST use HTTPS and for URL, use what is expected on your Yunohost server to launch the app. In my case it was Friendica so HTTPS :// friendica . DOMAIN . TLD
This is the critical step: Click on the “Additional Application Settings below the Service line. At the top, click on the TLS option. Look for the toggle switch labeled No TLS Verify and turn it on. Scroll down and save your settings. You should now be able to access your page/app from the outside world.
Explanation: I am behind a CGNAT with no port forwarding possible. A constantly changing IP address from my ISP. Which means Let’s Encrypt simply doesn’t work on my Yuno server. Cloudflare is handling the proxying and encrypting/certification. This is the only way I could figure out how to make my Yuno apps that share port 80/443 work.
I hope this helps someone else out!