Cloudflare Tunnel for TrueNAS Access

Securely access my NAS web interface using a public domain without opening ports. Achieved using the Cloudflare Tunnel app on TrueNAS SCALE.

1. Goal

Expose nas.bikrambhujel.com.np to the internet so I can access TrueNAS from anywhere securely, without using port forwarding.

2. Requirements

• Domain: bikrambhujel.com.np (added to Cloudflare DNS)
• TrueNAS SCALE with app support
• Cloudflare account
• Cloudflare Tunnel app installed from TrueNAS Apps catalog

3. DNS Configuration

In Cloudflare Dashboard, added nas.bikrambhujel.com.np as a subdomain. Let the tunnel create a CNAME record automatically pointing to Cloudflare’s tunnel endpoint.

4. TrueNAS App Installation

Steps:

1. Go to TrueNAS SCALE web interface.
2. Navigate to Apps > Available Applications.
3. Search for Cloudflare Tunnel.
4. Click Install.

Key fields configured:

• Tunnel Name: nas-access
• Local Service URL: http://XXX.XXX.XXX.XXX:XXXX (TrueNAS IP and GUI port)
• Public Hostname: nas.bikrambhujel.com.np
• Mounted config path under: /mnt/dockge/config/cloudflare/

5. Resulting config.yaml

The app generated this inside the mounted dataset:

tunnel: <tunnel-uuid>
credentials-file: /etc/cloudflared/<tunnel-uuid>.json

ingress:
  - hostname: nas.bikrambhujel.com.np
    service: http://XXX.XXX.X.XXX:XXXX
  - service: http_status:404

You can find this at Pool/mnt/config/cloudflare/config.yaml

6. Access Test

From any browser, opened:
https://nas.bikrambhujel.com.np
Confirmed it loads TrueNAS dashboard securely.

7. Benefits

• No need to open ports or configure firewall
• End-to-end encryption (TLS)
• Public access controlled via Cloudflare
• Easy to add more subdomains/services in future

8. Future Enhancements

• Protect with Cloudflare Access login policy
• Add apps like Jellyfin, Immich using same tunnel
• Document all subdomain routes in one config.yaml