Cloudflare free tier for home use
A good practice if you expose something from your local network to internet is to go through service like Cloudflare, so you get extra protection. This way you are not going to expose your public API neither.
I have registered a new domain that will be used for the services exposed with Google Domains. Keep in mind that you can register directly with Cloudflare, but I already have domains with Google and this is why registered it there. I just need to change the name servers in Google to point to Cloudflare.
Let’s first go into the Cloudflare and add the site.
Then click on Setup that will show under the search. It will bring you to a page to select a plan. We are going to select the free plan at the bottom.
Click on Continue.
It brings you to a page where you need to configure the DNS on the Cloudflare side. You still need to change the Name servers in Google or the registar you are using.
Click on Continue.
Here you are being told that the name servers has to be replaced. Let’s do it.
Click on Save and then on Switch to these settings.
Back in Cloudflare click on Done, check nameservers button.
In my case it went to the next screen and also received an email to confirm it is active.
Here is up to you if you want to configure the recommendations. I have enabled both of them.
Now it is time to create some DNS records and point them to your public IP address. If you don’t know it open this website and you sill see it. Go to DNS in the menu. Click on the Add record button. In there fill your information. Name is the subdomain or if you want to point the domain itself use @. IPv4 address is your public IP address.
Click on Save.
Now it is time to create an API token in Cloudflare, so we can automate the Let’s Encrypt certificate creations in Nginx in the local network. Open My Profile.
Go to API Tokens -> Create Token
Click on Use template for Edit zone DNS. In the Zone Resources, select your domain.
Click on Continue to summary.
Click on Create Token and you will have it. Make sure to save it in a secure place.
Let’s improve the security settings for the SSL/TLS. Make the encryption Full. And enable the SSL/TLS Recommender to receive email from Cloudflare with recommendations.
In the local network I have NginX reverse proxy already configured so I can create Let’s encrypt certificate there as well using the API key we got in the previous step. You can see here about the NginX configuration.
I have configured the SSL in Nginx Proxy Manager running in my local network and forwarded to a container to see that it goes through. Here is the result: