Cloudflare Tunnels

A Cloudflare Tunnel provides secure web connectivity to your Kasm Workspaces instance without requiring a publicly routable IP address or valid external SSL certificate by routing through the Cloudflare service. In this video, we will show you how to configure Kasm Workspaces with Cloudflare Tunnels using your own DNS hostname.

Video Tutorial

If you prefer to follow along with a video tutorial, you can watch this YouTube video that covers the same steps outlined in this guide.

Prerequisites

Important

Before starting, please ensure that you have completed the following steps:

  1. Deployed a Kasm instance.

  2. Registered a DNS domain.

  3. Set up a Cloudflare account.

  4. Connected cloudflare nameservers to your domain provider.

Connecting Your Domain to Cloudflare

The first step is to connect your domain to Cloudflare. To do this, you need to change the name servers for your domain to Cloudflare’s name servers. Here are the steps to follow:

  1. Navigate to the DNS tab on the left-hand side of your Cloudflare dashboard.

../_images/dns.webp

Location of Cloudflare DNS Section

  1. Scroll to the bottom and copy the two Cloudflare name servers.

  2. Log in to your domain provider and replace the existing name servers with the Cloudflare name servers.

Warning

The process of changing your domain’s name servers may take up to 48 hours to propagate.

Setting up the Tunnel

To set up the tunnel after connecting your domain to Cloudflare, follow these steps:

  1. Navigate to the Access tab on the left-hand side of your Cloudflare dashboard and click on the “Launch Zero Trust” button. This will take you to the zero-trust dashboard, where you can access tunnels by clicking the drop-down arrow next to Access and selecting Tunnels.

../_images/access.webp

Location of Cloudflare Tunnels Zero Trust

  1. To install a new tunnel, click on “Create a Tunnel,” give it a name, and click “Save Tunnel.”

  2. Select the Docker tab and copy the provided code.

  3. Paste this code into a text editor of your choice, such as VS Code.

Important

Add “-d” after the “run” section to ensure it runs in the background.

  1. Copy and paste the updated code into your host machine, and you’ll see that it’s now connected.

../_images/code.webp

Example of Code With -d

Note

For more information about installing and configuring Cloudflare Tunnel, you can refer to the official documentation.

Connecting to a Public Host Domain

Once the tunnel is connected and running, you can connect it to a public host domain. To connect your tunnel to a public host domain, follow these steps:

  1. Navigate to your existing tunnel by clicking on the drop-down arrow next to “Access” and selecting “Tunnels.”

../_images/tunnels.webp

Location of Cloudflare Tunnels Tunnels

  1. Find the name of your tunnel and click on it.

  2. Click on the “Configure” button, and then click on “Public Hostname.”

../_images/add_hostname.webp

Location of Cloudflare Tunnels Add Hostname

  1. To create a new tunnel route, enter a subdomain, such as “test,” and select your domain from the dropdown menu.

  2. Leave the path section blank and select “HTTPS” as the service type.

  3. In the URL section, enter the IP address of your Kasm instance.

  4. Click on the “Additional Application Settings” tab.

  5. Enable “No TLS Verify” and “HTTP2 Connection.”

  6. Save the hostname.

Testing the Connection

To test the connection, you can either enter the URL into your search bar or click on the created route and then the external link. Your Kasm Workspaces instance is now accessible via your domain using Cloudflare Tunnels.

Warning

If you are using the RDP local client workspace option, make sure the Restrict RDP Client IP Address setting is disabled in Infrastructure / Zones. If it isn’t may not be able to connect, as the IP stored with the request will differ due to the connection being over the tunnel. If this is the case it will be reported in the Error Logs with a message such as “Invalid Request. Wrong client IP.”

Conclusion

By following the steps outlined in this guide, you can easily configure your Kasm Workspaces with Cloudflare Tunnels and your own SSL certificates for your domain. This allows you to provide secure and convenient access to your Kasm Workspaces instance through your own domain name, with the added benefits of Cloudflare’s CDN and DDoS protection.