Securing Your WordPress Website on Raspberry Pi with Cloudflare Tunnel
You're halfway through releasing your website to the public from your Raspberry Pi. Before proceeding, ensure you have the following essentials:
- Raspberry Pi with a WordPress site installed.
- Nginx server configured on the Raspberry Pi.
- An active Cloudflare account.
- A registered domain.
Step 1: Update DNS Records in Your Domain Dashboard
- Log in to Cloudflare: Access your Cloudflare dashboard.
- Add Your Domain: Go to the “Websites” section and register a new domain.
- Update DNS Settings: Follow the on-screen instructions to update the DNS records on your domain registrar’s dashboard with the nameservers provided by Cloudflare.
- Wait for Propagation: DNS changes can take some time to propagate. Once the nameservers are updated and Cloudflare has authorized your domain, you're ready to move on.
If you have any doubts about these steps, feel free to ask in the comments section.
Step 2: Install the Cloudflared Daemon on Raspberry Pi
-
Download Cloudflared: Depending on your Raspberry Pi architecture, use the appropriate
wget
command to download Cloudflared:
- For ARMv7 (Raspberry Pi 2 and 3):
```bash
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm
```
- For ARMv6 (Raspberry Pi Zero):
```bash
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-armv6
```
- For ARM64 (Raspberry Pi 3/4 with 64-bit OS):
```bash
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
```
-
Move the Downloaded File:
sudo mv cloudflared-linux-arm /usr/local/bin/cloudflared
(Adjust the filename if you downloaded a different architecture version.)
-
Make the Binary Executable:
sudo chmod +x /usr/local/bin/cloudflared
-
Verify Installation:
cloudflared --version
Step 3: Authenticate Cloudflared with Cloudflare
-
Log in to Cloudflare:
cloudflared login
Authorize Cloudflared: Copy the URL displayed in the terminal and open it in your browser. Select your domain in Cloudflare and click Authorize. Make sure you're already logged in to your Cloudflare dashboard to complete this step seamlessly.
Step 4: Create a Secure Tunnel
-
Create the Tunnel:
cloudflared tunnel create mywpsite
Save Important Details: Make a note of the tunnel ID and the path to the JSON file generated. You’ll need these later.
Step 5: Configure Cloudflared
-
Create a Configuration File:
sudo nano ~/.cloudflared/config.yml
-
Add Configuration Details:
Replace the placeholders with your actual tunnel UUID, JSON file path, domain, and Raspberry Pi IP address:
tunnel: your-tunnel-uuid credentials-file: /home/pi/.cloudflared/your-tunnel-uuid.json ingress: - hostname: yourdomain.com service: http://your-raspberry-pi-ip-address - service: http_status:404
Note: Ensure you update
pi
with the correct username and remove any trailing slashes from the IP address (e.g.,http://192.168.*.*
is correct). Save and Exit: Press
CTRL + X
, thenY
, and hitEnter
to save the configuration.
Step 6: Create DNS Entry in Cloudflare
-
Route DNS:
cloudflared tunnel route dns mywpsite yourdomain.com
Troubleshooting Tip: If you encounter an error, log in to your Cloudflare dashboard, delete any existing DNS records for your domain, and run the command again.
Step 7: Run the Cloudflare Tunnel
-
Start the Tunnel:
cloudflared tunnel run mywpsite
Verify: Visit
https://yourdomain.com
to ensure your site is live and accessible.
If your network changes and local ip changes, just login to the tunnel in cloudflare and change the local ip their itself and will work as same before.
Step 8: Update WordPress Settings
-
Access WordPress Admin: Go to
http://your-raspberry-pi-ip-address/wp-admin
and log in. -
Update URLs: Under Settings > General, update both the WordPress Address and Site Address to
https://yourdomain.com
.
Step 9: Run Cloudflare Tunnel as a Service
-
Move Configuration File:
sudo mv /home/pi/.cloudflared/config.yml /etc/cloudflared/
-
Install as a Service:
sudo cloudflared service install
By running Cloudflared as a service, your Raspberry Pi will automatically start the Cloudflare tunnel whenever it reboots, ensuring continuous availability of your site.
With these steps completed, your WordPress site on Raspberry Pi is securely accessible from the internet, complete with SSL encryption, thanks to Cloudflare Tunnel.
Will share more update regarding a updated version on this setup if it works soon. Stay tuned, will host a real website with multiple webpages.
Top comments (0)