Expose Your Local Coolify Server with Cloudflare Tunnel

Mustafa Ramadan
Jun 14
4 min read

So you’ve installed Coolify the (open-source Heroku alternative) on your local Ubuntu VM (inside Parallels, VirtualBox, VMware, etc.), exposed ports 80 and 443, everything works perfectly inside your network…

But then… 💀 You try to visit your app from outside like you 4G phone or a friend's device — and boom — nothing loads!

Welcome to the Home ISP Port Blocking Club™.

Yes, some ISPs (especially here in Australia 🇦🇺) block ports 80 and 443 for inbound traffic. They hate hosting freedom 😅

Haven’t installed Coolify yet locally? Check out this full step-by-step guide first: How to run Coolify on your local VM and expose it publicly

I’m currently using this Cloudflare Tunnel setup to expose my Coolify-based staging environment to the internet for free. It’s super useful for sharing demos with clients, testing SSL and routing, and deploying services for review — all without opening ports or dealing with complex firewall rules. Highly recommended for any devs working on self-hosted apps or local CI/CD workflows.

Why Port Forwarding Doesn’t Always Work

Even if you set everything up right:

NAT rules
Coolify is running
You even did the uptime.111.222.33.44.sslip.io trick
Security issues

Still… it doesn’t work from mobile or public internet?

That’s because your ISP blocks web ports, or you’re behind something nasty like Carrier Grade NAT (CG-NAT).

Meet Cloudflare Tunnel — Your New Best Friend

Cloudflare Tunnel (aka cloudflared) is a free tool that lets you securely expose any local server to the internet — without opening a single port.

It works like magic:

Your domain
Free SSL
Free WAF
Free DDoS protection
No port forwarding
No public IP needed
Works even behind strict firewalls ;)

Let’s Set It Up — Step by Step

You’ll have your Coolify dashboard live on a public domain in under 10 minutes. Let’s go!

1. Requirements

Free Cloudflare account → dash.cloudflare.com
A domain (any domain you own — .com, .xyz, whatever)
Your domain must use Cloudflare DNS
Static local IP which is normally similar to: 192.168.1.x

Example: coolify.mydomain.com

Install cloudflared on your Coolify host Ubuntu VM

Step-by-Step via Cloudflare Zero Trust Dashboard (GUI method):

Prefer clicking around instead of CLI? 😎 No problem — Cloudflare gives you a full dashboard flow.

Here’s how to set up your coolify tunnel using Cloudflare Zero Trust:

Go to dash.cloudflare.com, log in to your account, then:

From the homepage, click “Zero Trust”

If it’s your first time, they might ask for a credit card (don’t worry — it’s still free, they just verify your account)

Create Your Tunnel

In the Zero Trust dashboard:

Go to Networks > Tunnels
Click “Create a Tunnel”
Choose “Cloudflared” as your connector type
Give it a name (e.g., coolify_tunnel)
Cloudflare will now show you exact commands to install cloudflared and run the connector

Install and Run Connector

Cloudflare will ask you to choose your operating system and give you the following commands (or similar):

# Add cloudflare gpg key
sudo mkdir -p --mode=0755 /usr/share/keyrings

curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

# Add this repo to your apt repositories

echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared any main' | sudo tee /etc/apt/sources.list.d/cloudflared.list

# install cloudflared
sudo apt-get update && sudo apt-get install cloudflared

After you have installed cloudflared on your machine, you can install a service to automatically run your tunnel whenever your machine starts:

sudo cloudflared service install eyJhIjoiNGRlYz......

Boom — your server is now securely connected to Cloudflare 🎉

Assign a Domain

Back in the dashboard:

After the tunnel is running, go to Public Hostnames
Add a hostname like coolify.mydomain.com
Point it to http://localhost

And in your coolify panel make sure the domain also set as Instance's Domain

Note: Cloudflare will automatically create the DNS record and SSL cert for you, and that’s it — your Coolify dashboard is now live, secure, and globally accessible, no port forwarding needed 👏

Important: Configure SSL/TLS Settings in Cloudflare on coolify for HTTPS Access

To make sure your coolfiy apps (like uptime or Grafana) are accessible over HTTPS, you need to properly configure your SSL/TLS settings in Cloudflare.

Here’s how:

Go to your Cloudflare dashboard
Select your domain
Navigate to SSL/TLS > Overview
Check your encryption mode under “SSL/TLS encryption”

Recommended mode: Full — this ensures secure end-to-end encryption between Cloudflare and your server.

Having issues? (Timeouts, redirect loops, site unreachable?)

If you face problems like:

Connection timeouts
Too many redirects
SSL errors
Site not loading at all

Try switching the mode to Flexible as a quick fix — it disables full backend verification but gets your site online instantly (great for testing).

And yes — all of this is completely free with Cloudflare 😉

Test Your Setup: Install Grafana on Coolify and Access It via Cloudflare Tunnel

Now that your Coolify server is up and running (and securely exposed to the internet with Cloudflare Tunnel 😎), let’s deploy something useful — and good-looking: Grafana the open source Grafana!

Because what’s cooler than watching colorful charts of your server metrics while sipping coffee and pretending you’re in a sci-fi movie?

Open your Coolify dashboard

Head to your instance:

https://coolify.mydomain.com

Create a new project

Click “+ New Project”

Name: grafana

Choose Grafana from the services

and make sure the domain and the configuration are like this:

Add public hostname on cloudflared
Now we need to go to cloudflare tunnels to edit our tunnel and add public hostname record for grafana! like the following:
And taraa we are ready :D we just deployed Grafana with Coolify and run it for free.

Test It Out!

Login: default is admin / admin
You’ll be prompted to change the password
Create your first dashboard, or connect to a data source like Prometheus or Loki

Need help with that too? Maybe a “Grafana + Prometheus + Loki” stack article next? 😉

What About Security?

Don’t worry — Cloudflare Tunnel is end-to-end encrypted, and you get Cloudflare’s DDoS and WAF protection included.

Still, I recommend adding CrowdSec to your server (for bots & abuse protection) + Traefik AppSec WAF for serious app security.

Check my full guide here: 👉 Secure your Coolify server & websites with CrowdSec and Traefik

Need Help?

If you want help setting this up:

Cloudflare Tunnel

Coolify Setup

Hosting + Domain + SSL setups

Firewall + Hardening

Monitoring and alerts

📩 Contact me below 👇 — happy to help you secure and launch your own self-hosted SaaS 🚀