Expose Proxmox to the Internet Using Cloudflare Tunnel (Zero Trust)


Accessing your Proxmox VE web interface securely over the internet can be challenging, especially if you want to avoid exposing open ports directly or dealing with complex firewall configurations. With Cloudflare Tunnel (Zero Trust), you can safely expose your Proxmox instance using Cloudflare’s edge network, eliminating the need to expose your local IP address or port.
In this article, we’ll walk through a simple and secure setup using Cloudflare Tunnel on a Proxmox LXC container.
🛠️ Prerequisites
A running Proxmox VE host.
A LXC container (Debian/Ubuntu recommended) with internet access.
A registered domain name on Cloudflare.
Proxmox Web UI is reachable locally on port
8006
.
🔧 Step 1: Install cloudflared
in Proxmox LXC
The easiest way to install cloudflared
is to use a verified community script:
📎 Script Source: https://community-scripts.github.io/ProxmoxVE/scripts?id=cloudflared
Installation Command:
bash <(curl -s https://community-scripts.github.io/ProxmoxVE/scripts/cloudflared-install.sh)
Once installed, authenticate and create a tunnel:
cloudflared tunnel login
This will open a browser and ask you to authorize your domain with Cloudflare.
📂 Step 2: Verify Tunnel Configuration Files
After successful login and tunnel creation, use the following command to verify the presence of config files:
ls -a ~/.cloudflared
You should see a file like:
.e9f798b1-86ae-47b0-ac7a-354b5bb41bdc.json
This is your tunnel’s credentials file used for authenticating the service.
✏️ Step 3: Create the Tunnel Configuration
Create or edit the config file:
nano ~/.cloudflared/config.yaml
Paste the following configuration (update with your domain and internal Proxmox IP):
tunnel: e9f798b1-86ae-47b0-ac7a-354b5bb41bdc
credentials-file: /root/.cloudflared/e9f798b1-86ae-47b0-ac7a-354b5bb41bdc.json
ingress:
- hostname: proxmox.example.com
service: https://192.168.1.100:8006
originRequest:
noTLSVerify: true # disables TLS verification for local Proxmox
- service: http_status:404
🔁 Replace:
proxmox.example.com
with your Cloudflare-managed subdomain.192.168.1.100
with your Proxmox host’s local IP.
🌐 Step 4: Configure DNS in Cloudflare
Go to your domain dashboard in Cloudflare:
Navigate to DNS settings.
Add a CNAME record:
Name:
proxmox
TTL: Auto
Proxy status: Proxied (orange cloud)
Cloudflare will now route all traffic from proxmox.example.com
to your local Proxmox IP via the tunnel.
🚀 Step 5: Start the Tunnel
Now run the tunnel service:
cloudflared tunnel run e9f798b1-86ae-47b0-ac7a-354b5bb41bdc
You should now be able to access https://proxmox.example.com from anywhere on the internet with Cloudflare securing the connection.
🔐 Bonus: Enable Zero Trust Rules (Optional but Recommended)
For additional security, consider enabling Cloudflare Access rules:
Go to Cloudflare Zero Trust Dashboard.
Under Access → Applications, add a new application.
Set:
Application URL:
https://proxmox.example.com
Policies: Email, OTP, GitHub, or any other preferred method.
Only authorized users will be able to access your Proxmox dashboard.
✅ Summary
Using Cloudflare Tunnel (Zero Trust), you can:
Expose Proxmox without opening ports.
Keep your local IPs and services secure.
Add identity-based access controls.
📘 No VPNs, no firewall headaches — just secure and fast remote access.
If you’re building a homelab or production environment, this setup ensures zero-trust security and minimal exposure. Try it out and simplify your remote Proxmox management!
Subscribe to my newsletter
Read articles from Kunal Yadavaa directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Kunal Yadavaa
Kunal Yadavaa
"Sudo-ing my way through clouds and containers."