Cloudflare Tunnels and NPM + Crowdsecurity

Arnieno Maraan

26 Mar 2025 — 1 min read

Architecture of my homelab proxmox cloudflare exposed tunnels,
Client -> Cloudflare Tunnels -> NPM -> Crowdsecurity -> Return

Cloudflare Tunnels and NPM + Crowdsecurity
Porkbun DNS

Prerequisite:
DNS
Cloudflare Account (Free)
Docker
Debian

Install Crowdsecurity Example Docker Compose NPM + Crowdsec Template:
https://github.com/crowdsecurity/example-docker-compose/tree/main/npm

Setting up Cloudflare SSL Certificate
https://gist.github.com/prateekrajgautam/75afbaa9bcda8eb1dfb6b5ceecd25e8c

Dont mind 2.2 its just your ip address, check comment discussion your everything needs

When adding "New Proxy Host" Within NPM, add this additional config within "Advanced" tab

set_real_ip_from 172.35.0.0/24;
real_ip_header CF-Connecting-IP;

Change "172.35.0.0/24" Your Cloudflare Tunnel Private IP, then you are good to go.

After adding everything, check your crowdsec logs

npm/data/logs
tail -f proxy-host-1_access.log

visit your configured website if your own ip is being logs, also you can ban yourself

docker exec crowdsec cscli decisions add --ip <YOURIP>
docker exec crowdsec cscli decisions remove --ip <YOURIP>

Double check your network if you're in lan or vpn

More Detailed Documentation on next post, 5:12AM 3/27/2025 PHT Need to sleep just post these so i wont forget :> Night

Behind the Scenes: What I Accomplished at Chess Learning Academy

in my previous post i discuss about web dev small project now lets continue what behind the scene what i accomplished within. chesslearnigacadey lets call it CLA, within CLA, i start to have explore Google Suites, mainly within Google Sheets and Appscript and automation make/n8n. With those tools i

Cloudflare Tunnels, NPM and Crowdsec Installation - HomeLab

As promise i will post my step by step setup for my homelab Prerequisite: - DNS - Cloudflare Account (Free) - Docker - Debian 1.1 Change DNS nameserver Setup Cloudflare DNS (If your cloudflare in other DNS Provider follow this https://developers.cloudflare.com/automatic-platform-optimization/get-started/change-nameservers/ 1.2

Web Dev Small Project

My brother start a chess tutor online chesslearningacademy.com with scheduling of free trial and they have multiple teachers, i handle DNS via Porkbun + Hostinger Wordpress, and other data thru google sheets My brother hire someone to work on wordpress, before that i have already DNS then transfer it into

The Story of My Homelab: How It All Began

My brother influenced me when it comes to homelab he bought NUC, with that i joined different community selfhosted reddit, homelab reddit, and start appreciate open source community. That being said i saw tinyminimicro by servethehome and start research what available items in my country. I bought Micro Dell Optiplex

Read more

Behind the Scenes: What I Accomplished at Chess Learning Academy

Cloudflare Tunnels, NPM and Crowdsec Installation - HomeLab

Web Dev Small Project

The Story of My Homelab: How It All Began