Cloudflare Tunnels, NPM and Crowdsec Installation - HomeLab

As promise i will post my step by step setup for my homelab

Prerequisite:
- DNS
- Cloudflare Account (Free)
- Docker
- Debian

1.1 Change DNS nameserver
Setup Cloudflare DNS (If your cloudflare in other DNS Provider follow this https://developers.cloudflare.com/automatic-platform-optimization/get-started/change-nameservers/

1.2 Generate API for SSL
Go to Cloudflare Dashboard -> Manage Account -> Account API Tokens -> Create Token -> Select "Edit zone DNS" Use Template -> Change Token Name -> within Zone Resources Category change domain to your specific domain for tunnel -> Continue to summary - > Keep the API Key Stored we will use it in the future.

2.1 Install Crowdsecurity Example Docker Compose
https://github.com/crowdsecurity/example-docker-compose/tree/main/npm
Follow the description within

2.2 Setup your Nginx Proxy Manager
Default email: [email protected]
Default password: changeme

2.3 SSL Certifications - Let's Encrypt - Cloudflare
Add SSL Certifications
Domain Names: yourdomainname
Email address for Lets Encrypt
> DNS Challenge ✅
> DNS Provider: Cloud Flare
> Paste the API Generated from 1.2
> I Agree ✅

2.4 Add your first proxy
Details
> Domain Name: yourdesirename.<yourdomainname> (SSL Domain should be same)
> Enable Websockets Support

SSL: Select <yourdomainname>

Advanced:
set_real_ip_from 172.35.0.0/24;
real_ip_header CF-Connecting-IP;

Change "172.35.0.0/24" Your Cloudflare Tunnel Private IP, then you are good to go.

Verify Everything if its working:
cd npm/data/logs
tail -f proxy-host-1_access.log

Visit your configured website if your own ip is being logs, also you can ban yourself
docker exec crowdsec cscli decisions add --ip <IP>
docker exec crowdsec cscli decisions remove --ip <IP>

Double check your network if you're in lan or vpn