First things first. Click around this site a bit. Pretty speedy right? You wouldn't think that possible on a Raspberry Pi on a home internet connection. Well with the proper caching anything is possible! Additionally, I didn't have to poke any holes through my firewall. Only one service can get to my Pi, and that's Cloudflare. This makes it performant and secure.
First things first
- You will need a Raspberry Pi, I have a Pi4 with 4gb of ram. This is overkill, but I had it leftover from a digital signage project. Any Pi4 should do.
- Flash the SD card with the latest version of Ubuntu Server. If you need help they provide a fantastic getting started guide here.
- Power it up run it over ethernet. You can get it working with Wireless but it won't perform at its best.
- SSH in to the IP address your home router assigned to the pi:
ssh [email protected]
- Change your password into something secure
- Update packages with
sudo apt updateand
sudo apt upgradeand then restart the Pi and log back in.
- Set up a free account at Cloudflare and if you are ready to point your domain/subdomain to your Pi update nameservers.
Set up NGINX
sudo apt install nginx
- Enable proper firewall rules:
sudo ufw allow 'Nginx Full'
- Confirm status:
sudo ufw status
Get Cloudflared Running
- Now for the fun stuff. Lets get NGINX and Cloudflared installed but first we need Go a programming language from Google by using this command:
sudo apt-get install golang
- Now grab the latest version of Cloudflared:
go install github.com/cloudflare/cloudflared/cmd/cloudflared
- Check that its installed with
cloudflared — versionyou should see something like this in response: cloudflared version 2020.7.1
- Now you login with Cloudflare:
cloudflared tunnel loginin your normal computer browser, you don't; have to do with your Pi and pick the domain you want to have tunneled. Once this is done the cert shoud auto apply.
- Test that you have it working with a default site by running this command:
cloudflared — hostname yourdomainname.com http://localhost:80after a minute or two your domain name should resolve to the default NGINX site.
- Congrats you are now tunneling traffic from the general web, through Cloudfare directly to your Pi. With all the protections and speed benefits offered by Cloudflare.
Ghost has provided excellent documentation here. Follow their guide and come back here.
You will not be able to preview your Ghost install in a browser, just make sure Ghost is running on the Pi itself. You can verify this with
ghost status and possible fix issues with
Tie It All Together
Now that you have Ghost and Cloudflared running you need to tie the 2 together and run Cloudflared as a service.
- To start the service up and running follow this
- Don't forget copying the cert to
- Set up your
config.ymlfile by creating a new file in the cloudflared folder and putting data such as this.
hostname: tunnel.yourdomain.com url: https://localhost:2368 logfile: /var/log/cloudflared.log
- Make sure the port number matches the port number you get back from
- Restart the service
systemctl service restart cloudflared
- Wait about a minute, and if all is well you should see the default Ghost site show up on your custom domain name! Voila!
- Navigate over to yourdomain.com/ghost and set up an initial user
That is really all there is to it. It sounds like a lot, but not counting package installion time this takes about 3o minutes and provides a pretty high performance little website that you have full control over for no cost! I hope you enjoyed this, please reach out on Twitter if you have any questions.
If you get stuck, these commands may help:
systemctl status nginx this tells you the current status of NGINX
sudo systemctl stop nginx stops NGINX, you can also replace stop with
journalctl -xe view log entries of most recent Cloudflared activity
ghost status report on Ghost's status.
If you have to copy the cert from your personal computer to the Pi. Open a new terminal window and use a command like this:
scp cert.pem [email protected]5:/etc/cloudflared to copy the cert from your computer to the Pi.