Setting Up a Cloudflare Tunnel for Owncast on a Local Server

Posted on by

Introduction

Owncast is a powerful open-source streaming server that allows you to self-host your own live-streaming platform. When running Owncast on a local server, exposing it to the internet securely can be a challenge. Cloudflare Tunnel provides a simple and secure way to make Owncast publicly accessible without needing to open ports or configure complex firewall rules.

In this guide, we will set up an Owncast instance in a Docker container and expose it to the internet using Cloudflare Tunnel.

1. Setting Up Owncast in Docker

Prerequisites

Ensure you have the following installed on your local server:

  • Docker and Docker Compose (installation instructions can be found at Docker’s official site)
  • A Cloudflare account with a domain registered

Create a Docker Compose File

Create a directory for Owncast and navigate to it:

mkdir -p ~/owncast && cd ~/owncast

`

Create a docker-compose.yml file:

version: '3'
services:
  owncast:
    image: owncast/owncast:latest
    container_name: owncast
    restart: unless-stopped
    ports:
      - "8080:8080"
    volumes:
      - ./data:/app/data
    environment:
      - "OWNCAST_ADMIN_PASSWORD=your-secure-password"

Start Owncast:

docker-compose up -d

Verify it is running by opening http://localhost:8080 in your web browser.

2. Installing and Configuring Cloudflare Tunnel

Install Cloudflared

On your local server, install cloudflared, the Cloudflare Tunnel daemon.

For Debian/Ubuntu:

wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb

For macOS (Homebrew):

brew install cloudflared

For Windows:

Download the latest cloudflared binary from Cloudflare’s official site and install it.

Authenticate with Cloudflare

Run the following command to log in and authorize your tunnel:

cloudflared tunnel login

This will open a browser window asking you to log into your Cloudflare account and select a domain.

Create and Configure the Tunnel

Create a new tunnel:

cloudflared tunnel create owncast-tunnel

After creation, Cloudflare will generate a tunnel ID. Now, configure the tunnel to route traffic to your Owncast instance.

Create a configuration file:

mkdir -p ~/.cloudflared && nano ~/.cloudflared/config.yml

Add the following configuration:

tunnel: YOUR_TUNNEL_ID
credentials-file: /root/.cloudflared/YOUR_TUNNEL_ID.json

ingress:
  - hostname: stream.example.com
    service: http://localhost:8080
  - service: http_status:404

Save and exit the file.

Run the tunnel:

cloudflared tunnel run owncast-tunnel

3. Configuring DNS for Owncast Access

Add a CNAME Record in Cloudflare

  1. Go to Cloudflare Dashboard > DNS.
  2. Add a CNAME record:
  • Name: stream (or any subdomain you prefer)
  • Target: YOUR_TUNNEL_ID.cfargotunnel.com
  • Proxy Status: Enabled

This links your domain to the Cloudflare Tunnel.

4. Testing and Finalizing the Setup

Verify the Tunnel

To check if the tunnel is running properly, use:

cloudflared tunnel list

You should see your owncast-tunnel listed and active.

Access Owncast Publicly

Now, visit https://stream.example.com in a browser. Your Owncast instance should be accessible without requiring port forwarding.

Troubleshooting

  • If the site doesn’t load, check the Cloudflare Tunnel logs:
  journalctl -u cloudflared -f
  • Ensure your DNS record is properly configured in Cloudflare.
  • Restart the tunnel if needed:
  cloudflared tunnel run owncast-tunnel

Conclusion

With this setup, your Owncast streaming server is securely accessible via Cloudflare Tunnel without exposing your local network to the internet. This method avoids the need for port forwarding and enhances security while ensuring reliable access to your stream.

Enjoy your self-hosted streaming with Owncast!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.