Exposing web services to the internet requires a static IP which can then be mapped to a domain name making it accessible over the internet. There are services that enable us to do the same without the need for a static IP.

Cloudflare Tunnel

  • Cloudflare tunnel makes use of a deamon called cloudflared running on the machine which is running a service that needs to be exposed to the internet.
  • cloudflared creates an outbound connection to the cloudflare network.
  • Cloudflare tunnel can expose any kind of protocols to the web.
  • Since there is no static ip and the machine is not exposed directly the attack surface small/non-existant.
  • Any attack should bypass the cloudflare network security if a service is exposed through the cloudflare tunnels.
  • The Image below shows how cloudflare tunnel works.

NGROK