Exposing homelab services to the internet with Cloudflare Tunnel

Fri, 27 Mar 2026 18:24:00 +0000

In the previous post, I showed how SSH-J.com solves a specific problem: accessing a machine behind NAT via SSH, without opening ports on the router and without relying on a public IP. The reverse tunnel works well for interactive sessions and file transfers, and SSH-J.com as a jump host makes everything trivial to configure. For SSH, it remains the simplest solution I know.

But SSH is just one piece of the puzzle. Anyone who maintains a homelab — even if it’s just a mini PC under the desk or a Raspberry Pi in the corner of the room — inevitably ends up running web services: an RSS reader, a monitoring dashboard, a Gitea, a Jellyfin, an Immich. These services listen on local HTTP ports and work perfectly as long as you’re on the same network. The problem appears when you want to access them from outside — from the office, from your phone on the bus, from anywhere that isn’t your local network.

SSH Behind NAT? SSH-J.com Solves It.

Wed, 25 Mar 2026 22:26:00 +0000

You work remotely, have a server at home, a Raspberry Pi running services, or a machine at the office you need to reach every now and then. The scenario is common and the obvious solution is SSH — already installed, secure, and battle-tested for decades. The problem is that between your machine and the rest of the internet sits a router, a NAT, and possibly an ISP that does not give you a fixed public IP or blocks incoming ports. Suddenly, the most reliable protocol in system administration becomes unreachable from outside your local network.

Ssh on /var/log/janio

Exposing homelab services to the internet with Cloudflare Tunnel

SSH Behind NAT? SSH-J.com Solves It.