Securing Your WordPress Website on Raspberry Pi with Cloudflare Tunnel

You're halfway through releasing your website to the public from your Raspberry Pi. Before proceeding, ensure you have the following essentials:

1. Raspberry Pi with a WordPress site installed.
2. Nginx server configured on the Raspberry Pi.
3. An active Cloudflare account.
4. A registered domain.

Step 1: Update DNS Records in Your Domain Dashboard

1. Log in to Cloudflare: Access your Cloudflare dashboard.
2. Add Your Domain: Go to the “Websites” section and register a new domain.
3. Update DNS Settings: Follow the on-screen instructions to update the DNS records on your domain registrar’s dashboard with the nameservers provided by Cloudflare.
4. Wait for Propagation: DNS changes can take some time to propagate. Once the nameservers are updated and Cloudflare has authorized your domain, you're ready to move on.

If you have any doubts about these steps, feel free to ask in the comments section.

Step 2: Install the Cloudflared Daemon on Raspberry Pi

1. Download Cloudflared: Depending on your Raspberry Pi architecture, use the appropriate wget command to download Cloudflared:

- For ARMv7 (Raspberry Pi 2 and 3):

```bash
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm
```

- For ARMv6 (Raspberry Pi Zero):

```bash
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-armv6
```

- For ARM64 (Raspberry Pi 3/4 with 64-bit OS):

```bash
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
```

1. Move the Downloaded File:
   

   sudo mv cloudflared-linux-arm /usr/local/bin/cloudflared
   

   (Adjust the filename if you downloaded a different architecture version.)

2. Make the Binary Executable:
   

   sudo chmod +x /usr/local/bin/cloudflared
   

3. Verify Installation:
   

   cloudflared --version
   

Step 3: Authenticate Cloudflared with Cloudflare

1. Log in to Cloudflare:
   

   cloudflared login
   

2. Authorize Cloudflared: Copy the URL displayed in the terminal and open it in your browser. Select your domain in Cloudflare and click Authorize. Make sure you're already logged in to your Cloudflare dashboard to complete this step seamlessly.

Step 4: Create a Secure Tunnel

1. Create the Tunnel:
   

   cloudflared tunnel create mywpsite
   

2. Save Important Details: Make a note of the tunnel ID and the path to the JSON file generated. You’ll need these later.

Step 5: Configure Cloudflared

1. Create a Configuration File:
   

   sudo nano ~/.cloudflared/config.yml
   

2. Add Configuration Details:
   Replace the placeholders with your actual tunnel UUID, JSON file path, domain, and Raspberry Pi IP address:
   

   tunnel: your-tunnel-uuid
   credentials-file: /home/pi/.cloudflared/your-tunnel-uuid.json
   ingress:
    - hostname: yourdomain.com
      service: http://your-raspberry-pi-ip-address
    - service: http_status:404
   

   Note: Ensure you update pi with the correct username and remove any trailing slashes from the IP address (e.g., http://192.168.*.* is correct).

3. Save and Exit: Press CTRL + X, then Y, and hit Enter to save the configuration.

Step 6: Create DNS Entry in Cloudflare

1. Route DNS:
   

   cloudflared tunnel route dns mywpsite yourdomain.com
   

   Troubleshooting Tip: If you encounter an error, log in to your Cloudflare dashboard, delete any existing DNS records for your domain, and run the command again.

Step 7: Run the Cloudflare Tunnel

1. Start the Tunnel:
   

   cloudflared tunnel run mywpsite
   

2. Verify: Visit https://yourdomain.com to ensure your site is live and accessible.

If your network changes and local ip changes, just login to the tunnel in cloudflare and change the local ip their itself and will work as same before.

Step 8: Update WordPress Settings

1. Access WordPress Admin: Go to http://your-raspberry-pi-ip-address/wp-admin and log in.
2. Update URLs: Under Settings > General, update both the WordPress Address and Site Address to https://yourdomain.com.

Step 9: Run Cloudflare Tunnel as a Service

1. Move Configuration File:
   

   sudo mv /home/pi/.cloudflared/config.yml /etc/cloudflared/
   

2. Install as a Service:
   

   sudo cloudflared service install
   

By running Cloudflared as a service, your Raspberry Pi will automatically start the Cloudflare tunnel whenever it reboots, ensuring continuous availability of your site.

With these steps completed, your WordPress site on Raspberry Pi is securely accessible from the internet, complete with SSL encryption, thanks to Cloudflare Tunnel.

Will share more update regarding a updated version on this setup if it works soon. Stay tuned, will host a real website with multiple webpages.