# install os raspberry pi without GUI via raspberry pi imager
+ select the OS
+ In Raspberry Pi Imager, Choose [OS]
+ go to [Raspberry Pi OS (other)]
+ Select [Raspberry Pi OS Lite (32-bit) – Bookworm]
+ this version has no GUI, only terminal (headless).
# cloudflare without ip public, in raspberry
+ Check the Raspberry Pi architecture
+ cd /etc/ssl/cloudflare
+ uname -m
+ if armv7l
+ wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm
+ chmod +x cloudflared-linux-arm
+ sudo mv cloudflared-linux-arm /usr/local/bin/cloudflared
+ check version
+ cloudflared version
+ setup cloudflare tunnel
+ cloudflared tunnel login
+ output :
====================================================================================================================================================
Please open the following URL and log in with your Cloudflare account:
https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%2FK0SyqZ5kDoVWV-pHrTUwTZ3UiLDDSjXLQsEcGSwKbF8%3D
Leave cloudflared running to download the cert automatically.
2026-01-08T06:19:24Z INF Waiting for login...
2026-01-08T06:19:30Z INF You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pem
====================================================================================================================================================
+ The browser will open → select: nurulhudapulomas.org
+ Create tunnels
+ cloudflared tunnel create raspi
+ output
================================================================================================================================================================================================================================================
Tunnel credentials written to /root/.cloudflared/6d5b9300-9ea2-43f9-9f24-b2c2aad42de1.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.
Created tunnel raspi with id 6d5b9300-9ea2-43f9-9f24-b2c2aad42de1
================================================================================================================================================================================================================================================
+ create config
+ mkdir -p /etc/cloudflared
+ nano /etc/cloudflared/config.yml
===================================================
tunnel: raspi
credentials-file: /etc/cloudflared/raspi.json
ingress:
- hostname: nurulhudapulomas.org
service: https://localhost:3000
- service: http_status:404
===================================================
+ create raspi.json
+ mv /root/.cloudflared/cert.pem /root/.cloudflared/cert.pem1 -> rename certificate ever made
+ mkdir -p /etc/cloudflared
+ mv /root/.cloudflared/*.json /etc/cloudflared/raspi.json
+ ls -l /etc/cloudflared -> verify
+ Create DNS via command -> from raspi
+ cloudflared tunnel route dns raspi nurulhudapulomas.org
+ output
===========================================================================================================================================
2026-01-08T06:50:38Z INF Added CNAME nurulhudapulomas.org which will route to this tunnel tunnelID=6d5b9300-9ea2-43f9-9f24-b2c2aad42de1
===========================================================================================================================================
+ running tunnel
+ cloudflared tunnel run raspi
+ running as service in system
+ cloudflared service install
+ output :
===============================================================================
2026-01-08T06:42:52Z INF Using Systemd
2026-01-08T06:43:04Z INF Linux service for cloudflared installed successfully
===============================================================================
+ systemctl enable cloudflared
+ systemctl start cloudflared
+ systemctl restart cloudflared -> after updated script service
+ systemctl status cloudflared -> status cloudflared service
+ test after DNS setting updated
+ Wait ±30 seconds, then:
# update cert
+ mv /root/.cloudflared/cert.pem /root/.cloudflared/cert.pem.old
+ cloudflared tunnel login
+ cloudflared tunnel delete raspi
+ cloudflared tunnel create raspi
# troubleshoot timeout connection
+ nano /etc/resolv.conf
+ input this below:
=============================
nameserver 1.1.1.1
nameserver 8.8.8.8
=============================
+ chattr +i /etc/resolv.conf -> add immutable flag
+ chattr -i /etc/resolv.conf -> remove immutable flag
+ nano /etc/sysctl.conf
+ add this at the bottom:
=======================================
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
=======================================
+ sysctl -p
+ getent hosts region1.v2.argotunnel.com
+ cloudflared tunnel run raspi -> start tunner again
# force cloudflared to use IPv4
+ nano /etc/cloudflared/config.yml
+ add protocol: http2
===================================================
tunnel: raspi
credentials-file: /etc/cloudflared/raspi.json
protocol: http2
ingress:
- hostname: nurulhudapulomas.org
service: https://localhost:3000
- service: http_status:404
===================================================
+ nano /etc/resolv.conf
+ Use Cloudflare IPv4 DNS only:
===========================================
nameserver 1.1.1.1
nameserver 1.0.0.1
===========================================