Using Cloudflare Zero Trust to Expose Services

Cloudflare Zero Trust (formerly Cloudflare Access) provides enterprise-grade secure access control, suitable for users who need higher security and performance.

Why choose Cloudflare Zero Trust?

• ✅ Enterprise-grade security: Multi-layer identity authentication
• ✅ Global CDN: Low-latency access
• ✅ Fine-grained control: Rule-based access control
• ✅ Audit logs: Detailed access records
• ✅ DDoS protection: Automatic attack protection

In addition to using Tailscale, you can also choose to use Cloudflare Tunnel to securely expose your TeslaMateAPI service. Cloudflare Tunnel provides a secure way without the need to open firewall ports or configure complex network settings.

Setup Guide

Prerequisites

1. Register a Cloudflare account
2. Add your domain to Cloudflare and change nameservers
3. Have TeslaMateAPI running on localhost:8080

Step 1: Create a Tunnel

1. Log in to Zero Trust Dashboard
2. Navigate to Networks > Tunnels
3. Click Create a tunnel
4. Choose Cloudflared for the connector type and select Next
5. Enter a descriptive name for your tunnel (e.g., teslamate-api-tunnel)
6. Click Save tunnel

Step 2: Install and Run Cloudflared

1. Select your operating system from the environment options
2. Copy the installation command provided
3. Run the command in your terminal to install and connect cloudflared
4. Wait for the connector to appear in the Zero Trust dashboard
5. Click Next when the connector is active

Step 3: Configure Public Hostname

1. In the Public Hostnames tab, click Add a public hostname
2. Configure the hostname:
   • Subdomain: Enter your desired subdomain (e.g., teslamate-api)
   • Domain: Select your domain from the dropdown
   • Service: Enter http://localhost:8080 ⚠️ Important: Use HTTP, not HTTPS
3. Under Additional application settings, configure any needed parameters
4. Click Save hostname

Service Configuration

Make sure to use http://localhost:8080 (not https://) as the service URL, since TeslaMateAPI typically runs without SSL internally.

Step 4: Test and Configure Mytesla

1. Your API is now accessible at https://your-subdomain.your-domain.com
2. Test the connection:

   curl https://your-subdomain.your-domain.com/api/ping
   # Should return: {"message": "pong"}

3. In Mytesla.cc, go to Settings → TeslaMate
4. Enter your API URL: https://your-subdomain.your-domain.com
5. Add your API token if configured
6. Test the connection
7. You can also manually verify by visiting https://your-subdomain.your-domain.com/api/ping in your browser - it should return {"message": "pong"}

API Verification

The /api/ping endpoint is specifically for verifying that the TeslaMateAPI service is accessible and working correctly. A successful response of {"message": "pong"} indicates the service is functioning properly.

Reference Documentation

For detailed operation guide, please refer to Cloudflare official documentation:

• Cloudflare Tunnel Getting Started Guide
• Create Tunnel (Dashboard)
• Configure Tunnel