I have a router at home which checks for the host header of the incoming request, meaning I need to access the routers web interface either by IP or the name given from the provider, such as `router.local`. However, I also want to access my router via Cloudflare tunnel securely, which is awesome if I need to help out family and friends.

I have a raspberry pi zero setup, with Cloudflare tunnel (you need to compile it for the pi zero) and I’m pointing a public host name to my router’s IP address. Now, when I want to access the router, I get an error message that I’m not requesting the page from the right origin, since it’s the public hostname I just configured. Let’s change that in the cloudflared.yaml config file:

tunnel: some-ran-dom-id-in-here
credentials-file: /home/pi/.cloudflared/some-ran-dom-id-in-here.json
ingress:
  - hostname: myrouter.example.com
    service: http://192.168.1.1
    originRequest:
      httpHostHeader: 192.168.1.1

  - service: http_status:404

The important bit is the originRequest and httpHostHeader section. This way, I can still access my router’s interface via myrouter.example.com but cloudflared will send the httpHostHeader to the router.

Don’t forget to protect the router with Cloudflare Access as well, you probably don’t want the router exposed to the internet directly with their shitty web login.

some more links to Cloudflare tunnel: