DEPRECATED: This guide is no longer relevant for folk.zone. The nitro server uses direct SSH access instead of Cloudflare tunnels.
Access the server securely over SSH from anywhere — no open inbound ports required.
1. Install cloudflared on the client machine (laptop/remote machine, not the server).
2. Add to ~/.ssh/config on the client:
Host brennan-ssh
Hostname ssh.folk.zone
User brennan
ProxyCommand cloudflared access ssh --hostname %h
IdentityFile ~/.ssh/id_ed25519
3. Connect:
ssh brennan-ssh
cloudflared access ssh acts as a ProxyCommand — it opens a Cloudflare Access tunnel for the SSH connection. Traffic is end-to-end encrypted and routed through Cloudflare's edge, with no inbound ports open on the server.
The current homelab is LAN-only (ssh brennan@192.168.1.65) since it's on the home network. This technique is most valuable for a VPS or when connecting remotely.