Homelab #14 Exposing Proxmox Virtual Environment to the outside world
HOMELAB

Homelab #14 Exposing Proxmox Virtual Environment to the outside world

Thất Nghiệp Thất Nghiệp
Oct 17, 2025 3 min read 0 views
Back to Blog

Last time I failed to do HTTPS Self Sign → HTTPS Cloudflared, gave up and told myself “when I’m free, I’ll deal with it,” but I wasn’t free and it already became urgent. So I guess I had to use some reverse proxy services. SSL, all that stuff, and after deciding to buy one I looked at the prices and woke up from the dream.

Last time I failed to do HTTPS Self Sign → HTTPS Cloudflared, gave up and told myself “when I’m free, I’ll deal with ...

About 200k for SSL with just one domain, and wildcard subdomain support costs ~10x more. No way. I already pay small amounts for domains, 80k/year. Where do I get money for this luxury? Even .com domains are 350k, I only pay when I’m ready for mail server stuff.

So I looked for other ways. ACME, registration, Let’sEncrypt, etc. But setup looks messy. At minimum I’d need an internal DNS. I’m avoiding that for now. So I kept searching and landed on Cloudflare Origin Server.

So I looked for other ways

Set up SSL with Cloudflare Origin Server

Creating a certificate is simple.

First go to:

cd /etc/pve/local/

Set up SSL with Cloudflare Origin Server - First go to:

Backup the two files pve-ssl.key and pve-ssl.pem.

Then paste the two new Cloudflare Origin Server keys you created.

Restart pveproxy service:

systemctl restart pveproxy

Set up SSL with Cloudflare Origin Server - Restart pveproxy service:

So now you basically have a 15-year Cloudflare SSL. For now I’ll just use it. If I have to scale later, I’ll probably move to Let’sEncrypt + reverse proxy, open ports, and all that stuff for full control. So many things.

ChatGPT kept telling me to edit Cloudflare config files, but there was no config file during setup? So I just let it yap.

Configure Cloudflared Tunnel

After some digging I found this reddit post and this video around minute 28 showing TLS right under the Tunnel config, exactly as mentioned earlier.

Configure Cloudflared Tunnel - After some digging I found this reddit post and this video around minute 28 showing TLS rig...

There are two options: set Origin Server or disable TLS Verify. Of course I tried to set Origin Server.

Configure Cloudflared Tunnel - There are two options: set Origin Server or disable TLS Verify

And now it works through the domain.

Configure Cloudflared Tunnel - And now it works through the domain

But since this domain is sensitive, I’ll add another verification layer I set up before. Add Cloudflare Access authentication layer

Configure Cloudflared Tunnel - But since this domain is sensitive, I’ll add another verification layer I set up before

Now to access it you must log in with GitHub, and of course not all GitHub accounts are allowed.

Configure Cloudflared Tunnel - Now to access it you must log in with GitHub, and of course not all GitHub accounts are all...

What are you doing here?

Configure Cloudflared Tunnel - What are you doing here

Edit

About 1 day later someone asked about the same issue I faced.

Edit - About 1 day later someone asked about the same issue I faced

The solutions are below:

Edit - The solutions are below:

Felt useful at that time.

Edit (04/11/2025)
If you plan to create a Cluster in the future, read post #24 in this series before deploying Cloudflare Origin Server.

cloudflare homelab proxmox reverse-proxy security ssl

Share this article

Twitter LinkedIn
Thất Nghiệp

Written by Thất Nghiệp

A developer sharing thoughts on clean code, creative freedom, and the pursuit of the perfect dev environment. Building digital sanctuaries one component at a time.

Comments

Join the conversation

Leave a comment

Won't be published

You might also like