Introduction
A key goal of my homelab journey is to build and host services using infrastructure that I control.
For this project, I wanted to host my own WordPress website while keeping the underlying services inside my home network.
The objective was simple:
- Host WordPress locally
- Use my own domain
- Provide secure HTTPS access
- Avoid exposing my home network directly to the internet
The final result:
https://realmlabs.uk
running from my own infrastructure.
The Starting Point
The WordPress site was already running inside Docker and was accessible internally.
The challenge was making it publicly available without opening inbound ports on my router.
The traditional approach would be:
Internet
|
Router Port Forward
|
Home Server
|
WordPress
However, this exposes services directly to the internet and requires maintaining firewall rules and certificates.
Instead, I chose Cloudflare Tunnel.
Why Cloudflare Tunnel?
Cloudflare Tunnel creates an outbound encrypted connection from my network to Cloudflare.
Instead of users connecting directly to my home server, the connection path becomes:
Visitor
|
HTTPS
|
Cloudflare
|
Secure Tunnel
|
Home Lab Server
|
Docker
|
WordPress
Benefits:
- No port forwarding required
- No exposed inbound services
- HTTPS handled by Cloudflare
- Home IP address remains private
- Easy to publish additional services later
Creating the Cloudflare Tunnel
The first step was creating a tunnel within Cloudflare Zero Trust.
A new tunnel was created and named:
RealmLabs
Cloudflare provides a connection token which allows the local cloudflared service to establish the tunnel.
Running Cloudflared with Docker
Since the environment already uses Docker management tools, Cloudflared was deployed as another container.
Example Docker Compose configuration:
version: "3.8"
services:
cloudflared:
image: cloudflare/cloudflared:latest
container_name: cloudflared
restart: unless-stopped
command: tunnel --no-autoupdate run --token YOUR_TUNNEL_TOKEN
The tunnel token is kept private and should never be published.
Once deployed, the container logs confirmed that the tunnel successfully connected to Cloudflare.
Publishing the WordPress Application
After the tunnel was online, a published application route was created.
The route connects the public domain:
realmlabs.uk
to the internal WordPress service.
Example:
Public hostname:
realmlabs.uk
Service:
HTTP
Origin:
internal-wordpress-host:8082
Cloudflare then handles incoming HTTPS requests and forwards them securely through the tunnel.
Configuring WordPress for HTTPS
After the tunnel was configured, the website was accessible externally.
However, WordPress still believed it was running from its original internal address.
This caused incorrect links and HTTPS warnings.
The WordPress site configuration was updated:
WordPress Address:
https://realmlabs.uk
Site Address:
Realm Labs | Technology, Projects & Guides
After saving the changes, WordPress correctly generated secure HTTPS links.
Final Architecture
The completed design:
Internet
|
|
Cloudflare
|
|
Cloudflare Tunnel
|
|
Home Lab Server
|
|
Docker
|
|
WordPress
The website is now publicly accessible while the application remains securely hosted inside the home network.
Future Expansion
The same approach can be used to publish additional homelab services.
Examples:
realmlabs.uk Main website
blog.realmlabs.uk Blog
projects.realmlabs.uk Project documentation
ha.realmlabs.uk Home Assistant
grafana.realmlabs.uk Monitoring
Cloudflare Tunnel provides a secure foundation for expanding a self-hosted environment without exposing the entire network.
This setup forms the foundation for future RealmLabs projects and documentation.

