Skip to main content

Using Cloudflare Tunnels to access your SPIN Runtime

Cloudflare Tunnels is a service that allows you to make your SPIN runtime accessible from the internet while still allowing it to run behind a firewall.

Quick Tunnels

For trial and testing purposes, you can use quick tunnels, which allow you to create a tunnel without signing up with Cloudflare.

Docker Compose Example

Replace <SPIN_TOKEN> with the token you receive in the SPIN UI when creating a new runtime. Then run the containers by running:

Getting the Runtime URL

To obtain the runtime URL, view the logs of the cloudflare-tunnel container:
This will output something like:
Grab the URL (https://toronto-foul-enlargement-gothic.trycloudflare.com in the example above) and paste it in the SPIN UI runtime URL field.

Quick Tunnel Limitations

  • The URL will change on every restart (this requires you to update the runtime config in the SPIN UI)
  • No uptime guarantees by Cloudflare
  • Best suited for testing before setting up a permanent tunnel
Quick tunnels are ideal for getting something up and running quickly for testing, before investing time and resources (a DNS domain on Cloudflare is required for regular tunnels) to set up a permanent tunnel.

Permanent Tunnels

For production use, you should set up a permanent tunnel. Prerequisites:
  • A Cloudflare account
  • A DNS domain on Cloudflare
Steps:
  1. Configure tunnel in the Cloudflare dashboard
  2. Run spin-runtime with cloudflared sidecar in docker

Configure Cloudflare Tunnel

First, head over to your Cloudflare dashboard, then navigate to Zero Trust -> Networks -> Tunnels. Create Tunnel in Cloudflare dashboard Next, provide a name for your tunnel and click Create tunnel. Provide a name for your tunnel In the next step, all we need is the Tunnel token. Copy the docker command and grab the token (which is everything after the --token flag). We’ll use this token in the next step when we configure the SPIN runtime in docker compose. Copy the tunnel token Lastly, we’ll configure the route for the tunnel. You’ll have to provide:
  • A: A hostname for the tunnel
  • B: Select a DNS domain you own on Cloudflare
  • C: The service URL: http://spin-runtime:8888/
Copy the tunnel token The tunnel will be reachable at https://<hostname>.<domain>. In the example above, the tunnel will be reachable at https://mytunnel.spintun.net. This is the value we’ll provide when configuring the runtime in the SPIN UI.

Run SPIN Runtime with Cloudflare Tunnel

Replace <SPIN_TOKEN> with the token you receive in the SPIN UI when creating a new runtime and replace <CLOUDFLARE_TUNNEL_TOKEN> with the token you copied in the previous step. Then run the containers by running: