本文由 AI 分析生成
建立時間: 2024-07-02
Summary
EN: A Traditional Chinese tutorial for accessing a Synology NAS behind a community network (where the NAS has a virtual IP and no direct port control) from external networks using Cloudflare Zero Trust Tunnel. The tunnel is run as a Docker cloudflared container on the NAS itself. An optional enhancement uses a self-hosted DNS server + reverse proxy to also access the NAS from within the community network via a friendly domain name without the tunnel.
ZH: 本文以繁體中文介紹如何使用 Cloudflare Zero Trust Tunnel 從外部網路存取位於社區網路(有虛擬 IP、無法直接控制連接埠)的 Synology NAS。隧道透過 NAS 上的 Docker cloudflared 容器運行。進階設定使用自架 DNS 伺服器加反向代理,讓社區網路內也能以友善域名存取 NAS,無需經過 Cloudflare 隧道。
Key Points
- Problem: community network assigns virtual IPs with no direct port forwarding control — traditional DDNS+port-forward approach won’t work
- Solution: Cloudflare Zero Trust Tunnel (
cloudflared) creates an outbound tunnel from NAS to Cloudflare’s network - Docker deployment:
cloudflaredruns as a container on the Synology NAS via Docker or Container Manager - Zero Trust auth: access can be gated by email/SSO — secures the NAS without exposing it directly
- Internal network shortcut: self-hosted DNS (Pi-hole/AdGuard) + Nginx reverse proxy routes internal traffic directly without the tunnel
- Cloudflare free tier supports this use case
Insights
- The “community network” scenario is common in Taiwan and China, where residential buildings share uplinks with carrier-grade NAT — the Cloudflare tunnel is an elegant workaround
- Running the tunnel inside Docker on the NAS means no extra hardware; the NAS does both storage and tunnel management
- The internal DNS shortcut is elegant: same domain name resolves differently inside vs outside the network — split-horizon DNS
Connections
- Addresses the self-hosting barrier that the “self-hosting isn’t a solution” article identifies: cloud-assisted tunneling reduces the technical burden significantly
- The Docker pattern connects to the self-hosted K8s blog and ROS2 Docker articles
- Cloudflare Zero Trust is also used for remote access to homelab services generally — a natural extension of the self-hosted Kubernetes blog use case
Raw Excerpt
“社區網路的虛擬 IP 讓傳統的 DDNS + 連接埠轉發方法完全失效。Cloudflare Zero Trust Tunnel 的優雅之處在於它是從 NAS 向外建立連線,不需要任何入站連接埠開放。只要 NAS 能上網,tunnnel 就能工作。”