Skip to content
OpenCodeHub Docs

Deploy with Cloudflare

Cloudflare provides several services that integrate well with OpenCodeHub. This guide covers using Cloudflare Tunnel for secure access and R2 for storage.

Cloudflare Services Overview

Section titled “Cloudflare Services Overview”
ServiceUse Case
Cloudflare TunnelSecurely expose your server without opening ports
Cloudflare R2S3-compatible object storage
Cloudflare DNSFast DNS with DDoS protection
Cloudflare PagesDeploy docs-site (static)

Part 1: Cloudflare Tunnel

Section titled “Part 1: Cloudflare Tunnel”

Cloudflare Tunnel (formerly Argo Tunnel) creates an encrypted tunnel from your server to Cloudflare’s edge, eliminating the need to open ports.

Prerequisites

Section titled “Prerequisites”
  • OpenCodeHub running on localhost:3000
  • Cloudflare account with a domain
  • cloudflared CLI installed

Install cloudflared

Section titled “Install cloudflared”
Terminal window
# Debian/Ubuntu
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o cloudflared.deb
sudo dpkg -i cloudflared.deb


# Or via package manager
curl -L https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/cloudflare-archive-keyring.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt update && sudo apt install cloudflared

Authenticate

Section titled “Authenticate”
Terminal window
cloudflared tunnel login
# This opens a browser to authenticate with your Cloudflare account

Create Tunnel

Section titled “Create Tunnel”
Terminal window
# Create tunnel
cloudflared tunnel create opencodehub


# Note the tunnel ID and credentials file path
# Example: ~/.cloudflared/<tunnel-id>.json

Configure Tunnel

Section titled “Configure Tunnel”

Create ~/.cloudflared/config.yml:

tunnel: <your-tunnel-id>
credentials-file: /home/user/.cloudflared/<tunnel-id>.json


ingress:
  # Main application
  - hostname: git.yourdomain.com
    service: http://localhost:3000
    originRequest:
      noTLSVerify: true
      connectTimeout: 30s
      # Important for git operations
      disableChunkedEncoding: true


  # Catch-all (required)
  - service: http_status:404

Route DNS

Section titled “Route DNS”
Terminal window
cloudflared tunnel route dns opencodehub git.yourdomain.com

Run Tunnel

Section titled “Run Tunnel”
Terminal window
# Test
cloudflared tunnel run opencodehub


# Install as service
sudo cloudflared service install
sudo systemctl start cloudflared
sudo systemctl enable cloudflared

Verify

Section titled “Verify”

Visit https://git.yourdomain.com - it should load OpenCodeHub!

Part 2: Cloudflare R2 Storage

Section titled “Part 2: Cloudflare R2 Storage”

R2 is S3-compatible object storage with no egress fees.

Create R2 Bucket

Section titled “Create R2 Bucket”
  1. Go to Cloudflare Dashboard → R2
  2. Click Create bucket
  3. Name: opencodehub-repos
  4. Location: Choose nearest region

Create API Tokens

Section titled “Create API Tokens”
  1. Go to R2 → Manage R2 API Tokens
  2. Click Create API Token
  3. Permissions: Object Read & Write
  4. Specify bucket: opencodehub-repos
  5. Copy the Access Key ID and Secret Access Key

Configure OpenCodeHub

Section titled “Configure OpenCodeHub”

Add to your .env:

Terminal window
STORAGE_TYPE=s3
STORAGE_BUCKET=opencodehub-repos
STORAGE_REGION=auto
STORAGE_ENDPOINT=https://<account-id>.r2.cloudflarestorage.com
S3_ACCESS_KEY=<your-r2-access-key-id>
S3_SECRET_KEY=<your-r2-secret-access-key>

Find your account ID in Cloudflare Dashboard → R2 → Overview.

Performance Note

Section titled “Performance Note”

Part 3: Cloudflare DNS

Section titled “Part 3: Cloudflare DNS”
Section titled “Recommended DNS Settings”
TypeNameContentProxy
CNAMEgit<tunnel-id>.cfargotunnel.comProxied (orange)

If using Tunnel, the CNAME is created automatically.

Security Settings

Section titled “Security Settings”

  1. Go to SSL/TLS → Overview

  2. Set mode to Full (strict)

  3. Go to Security → WAF

  4. Enable managed rules

Part 4: Deploy Docs to Cloudflare Pages

Section titled “Part 4: Deploy Docs to Cloudflare Pages”

The documentation site can be deployed to Cloudflare Pages for free.

Connect Repository

Section titled “Connect Repository”
  1. Go to Workers & Pages → Create application
  2. Select Pages → Connect to Git
  3. Choose your OpenCodeHub repository

Build Settings

Section titled “Build Settings”
SettingValue
Build commandcd docs-site && npm install && npm run build
Build output directorydocs-site/dist
Root directory/

Environment Variables

Section titled “Environment Variables”
VariableValue
NODE_VERSION20

Custom Domain

Section titled “Custom Domain”
  1. Go to Pages project → Custom domains
  2. Add docs.yourdomain.com
  3. Cloudflare will configure DNS automatically

Complete Architecture

Section titled “Complete Architecture”
┌─────────────────────────────────────────────────────────┐
│                    Cloudflare Edge                       │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐      │
│  │     DNS     │  │     WAF     │  │    CDN      │      │
│  └─────────────┘  └─────────────┘  └─────────────┘      │
│           │                              │               │
│           ▼                              ▼               │
│  ┌─────────────────┐           ┌─────────────────┐      │
│  │ Cloudflare      │           │ Cloudflare      │      │
│  │ Tunnel          │           │ Pages           │      │
│  │ (git.domain)    │           │ (docs.domain)   │      │
│  └────────┬────────┘           └─────────────────┘      │
└───────────┼─────────────────────────────────────────────┘
            
            ▼ (encrypted tunnel)
    ┌───────────────────┐
    │   Your Server     │
    │  ┌─────────────┐  │
    │  │ OpenCodeHub │  │
    │  │ :3000       │  │
    │  └──────┬──────┘  │
    │         │         │
    │         ▼         │
    │  ┌─────────────┐  │
    │  │ PostgreSQL  │  │
    │  └─────────────┘  │
    └───────────────────┘
            
            ▼ (S3 API)
    ┌───────────────────┐
    │  Cloudflare R2    │
    │  (repo storage)   │
    └───────────────────┘

Benefits of Cloudflare Setup

Section titled “Benefits of Cloudflare Setup”
BenefitDescription
No open portsTunnel handles all ingress
DDoS protectionFree, always-on
Free SSLAutomatic via Cloudflare
No egress feesR2 has zero egress costs
Global CDNStatic assets cached at edge
AnalyticsBuilt-in traffic analytics

Troubleshooting

Section titled “Troubleshooting”

Tunnel Connection Drops

Section titled “Tunnel Connection Drops”
Terminal window
# Check tunnel status
cloudflared tunnel info opencodehub


# View logs
sudo journalctl -u cloudflared -f

502 Bad Gateway

Section titled “502 Bad Gateway”
  1. Verify OpenCodeHub is running on port 3000
  2. Check tunnel config points to correct port
  3. Verify localhost:3000 is accessible locally

R2 Access Denied

Section titled “R2 Access Denied”
  1. Verify API token has correct bucket permissions
  2. Check Access Key ID and Secret are correct
  3. Verify endpoint URL format

Environment Example

Section titled “Environment Example”

Complete .env for Cloudflare setup:

Terminal window
NODE_ENV=production
PORT=3000
SITE_URL=https://git.yourdomain.com


# Database (local PostgreSQL)
DATABASE_DRIVER=postgres
DATABASE_URL=postgresql://opencodehub:password@localhost:5432/opencodehub


# Security
JWT_SECRET=<64-char-hex>
SESSION_SECRET=<64-char-hex>
INTERNAL_HOOK_SECRET=<64-char-hex>


# Cloudflare R2 Storage
STORAGE_TYPE=s3
STORAGE_BUCKET=opencodehub-repos
STORAGE_REGION=auto
STORAGE_ENDPOINT=https://<account-id>.r2.cloudflarestorage.com
S3_ACCESS_KEY=<r2-access-key>
S3_SECRET_KEY=<r2-secret-key>

Next Steps

Section titled “Next Steps”