This is a hands-on, step-by-step guide post you can use to publish a Windows host with in-browser RDP using Cloudflare Tunnel and Cloudflare Zero Trust Access. Read it once, then follow each step.
Short summary
I had my domain registered with Hostinger so I moved my domain DNS management into Cloudflare. The process involves pointing your domain to Cloudflare, creating a Cloudflare Tunnel, installing the tunnel agent on Windows, configuring the tunnel to route a public hostname to an internal RDP host, creating a Zero Trust Access app with browser rendering, and testing.
Step 0 — Key information you should have
A domain name. Cloudflare account with Zero Trust enabled. Hostinger account. Windows machine with Administrator access. Private IP of the RDP target. RDP enabled.
Step 1 — Add your domain to Cloudflare
Log in to Cloudflare and add your domain. Log in to Hostinger, and replace the current nameservers with the ones provided by Cloudflare.
Step 2 — Prepare Zero Trust and create a Tunnel
In the Cloudflare dashboard under Zero Trust -> Tunnels: Create the tunnel and generate a service install token.
Step 3 — Create targets and allow admin users
Register the internal target IP. Create an Access rule to allow your admin account.
Step 4 — Configure a public hostname
Go to Tunnels -> your tunnel -> Public hostnames. Add a public hostname. Set the service to the internal RDP target.
