In-browser RDP with Cloudflare Tunnel — Complete practical setup

This is a hands-on, step-by-step guide post you can use to publish a Windows host with in-browser RDP using Cloudflare Tunnel and Cloudflare Zero Trust Access. Read it once, then follow each step. I wrote this so you can copy, paste, edit small values, and run a single PowerShell script at the end to finish the setup on Windows.

Short summary

I had my domain registered with Hostinger so I moved my domain DNS management into Cloudflare. The process involves pointing your domain to Cloudflare, creating a Cloudflare Tunnel, installing the tunnel agent on Windows, configuring the tunnel to route a public hostname to an internal RDP host, creating a Zero Trust Access app with browser rendering, and testing.

Step 0 — Key information you should have

A domain name (example: yourdomain.com). Cloudflare account with Zero Trust (Access) enabled. Hostinger account where your domain currently has DNS. Windows machine where you will run cloudflared (Administrator access required). Private IP of the RDP target (example: 192.168.1.100), and RDP enabled.

Step 1 — Add your domain to Cloudflare

Log in to Cloudflare and add your domain. Log in to Hostinger, and replace the current nameservers with the ones provided by Cloudflare.

$UseToken = $true $ServiceToken = '' $tunnelUUID = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' $hostname = 'rdp.yourdomain.com' $targetIP = '192.168.1.100' $targetPort = 3389 $exeDir = 'C:\Program Files\cloudflared' $exePath = Join-Path $exeDir 'cloudflared.exe' $sysCfgDir = 'C:\Windows\System32\config\systemprofile\.cloudflared' $configPath = Join-Path $sysCfgDir 'config.yml' $credPath = Join-Path $sysCfgDir ($tunnelUUID + '.json') If (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)) { Write-Error 'Run PowerShell as Administrator'; Break } New-Item -ItemType Directory -Force -Path $exeDir | Out-Null $downloadUrl = 'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-windows-amd64.exe' if (-not (Test-Path $exePath)) { try { Invoke-WebRequest -Uri $downloadUrl -OutFile $exePath -UseBasicParsing -ErrorAction Stop; Unblock-File $exePath -ErrorAction SilentlyContinue } catch { Write-Error "Download failed: $downloadUrl"; Break } } & "$exePath" --version Get-WmiObject Win32_Service | Where-Object { $_.PathName -and ($_.PathName -match 'cloudflared') } | ForEach-Object { try { Stop-Service -Name $_.Name -Force -ErrorAction SilentlyContinue } catch {} sc.sc.exe delete $_.Name | Out-Null } taskkill /IM cloudflared.exe /F 2>$null New-Item -ItemType Directory -Force -Path $sysCfgDir | Out-Null if ($UseToken) { if (-not $ServiceToken) { Write-Error 'Set $ServiceToken'; Break } & "$exePath" service install $ServiceToken Start-Sleep -Seconds 2 } $ingressService = "rdp://$targetIP`:$targetPort" $yaml = @() $yaml += "tunnel: $tunnelUUID" $yaml += "credentials-file: $credPath" $yaml += "" $yaml += "ingress:" $yaml += " - hostname: $hostname" $yaml += " service: $ingressService" $yaml += " - service: http_status:404" $yaml -join "`n" | Out-File -FilePath $configPath -Encoding UTF8 -Force try { Restart-Service -Name "Cloudflared" -Force } catch {}

In-browser RDP with Cloudflare Tunnel — Complete practical setup

Short summary

Step 0 — Key information you should have

Step 1 — Add your domain to Cloudflare

Step 2 — Prepare Zero Trust and create a Tunnel

Step 3 — Create targets and allow admin users

Step 4 — Configure a public hostname

Step 5 — Create an Access application (Browser RDP)

Step 6 — Install cloudflared on Windows

Step 7 — Map DNS

Keep Reading

Russian Hackers Use ChatGPT to Hit 600 FortiGate Devices

The npm install Trap: How the Cline Extension Became a Supply Chain Attack Vector

AI Just Found 500 Security Vulnerabilities That Humans Missed for Decades - Here's What That Means for Your Code