Table of Contents
Motivation and Background
I recently built a PC to play with AI, mainly for Stable Diffusion. I really wanted to be able to access my PC for image generation anytime, anywhere. I go to coffee shops and sometimes travel, and I don’t want to be tied to my desk or pay for a service like rundiffusion.com now that I have a good PC. My background is software engineering, and I’ve experimented with many approaches to achieve this in the past, and in my opinion, Cloudflare tunnels are the best way to achieve this.
The Goal
Access your chosen SD UI (e.g. ComfyUI) over the internet. For example, if I own a domain like mydomain.com, I can set up comfyui.mydomain.com to access the ComfyUI server on my PC from anywhere. This access should be secure and include some form of authentication to prevent random people from using my PC or worse, hacking me.
Approach TLDR
Run your UI server locally, set up a Cloudflare tunnel, establish access rules (e.g. email access), and enjoy.
What you need
- A PC capable of running your favorite Stable Diffusion UI (duh).
- A domain registered on cloudflare.com. However, before you go ahead and buy one, do steps 1 to 3. Cloudflare has a service called quicktunnels that allows you to try tunnels for free without an account and without a domain.
Tutorial
If you are interested in more theory on what is cloudflare and tunnels, check the FAQ section first then come back.
Step 1 - Start Long Running Server
Run your diffusion server. For ComfyUI this means running python3 main.py. To make sure it doesn’t terminate when you close the terminal add nohup for linux (for windows I don’t think you need anything).
nohup python3 main.py
For me this runs ComfyUI in localhost:8188
Step 2 - Install Client
Download cloudflared client on your machine. Steps for windows, linux, and mac are here, just follow them.
Step 3 - Test with Quick Tunnels
Do test run with Cloudflare quick tunnel. Quick tunnel is a free service that allows you to create a temporary tunnel without a domain name. Cloudflare will assign you a random subdomain on trycloudflare.com so you can try it out. It’s very simple to use, just run the following (adapt to the port where your ui is running at)
cloudflared tunnel --url http://localhost:8188
You should see something like this
2023-12-16T16:58:16Z INF | Your quick Tunnel has been created! Visit it at (it may take some time to be reachable): |
2023-12-16T16:58:16Z INF | https://<random-stuff-here>.trycloudflare.com
Go to the URL, and you should be able to see your UI there. Congratulations, your UI is now accessible over the internet. You can try using your phone over data to access it, and it should work.
For some people, this might be enough for small sessions. However, if you want to run this longer (24/7 for me), then protecting this access becomes more important. As you can see, anyone with the link can access your UI now and use your GPU to create images. If the service has a security problem, then they might even be able to do more than that.
Step 4 - Get the domain
Get a domain name. If you made a cloudflare.com account and logged in, then you will see it on the left menu under “Domain Registration”. Most of the .com domains cost less than $10 a year, and some other ones can cost less than $5 a year. Signup and buy one you like; we will be running the service on a subdomain (i.e., comfyui.mydomain.com) so you can still use the main domain (mydomain.com) for other things like your personal site. You won’t need to buy more domains if you want to host other services; you can host multiple UIs simultaneously (e.g. ComfyUI, AUTOMATIC1111, and say some LLM UI) by using a different subdomain for every service.
Step 5 - Create the tunnel
Go to “Zero Trust” on the menu to the left, then on the new menu click on “Access -> tunnels”. Click on “create a new tunnel”.
- The first page will ask you to choose a name; use whatever; I named mine comfyui.
- The second page will ask you to run a command; copy and run it in your terminal.
- Finally, you will be asked to set the domain and subdomain. In the domain, just put the domain you bought from Cloudflare; for subdomain, put whatever you want; this will be the link you will use to access the web UI over the internet. Right under it, you will put where the service is running locally; this will be http://localhost:8188 for ComfyUI.
If everything worked correctly, then you should be able to go to your subdomain.mydomain.com and access the UI.
Step 6 - Secure the tunnel
On the same “Zero Trust” page, go to “Access->Applications”. Click on “Create a new application”.
- In the first page, choose self-hosted.
- The second page is about configuring the app; you will choose a name, and for the application domain, you put the tunnel URL (e.g. subdomain.domain.com).
- Finally, on the Add Policy page, configure your access rules; for example, you can use the “Emails” selector and put your email in the “Value”; this will add a login page that asks for your email when you try to go to your app. If you use one of the listed emails, you will get an email with a pin; otherwise, you won’t receive anything; you can read more on Access policies here. Finally go to the next page and click “Add Application”.
Congrats, you are done! You should be able to navigate to your tunnel url and if things are setup correctly then there will be a page asking you for your email. You can now keep your web UI running 24/7 and access it from anywhere over the internet.
FAQs for people interested in knowing more
What is cloudflare? Cloudflare is a web infrastructure and website security company, providing content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services. They control a large chunk of the internet.
What is traditional way of achieving this? Setting up your domain with a reverse proxy (nginx, caddy) on your server. The problem with this approach is that it’s not easy to secure this connection if the service itself doesn’t have some authentication backed, anyone with the url will be able to access your ui. Also your IP address will be exposed because the way dns routing works is basically it just points to your PC IP. I personally find this method cumbersome because there is always some small problem that takes hours to debug, for example I once forgot to configure my router to expose ports 80 and 443 and wasted half a day debugging.
What is a cloudflare tunnel? It’s a secure way to access local services over the internet. The traffic is proxied through cloudflare servers which protects your IP address and allows you to easily add authentication layer on top of your services (i.e password auth doesn’t need to be backed into the UI itself). You can do all this without fiddling with DNS, exposing any ports, and keep your IP and machine safe.
How does cloudflare tunnel work under the hood? The technology underneath is called Argo tunnels. The way it works is by running a small service on your PC that make a connection to cloudflare network. The service on your pc directly connects with the cloudflare network. When someone goes to comfyui.mydomain.com, they don’t directly hit your PC, instead they hit a cloudflare server which has a connection established with your PC.
One thing to note here is that this not some form of handshake where you eventually endup hitting the PC IP directly once it’s done, it’s more like a VPN where all the traffic is routed through cloudflare.
If I can use quick tunnels, why would I buy my own domain? You can’t setup secure access and authentication with quick tunnels. They are mainly intended for a quick way to try tunnels without friction so they are more likely to drop. Also everytime you run them you get a new url. Depending on your use case you could maybe just use quick tunnels.