SS Shihan Suhail Risk · Compliance · AI
← All writing
AISecurity

Securing Your AI Chatbot With a Free Cloudflare Tunnel

· 5 min read

In my last post I wrote about building a chatbot for wagah.lk on a Mac Mini. The model runs at home, and the website lives on Azure, so the two need to talk to each other across the internet. That’s where the real question starts. How do you let a website reach a machine sitting in your house without exposing that machine to everyone else?

The old answer was to open a port on your home router and forward it to the Mac Mini. I didn’t want to do that, and I’d suggest you don’t either.

Why opening a port is a bad idea

The moment you forward a port, your home IP address is on the public internet with a service answering on it. Bots scan for exactly this all day long. Within hours you’ll see strangers poking at the port, trying default passwords and known exploits. You’re also handing out your real IP, which is the address of your house, to anyone who looks.

So the goal was to let Azure talk to the Mac Mini without ever opening an inbound port and without telling the world where the machine lives. A Cloudflare Tunnel does both, and the version I needed costs nothing.

What a Cloudflare Tunnel actually does

Normally, exposing a service means the outside world connects in to you. A tunnel flips that around. You run a small program on the Mac Mini called cloudflared, and it makes an outbound connection to Cloudflare’s network and holds it open.

When a request comes in for your chatbot, it lands on Cloudflare first, then rides back down that connection you already opened. Your router never accepts an inbound connection, so there’s no port to scan and nothing to forward. From the outside, the machine looks closed, because it is.

Your home IP stays hidden too. Visitors only ever see Cloudflare’s address, never yours.

Setting it up

The setup is short. You install cloudflared, log it in to your Cloudflare account, and create a tunnel.

brew install cloudflared
cloudflared tunnel login
cloudflared tunnel create wagah-chat

Then you tell it which public hostname maps to your local service. The chatbot in my case answers on a local port, so the tunnel points a name like chat.yourdomain.com at http://localhost:11434 (or whatever port your service uses). That mapping lives in a small config file:

tunnel: wagah-chat
credentials-file: /Users/you/.cloudflared/wagah-chat.json

ingress:
  - hostname: chat.yourdomain.com
    service: http://localhost:11434
  - service: http_404

Run cloudflared tunnel run wagah-chat, add the DNS record Cloudflare gives you, and your local service is reachable at a clean HTTPS address. Cloudflare handles the certificate, so you get proper TLS without buying or renewing anything.

Making sure only your site can use it

A tunnel solves the “no open ports” problem, but on its own the chatbot URL is still public. Anyone who finds the address could send it questions, which costs you nothing in money but is still traffic you didn’t ask for. This is where Cloudflare’s free Zero Trust layer earns its place.

I put a Cloudflare Access policy in front of the tunnel and gave my Azure backend a service token. A service token is just an ID and secret that the website sends with every request. Cloudflare checks it at the edge and only lets the request through if it matches. Everyone else gets bounced before the request ever reaches my Mac Mini.

So the flow becomes:

  1. A customer asks a question on the website.
  2. The Azure backend forwards it to the chatbot URL, attaching the service token.
  3. Cloudflare checks the token, and only then passes the request down the tunnel.
  4. The Mac Mini answers, and the reply goes back the same way.

The customer’s browser never talks to the chatbot directly, and it never sees the token. Only my server holds it. If that token ever leaked, I rotate it in the dashboard and the old one stops working immediately.

The other things you get for free

Because every request now passes through Cloudflare before reaching home, a few protections come along without extra work.

Rate limiting is the one I care about most. I can cap how many requests a single visitor can make in a minute, so nobody can hammer the bot in a loop. The web firewall blocks the obvious junk, the kind of automated probing that hits every site. And if someone ever tried to flood the address, Cloudflare absorbs it at their edge instead of it landing on a Mac Mini on my desk.

None of this needed a paid plan. The free tier covers a single small chatbot comfortably.

Is it actually secure to use

Worth being honest about what this does and doesn’t give you.

It removes the biggest risk, which was a service answering on an open port at my home address. There are no inbound ports now, my IP is hidden, the traffic is encrypted, and only a caller holding the right token gets through. For a small store chatbot, that’s a sensible place to land.

What it doesn’t do is make the application itself safe. The chatbot still has to behave: stay on topic, refuse to leak data it shouldn’t, and not act on anything a cleverly worded message tries to make it do. The tunnel guards the front door. Writing the bot carefully guards what happens once a request is inside. You need both.

Conclusion

If you’re running anything from home and want the outside world to reach it, a Cloudflare Tunnel is the calm way to do it. No port forwarding, no exposed IP, free TLS, and a free access layer so only your own site can call the thing. It took me an afternoon to set up and I’ve not thought about it since, which is exactly what you want from this kind of plumbing.

If you’re wiring up something similar, let me know. Happy to compare notes.

Keep reading

AIChatbot

How I Built a Chatbot for wagah.lk on a Mac Mini

Read →
AzureSecurity

Scanning Terraform Against Azure Policy at Build Time in Azure DevOps

Read →