Both Tailscale Funnel and Cloudflare Tunnels solve the same problem — getting public traffic to a service behind NAT without forwarding a port — but they make opposite architectural bets. A deep dive on the data planes, who terminates your TLS, the identity models, the real limits, and which one to actually reach for.
Cloudflare
-
Tailscale Funnel vs Cloudflare Tunnels: Two Ways to Expose a Service Through NAT -
Cloudflare Tunnels for Secure Homelab Exposure How Cloudflare Tunnels work, setting up cloudflared for zero-port-forward homelab access, Cloudflare Access for authentication, configuration via YAML and the dashboard, and an honest look at the privacy tradeoffs and free tier limits.
-
Zero Trust Architecture in Practice: Beyond the Buzzword A practical guide to implementing Zero Trust Architecture: moving beyond VPNs with identity-aware proxies, mTLS between services, and real-world patterns using Tailscale and Cloudflare Access.
-
Cloudflare Workers and the Edge: Building Globally Distributed Apps with Zero Cold Starts A comprehensive guide to Cloudflare Workers — the edge compute platform that runs JavaScript, TypeScript, Python, and Rust in 300+ locations worldwide with sub-millisecond cold starts. Covers the Workers runtime, KV, R2, D1, Durable Objects, Queues, and building production applications at the edge.
-
Zero Trust Networking: Principles and Practical Tools A comprehensive guide to Zero Trust networking — the philosophy, core principles, and practical implementation using Tailscale and Cloudflare Access, including ACL configs, tunnel setup, and a homelab architecture that replaces legacy VPNs.