Yes, it's absolutely free and with no card verification (as of August 2025). (Linux, by the way)
We will be using Cloudflare Tunnel primarily, so you can follow any other general guide for that. If you want to skip directly to the SSH setup, scroll down.
Here are a few free ones that still work:
We will proceed with DigitalPlat. If it complains about a dot before your Gmail address, don't worry—just remove it and it will still work. (e.g., man.smh@gmail.com becomes mansmh@gmail.com)
Complete the registration until it asks for up to 8 name servers.
Go to the Cloudflare dashboard and onboard your domain. Continue to the activation page. It may say there are no DNS records—ignore that and proceed.
Cloudflare will give you 2 name servers. Use those in the DigitalPlat checkout to complete the domain registration.
Download and install from: https://github.com/cloudflare/cloudflared
cloudflared tunnel loginThis will open a browser for authentication. Once done, it will confirm success.
cloudflared tunnel create mytunnelNote:
/home/<your-user>/.cloudflared/<tunnel-id>.json)cat << EOF > ~/.cloudflared/config.yml
tunnel: <your-tunnel-id>
credentials-file: /home/<your-user>/.cloudflared/<tunnel-id>.json
ingress:
- hostname: <your-domain>
service: http://localhost:8000
- hostname: <your-ssh-subdomain>
service: ws://localhost:8443
- service: http_status:404
EOFExample:
tunnel: 3897230234203548038205e
credentials-file: /home/kachika/.cloudflared/3897230234203548038205e.json
ingress:
- hostname: subdomain.domain.qzz.io
service: http://localhost:8000
- hostname: ssh.domain.qzz.io
service: ws://localhost:8443
- service: http_status:404
You can move it to /etc/cloudflared if you want:
sudo mkdir -p /etc/cloudflared/
sudo mv ~/.cloudflared/config.yml /etc/cloudflared/
sudo cloudflared service install
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
Or run manually:
cloudflared tunnel run mytunnelsudo systemctl edit cloudflared.serviceAdd:
[Unit]
After=network-online.target nss-lookup.target
Wants=network-online.target
Or delay startup manually:
[Service]
ExecStartPre=/bin/sleep 60
If config isn't in /etc/cloudflared, override ExecStart:
[Service]
ExecStart=
ExecStart=/usr/bin/cloudflared tunnel run mytunnel
Automatically:
cloudflared tunnel route dns mytunnel subdomain.yourdomain.comOr manually in Cloudflare DNS:
<your-tunnel-id>.cfargotunnel.comUpdate Cloudflare Tunnel config:
ingress:
- hostname: ssh.domain.com
service: ws://localhost:8443
Ensure DNS is proxied (orange cloud).
Get it from: https://github.com/erebe/wstunnel
curl -LO https://github.com/erebe/wstunnel/releases/download/v10.4.4/wstunnel_10.4.4_linux_amd64.tar.gz
tar -xvzf wstunnel_10.4.4_linux_amd64.tar.gz
chmod +x wstunnel
sudo mv wstunnel /usr/local/bin/
Test run:
wstunnel server ws://0.0.0.0:8443Then add systemd service:
sudo nano /etc/systemd/system/wstunnel-server.service[Unit]
Description=Wstunnel WebSocket SSH Tunnel
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/local/bin/wstunnel server ws://0.0.0.0:8443
User=wstunnel
Restart=on-failure
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable --now wstunnel-server
Linux / WSL:
curl -LO https://github.com/erebe/wstunnel/releases/download/v10.4.4/wstunnel_10.4.4_linux_amd64.tar.gz
tar -xvzf wstunnel_10.4.4_linux_amd64.tar.gz
chmod +x wstunnel
./wstunnel client --local-to-remote tcp://2222:localhost:22 wss://ssh.domain.com
Android (termux):
curl -LO https://github.com/erebe/wstunnel/releases/download/v10.4.4/wstunnel_10.4.4_android_arm64.tar.gz
tar -xvzf wstunnel_10.4.4_android_arm64.tar.gz
chmod +x wstunnel
./wstunnel client --local-to-remote tcp://2222:localhost:22 wss://ssh.domain.com
ssh -p 2222 youruser@localhostscp -P 2222 file youruser@localhost:~/sftp -P 2222 youruser@localhostX11Forwarding yes in sshd_configcurl and runNext goal: make the client-side install even simpler.