# Goodbye Open Ports

In the old days, to put a server on the internet, you needed to:

1. Open firewall ports (80, 443, 8080).
    
2. Configure router forwarding (NAT).
    
3. Expose your server's real IP to the world.
    
4. Suffer configuring SSL certificates (that green padlock) that expired every 3 months.
    

Forget that. There is a much better, safer, and free way: **Cloudflare Tunnel**.

Today, I'll show you how I connected my Oracle server to the world without opening **any** entry ports.

**1\. The Tunnel Concept**

Imagine that instead of opening your front door to receive visitors, you dug a secret underground tunnel that leads straight into Cloudflare's secure room. That's what `cloudflared` does. It creates an encrypted *outbound* connection. No one on the internet can "knock" on my server because there are no open ports.

**2\. Configuration via File (YAML)**

To maintain total control, I configured the tunnel using a `config.yml` file inside the server. The magic happens in the routing:

YAML

```bash
ingress:
  - hostname: n8n.mydomain.com
    service: http://localhost:5678
  - hostname: api.mydomain.com
    service: http://localhost:8080
```

Look how amazing this is: Cloudflare receives access on the `n8n` subdomain and delivers it straight to the internal port `5678` of my Docker. The world sees secure HTTPS, but my server doesn't even know what SSL is.

**3\. Secure Webhook**

I also configured a route for [`webhook.mydomain.com`](http://webhook.mydomain.com). This allows external systems to send data to my automations with total security and speed.

**Week 2 Conclusion** We have the machine, we have Docker, we have spare memory (Swap), and we have an armored connection. The stage is set. Next week, the show begins: we will install and integrate **n8n** and **Evolution API**.
