Host services directly from mobile devices and CG-NAT networks with zero infrastructure costs.
HostingMobile enables you to expose local services (HTTP/HTTPS, SSH, RDP, TCP, ...) from any device behind Carrier-Grade NAT (CG-NAT) or other networks without port forwarding, public IPs, or server infrastructure. All traffic is routed through Cloudflare's edge network with end-to-end encryption. Only 5 steps.
- CG-NAT Bypass: Works behind mobile data, ISP restrictions, and corporate firewalls
- Zero Infrastructure: No VPS, no dedicated server, no subscription fees
- Protocol Agnostic: Native support for HTTP, SSH, RDP, TCP, and UDP via QUIC
- Production-Ready: Custom domain support with free SSL certificates
- Cross-Platform: Termux, Android, Linux, Raspberry Pi
- Cloudflare account (free, no credit card required)
- Domain name (free options provided below)
- Linux terminal environment (Termux + proot-distro, or native Linux or Windows)
- Node.js (optional, for sample server)
This guide is not for Windows, but you can follow along and figure it out
DigitalPlat provides free domains after Freenom's closure:
- Register at DigitalPlat FreeDomain
- Complete GitHub OAuth verification
- Register domain:
yourproject.dpdns.org - Set nameservers to Cloudflare (obtained in Step 2)
Why DigitalPlat?
- ✅ Instant activation (no waiting)
- ✅ Full DNS control
- ✅ CG-NAT compatible
- ✅ No credit card required
For long-term projects:
- Submit request at nic.eu.org
- Wait ~2 months for manual processing
- Configure Cloudflare nameservers after approval
If you cannot obtain a TLD:
- Register at DuckDNS.org
- Create subdomain:
yourproject.duckdns.org - Limitation: Cannot use Cloudflare proxy (direct Tunnel only)
- Add your domain to Cloudflare Dashboard
- Select Free Plan and continue
- Copy the two assigned nameservers (format:
name.ns.cloudflare.com) - Configure nameservers at your domain registrar:
- Wait for propagation: 2 minutes to 48 hours
- Verify in Cloudflare: Status shows "Active"
# Download latest ARM binary
# For 64 bits ARM Architecture
curl -L "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64" -o cloudflared
# For 32 bits ARM Architecture (old smartphones)
curl -L "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm" -o cloudflared
# Give it permissions to run
chmod +x cloudflared
# Make it a global command
mv cloudflared ~/../usr/bin/
# Test it works
cloudflared --versioncurl -L "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64" -o cloudflared
chmod +x cloudflared
sudo mv cloudflared /usr/local/bin/Purpose: Verify connectivity before permanent setup.
- Start sample server (or your own service):
# Clone repository
git clone https://github.com/stringmanolo/hostingmobile
cd hostingmobile
npm install
node index.js &- Launch temporary tunnel:
cloudflared tunnel --url http://localhost:3000- Access the provided URL (format:
https://random-words.trycloudflare.com) - Expected result: "Hello World from behind CG-NAT!"
trycloudflare.com URLs change on every restart. Proceed to Step 5 for permanent solution.
cloudflared tunnel login
# Follow browser prompt and select your domaincloudflared tunnel create hostingmobile-tunnel # swap hostingmobile for the name of your proyect / web / service
# Save the UUID: a1b2c3d4-e5f6-7890... and never share it cloudflared tunnel route dns hostingmobile-tunnel your-domain.org
# or do it using the web at https://dash.cloudflare.com/173763727228282828/your.domain.dpdns/dns/records by going to your domain, clicking the dots and creating a new dns record for your domain.
# Select CNAME and add the subdomain (for example: cgnat-bypass.stringmanolo.dpdns) and put your UUID.cfargotunnel.com as the target and create the record. For example: 1a11111a-11a1-1a11-a1a1-aa1aa11a11aa.cfargotunnel.com# Use your favourite text editor.
vi ~/.cloudflared/config.ymlPaste this configuration (replace values by yours):
tunnel: cgnat-bypass
credentials-file: /root/.cloudflared/1a11111a-11a1-1a11-a1a1-aa1aa11a11aa.json
ingress:
- hostname: cgnat-bypass.stringmanolo.dpdns
service: http://localhost:3000
- service: http_status:404# Start your server in the background if you did step 4.
node index.js & # This will start a basic HelloWorld http server at port 3000
# Start the routing with the config file
cloudflared tunnel --config config.yml runYou are done: Your service should be reachable. You can install apache, nginx, postgresql, etc and configure it like a normal hosting server.
Cloudflare Tunnel supports any TCP-based service:
ingress:
- hostname: ssh.your-domain.org
service: ssh://localhost:22
- hostname: rdp.your-domain.org
service: rdp://localhost:3389
- hostname: tcp.your-domain.org
service: tcp://localhost:8080
- hostname: your-domain.org
service: http://localhost:3000
- service: http_status:404Make sure to create the CNAME record for each subdomain.
You can use tcp:// for any of them, but using the name of the protocol (example ssh://) allows Cloudflare to help you secure a bit the protocol by default
I think cloudflare do not support UDP protocol in the free tier plan. You can use tools like Chisel to encapsulate the trafic over tcp. Make sure it dosn't break Cloudflare TOS to don't catch a ban
Security Note: For SSH/RDP, enable Cloudflare Access (Zero Trust) to prevent brute-force attacks.
# Real-time logs
journalctl -u cloudflared -f
# Tunnel information
cloudflared tunnel info hostingmobile-tunnelYou can use free services like urlscan.io for a quick confirm of public accessibility:
https://urlscan.io/You can check mine to see what it should look like: https://urlscan.io/result/019b3f06-2816-7068-8904-456b13c9fd90/
Configure UptimeRobot to monitor your-domain.org and receive alerts if the tunnel goes down.
Restrict SSH/RDP to authenticated users:
# Configure in Cloudflare Dashboard → Zero Trust → ApplicationsCloudflare provides free SSL certificates. Enable "Always Use HTTPS":
# Cloudflare Dashboard → SSL/TLS → Edge CertificatesIn your service, strip identification headers:
response.headers.delete('x-powered-by');
response.headers.delete('server');Create a Cloudflare Worker to protect against abuse:
addEventListener("fetch", (event) => {
event.respondWith(handleRequest(event.request));
});
async function handleRequest(request) {
// Rate limiting logic here
return fetch(request);
}# Check DNS propagation
dig +short ns your-domain.dpdns
# If stuck, re-create route or try using the web to create a new record
cloudflared tunnel route dns hostingmobile-tunnel your-domain.org# Verify local service is listening by entering next address on your browser
http://localhost:3000
# Check cloudflared logs
journalctl -u cloudflared -n 50 --no-pager# Fix permissions
chown -R ~/.cloudflared| Component | Cost | Notes |
|---|---|---|
| Domain (DigitalPlat) | €0 | Free with GitHub verification |
| Cloudflare | €0 | Free tier (unlimited tunnels) |
| Cloudflared | €0 | Open-source |
| SSL Certificate | €0 | Auto-provisioned |
| Bandwidth | €0 | 100GB/month included |
Total: €0 permanent infrastructure
Contributions are welcome! Focus areas:
- Automated setup scripts for multiple platforms
- Additional protocol examples (UDP, QUIC)
- Security hardening guides
- Alternative registrar integration
Project Goal: Enable anyone to host services from mobile/CG-NAT networks with zero infrastructure costs.