Set Up a Public URL

RipDock needs an HTTPS URL that can reach your Hermes Runtime. For beta setup, a Cloudflare Tunnel is a good option because it gives your local Hermes instance a stable public URL without opening inbound firewall ports.

What You Need

• A domain in Cloudflare.
• The RipDock Hermes plugin installed and loaded.
• The Hermes gateway running.
• A hostname you want to use, such as hermes.example.com.

Create the Cloudflare Tunnel

Use Cloudflare's dashboard-managed tunnel setup. Their guide stays current for account, OS, and package-manager details: Create a remotely-managed tunnel.

1. In Cloudflare Zero Trust, go to Networks, then Tunnels.
2. Create a tunnel and choose Cloudflared.
3. Name it something recognizable, such as ripdock-hermes.
4. Choose your server OS and copy the install command Cloudflare shows.
5. Run that command on the server where Hermes is installed.

ssh <user>@<your-server>
# Paste the cloudflared install command Cloudflare gives you.

Route Your Hostname

After the tunnel connector is online, add a public hostname in Cloudflare for your Runtime URL.

1. Open the tunnel in Cloudflare.
2. Go to Routes.
3. Click Add Route.
4. Choose Published Application.
5. Set the full hostname, such as hermes.example.com.
6. Set Service Type to HTTP.
7. Set Service URL to http://127.0.0.1:8788.
8. Save the route.

Verify the Public URL

Replace https://hermes.example.com with your actual public Runtime URL.

curl https://hermes.example.com/.well-known/ripdock/runtime-identity
curl https://hermes.example.com/.well-known/ripdock/runtime-metadata

Both requests should return JSON. If they fail, fix the tunnel before trying to pair the App.

Security Notes

• Use HTTPS.
• Do not put Session IDs, Pairing secrets, Device keys, or private tokens in URLs.
• Do not share a public Runtime URL unless you intend other Devices to reach it.
• Review the Cloudflare starter rules and customize them for your own deployment.

Next: configure the RipDock Hermes plugin.