Cloudflare Tunnel Setup for QSales and QBMWServices

Publish QSalesView access to QBMWServices without directly opening local QBM ports to the public internet.

Guide Summary

AudienceImplementation team, server support, AI agents, and developers.
Applies ToQSalesView, QBMWServices, Cloudflare Tunnel, hosted API hostname, QBM Server, SQL Server.
PurposeExplain how Cloudflare Tunnel should route public browser traffic to the local QBMWServices API.
Last Updated2026-05-18

When To Use Cloudflare Tunnel

Use Cloudflare Tunnel when a browser app such as QSalesView or QClock must reach a customer server from outside the office without opening inbound public firewall rules to the server.

OptionBest ForNot For
Cloudflare TunnelPublic HTTPS access to QBMWServices through a controlled hostname.Direct SQL Server or direct QBM Server public access.
ZeroTierPrivate trusted device access, branch connectivity, support access, or LAN-like setups.Public customer browser pages.
Hosted VPSCentral hosted deployment managed by the implementation team.Ad hoc support testing without hosting planning.

Normal Flow

Browser
-> https://customername.qbmis.com or approved Cloudflare hostname
-> Cloudflare Tunnel
-> http://localhost:8053
-> QBMWServices
-> QBM Server on the private port
-> SQL Server

Expected result: The public HTTPS URL reaches QBMWServices, while QBM Server and SQL Server stay private.

Step-By-Step Setup

  1. Install and verify QBMWServices on the same computer that can reach QBM Server.
  2. Confirm port 8053 is listening locally before creating the tunnel.
  3. Create or open the Cloudflare Tunnel for the customer server.
  4. Add a public hostname for the QBM API, such as qbmapi.customer-domain.com.
  5. Set the tunnel service type to HTTP and target URL to localhost:8053.
  6. Run Cloudflare Tunnel as a service for production, not only inside a temporary PowerShell window.
  7. Set QSalesView Service Address or API BaseAddress to the approved public HTTPS hostname.
# This checks the local API before testing Cloudflare.
Test-NetConnection -ComputerName localhost -Port 8053

# This checks that QBMWServices is still running.
Get-Service -Name 'QBMWServices'

Testing

  1. Test QBM Client login locally first.
  2. Test QBM Server service status and SQL Server status.
  3. Test localhost:8053 on the server.
  4. Test the Cloudflare public hostname from another network.
  5. Open QSalesView and verify it calls the API hostname, not its own website host unless a reverse proxy was intentionally configured.
  6. Log in with a known allowed QBM user and check a small dashboard request before testing full reports.

Common Mistakes

  • Tunnel points to the wrong port.
  • Tunnel points to QBM Server instead of QBMWServices.
  • Cloudflare command was executed but the PowerShell window was closed.
  • QBMWServices is not running.
  • Public URL opens but API routes do not respond correctly.
  • QSalesView uses an HTTPS URL that does not match the tunnel hostname.
  • Customer enters Cloudflare URL as Server Name instead of Service Address.

Troubleshooting Decision Tree

  1. Does local QBM Client login work? If no, fix QBM Server or SQL Server first.
  2. Is QBMWServices running? If no, start it and review logs.
  3. Is localhost:8053 reachable on the server? If no, fix QBMWServices binding or firewall.
  4. Is the Cloudflare tunnel service running? If no, start or reinstall the tunnel service.
  5. Does the public hostname target localhost:8053? If no, correct the Cloudflare public hostname target.
  6. Does QSalesView call the API hostname? If no, correct Service Address or BaseAddress.
  7. If the public URL reaches the API but login fails, continue with product key, QBM Server, SQL Server, permissions, and logs.

What To Send To Support

  • Public Cloudflare hostname.
  • Screenshot of the tunnel public hostname target, with tokens hidden.
  • Screenshot or command output showing QBMWServices running.
  • Local port 8053 test result.
  • Exact QSalesView Service Address or API BaseAddress.
  • Exact error message, browser network error, and timestamp.

Security Notes

  • Do not publish QBM Server or SQL Server directly through Cloudflare Tunnel unless development and security approve a specific design.
  • Do not share tunnel tokens, product keys, passwords, or raw customer database backups in public chats.
  • Use HTTPS public hostnames and keep Cloudflare access rules aligned with the customer security policy.
  • Keep QBM Server private on the internal network.