On Mac "Sharing", turn on "Remote Login" and "Screen Sharing" Click the (i) of "Screen Sharing" and enable "VNC viewers may control screen with password"
Setup following noVNC service:
cd $HOME
git clone https://github.com/novnc/noVNC.gitcat <<'EOF' > ~/Library/LaunchAgents/com.user.novnc.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.user.novnc</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/env</string>
<string>python3</string>
<string>$HOME/noVNC/utils/novnc_proxy</string>
<string>--vnc</string>
<string>localhost:5900</string>
<string>--listen</string>
<string>8080</string>
</array>
<key>RunAtLoad</key><true/>
<key>KeepAlive</key><true/>
<key>WorkingDirectory</key><string>$HOME/noVNC</string></key>
<key>StandardOutPath</key><string>/tmp/novnc.out</string></key>
<key>StandardErrorPath</key><string>/tmp/novnc.err</string></key>
</dict>
</plist>
EOFlaunchctl load ~/Library/LaunchAgents/com.user.novnc.plist
launchctl start com.user.novnc
Now it exposes vnc server on your localhost 8080, since its http, its still not properly accessible (noVNC client requires ssl)
In Cloudflare console, go to "Zero Trust" then to "Networks -> Tunnels"
Create a tunnel
Follow instructions to setup the tunnel with token
Map your ${hostname}.local:8080 to your custom domain