Pihat turns a Raspberry Pi and a cellular HAT into a device you can reach from anywhere — running entirely on your own Cloudflare account. No public IP, no open ports, no platform in the middle.
Works on Raspberry Pi 4 & Pi 5 · Bring-your-own-Cloudflare · Free at any reasonable scale
The tunnel, the DNS record and the access policy all live in your Cloudflare account — so you keep the control, the audit trail, and the keys.
Tunnel, DNS and access policy live in your account. Free at any reasonable scale, full audit visibility, and you decide who gets in.
Flash the image, run the browser wizard, drop one config file on the SD card, boot. The device provisions itself on first power-up.
No public IP and no open ports. Every connection rides a Cloudflare Tunnel, gated by Cloudflare Access at the edge.
Control it in real time over the HTTP API when it's online — and reach it by SMS out-of-band (OOB) if the data path drops. OOB keeps a device reachable without a working data session.
No Linux wrangling and no port forwarding. The device does the provisioning for you.
Download the Pihat OS image for your Pi 4 or Pi 5 from downloads.pihat.net and write it to a microSD card.
Run the wizard at setup.pihat.net. It creates the tunnel,
DNS and access policy in your Cloudflare account and hands you a config.env file.
Drop config.env on the card and boot. Reach the Pi from anywhere over SSH, the
HTTP API, or the console — with SMS as your out-of-band lifeline.
Pihat runs on the Raspberry Pi you already know, with a Teltonika LTE Pi HAT and a SIM — global connectivity provided by S-IMSY.
Grab an image, run the wizard, and you'll be managing your device over cellular in about twenty minutes.