If at any point in this walktrhough you get lost you can follow the Cloudflare Guide here: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/
wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && dpkg -i cloudflared-linux-amd64.deb
cloudflared tunnel login
When you do this step, you will get a URL in terminal that you need to click. This will open a page with all the domains you have in Cloudflare and you can choose which one you will use for the tunnel.
Once you do this, it will have you logged in and given you a path where your cert will live: /root/.cloudflared
cloudflared tunnel create <NAME>
For example: cloudflared tunnel create demo
This will generate your UUID for your tunnel. It will be a long non-descript code for the tunnel you just created. It will look something like this a7e850d3-8960-4718-bbf2-8c0f09556a16
All of this information will be replicated on the terminal so just keep it in mind since you will need it later on.
Use nano to open config.yml
on /root/.cloudflared
tunnel: <Tunnel-UUID>
credentials-file: /root/.cloudflared/<Tunnel-UUID>.json
For example, using the fake UUID from above this is how the config.yml
should look like:
tunnel: a7e850d3-8960-4718-bbf2-8c0f09556a16
credentials-file: /root/.cloudflared/a7e850d3-8960-4718-bbf2-8c0f09556a16.json
Now assign a CNAME record that points traffic to your tunnel subdomain
If you are connecting an application (like proxmox or pterodactyl)
cloudflared tunnel route dns <UUID or NAME> <hostname>
e.g: cloudflared tunnel route dns panel.yourdomain.com
If you are connecting a network add the IP/CIDR you would like to be routed through the tunnel:
e.g: (CIDR: 192.168.0.9/24 = 192.168.0.0 to 192.168.0.255)
cloudflared tunnel route ip add <IP/CIDR> <UUID or NAME>
e.g: cloudflared tunnel route ip add 192.168.1.8/24 <UUID or NAME>
You can confirm that the route has been successfully established by running:
cloudflared tunnel route ip show
This part is not described in the Getting Started guide in Cloudflare Docs. I had to figure this out myself after some serious headbutting with the wall.
However they do have an Ingress rules guide, which until recently it was hidden away somewhere.
So what is Ingress? Ingress is what allows you to point your tunnel or subnet.domain to a specific server. Otherwise how else would cloudflare know where you want to point bambifawns.com to?
tunnel: <Tunnel-UUID>
credentials-file: /root/.cloudflared/<Tunnel-UUID>.json
ingress:
- hostname: dashboard.yourdomainname.com
service: https://your.ip.goes.here:port#
originRequest:
noTLSVerify: true
- service: http_status:404
Catch all rule: - service: http_status:404
in case you are wondering.
Run the tunnel to proxy incoming traffic from the tunnel to any number of services running locally on your origin.
cloudflared tunnel run <UUID or NAME>
So for example:
cloudflared tunnel run demo
You can install Cloudflared as a system service on Linux so you dont have to run it manually.
- Install the
cloudflared
service:cloudflared service install
- Start the service:
systemctl start cloudflared
- (Optional) View the status of the service:
systemctl status cloudflared
If for any reason you cannot install the service. Follow these steps:
-
Rename
config.yml
:mv /root/.cloudflared/config.yml /root/.cloudflared/config.yml.old
-
Uninstall the Cloudflared service by typing:
cloudflared service uninstall
-
Rename the config.yml again:
mv /root/.cloudflared/config.yml.old /root/.cloudflared/config.yml
-
Restart Cloudflared service:
systemctl restart cloudflared
-
Configuring tunnel by command line - https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/
-
-
How to run as a service in Linux - https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/local/as-a-service/linux/
-
Cloudflare Tunnel Setup Guide by RaidOwl: https://www.youtube.com/watch?v=hrwoKO7LMzk