Overview

I have already introduced how to create VMs through Vagrant, but generally speaking, home machines do not have public IPs, and even if they do, the operators will block the popular ports, so if you want to put VMs on the public network, then you need to use some additional technology, and this article introduces one of the free and convenient ones: Cloudflare Tunnel. This article introduces one of the free and convenient: Cloudflare Tunnel.

CF Tunnel introduction

Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address.

This is Cloudflare in his product introduction page inside the description of Tunnel this feature, very intuitive, Tunnel’s role is that you can connect to your resources in the public network without a public network. Here the resources can be hosts, virtual machines or containers, or even HTTP services and so on. ok, because the function is too intuitive, so not much to introduce, the following will start the hands-on part.

Tunnel Usage Overview

The use of Tunnel is different depending on the type of service used.

  • If you are exposing HTTP services, then you only need to run cloudflared program on the server side can
  • If you are exposing SSH services, then in addition to running the cloudflared program on the server side, you also need to run the cloudflared program on the client side

The following will introduce the use of these two different types of applications, where the server side of the same, I will merge into one, the difference is that the configuration is different, I will describe clearly.

install cloudflared

  1. [root@liqiang.io]# brew install cloudflare/cloudflare/cloudflared

The installation is complete and ready to use.

Configure cloudflared

After installation, you need to bind your Cloudflare account through the cloudflared program, this step is required for both the client and server side.

  1. [root@liqiang.io]# cloudflared tunnel login

After the execution of this command, it will generate a link and then you open this link in the browser, and then login to your account, if you have a domain name, select the domain name bound on it, no domain name or do not want to bind can be skipped.

server side

1. Create Tunnel

If you want to use a Tunnel, you need to have a Tunnel first, so you need to create one first, here I create a tunnel named default.

  1. [root@liqiang.io]# cloudflared tunnel create default

Remember the UUID returned by this command, if not, it’s not a big deal, there are two ways to see him

  1. [root@liqiang.io]# cloudflared tunnel list
  2. You can obtain more detailed information for each tunnel with ``cloudflared tunnel info <name/uuid>``
  3. ID NAME CREATED CONNECTIONS
  4. 1c025733-a2ec-4ec5-8d3a-9c9d6775e49b default 2022-09-28T00:33:33Z 2xNRT, 2xSIN
  5. [root@liqiang.io]# ls -al ~/.cloudflared
  6. total 20
  7. drwx------ 2 liqiang.io liqiang.io 4096 Sep 28 08:44 .
  8. drwxr-xr-x 55 liqiang.io liqiang.io 4096 Sep 28 21:34 .
  9. -rw------- 1 liqiang.io liqiang.io 161 Sep 28 08:33 1c025733-a2ec-4ec5-8d3a-9c9d6775e49b.json
2. Configuring the Tunnel

After creating the Tunnel you need to configure what application this Tunnel is, whether it is an HTTP service or an SSH service or something else, here I will introduce two kinds, HTTP and SSH

2.1 Configure SSH service
  1. [root@liqiang.io]# cat ~/.cloudflared/config.yml
  2. ingress:
  3. - hostname: ssh.liqiang.io
  4. service: ssh://localhost:22
  5. - service: http_status:404
  6. tunnel: 1c025733-a2ec-4ec5-8d3a-9c9d6775e49b
  7. credentials-file: /root/.cloudflared/1c025733-a2ec-4ec5-8d3a-9c9d6775e49b.json

This is the configuration of an SSH service, and there are a few details to cover here.

  • the default file name is config.yml, located in the .cloudflared directory under your HOME directory.
    • Of course, you can also customize the file name, but then you need to specify the file path when starting, because cloudflared will only look for the file name config.yml by default
  • SSH service configuration must have a default configuration pocket: - service: http_status:404
  • The value of tunnel is the value you were told to remember earlier
2.2 Configuring the HTTP Service

The configuration of the HTTP service is similar to that of SSH, but simpler, as it only needs to be configured as follows

  1. [root@liqiang.io]# cat ~/.cloudflared/config.yml
  2. url: http://localhost:2223
  3. tunnel: 1c025733-a2ec-4ec5-8d3a-9c9d6775e49b
  4. credentials-file: /root/.cloudflared/1c025733-a2ec-4ec5-8d3a-9c9d6775e49b.json

This means that the HTTP service you want to expose is listening on local port 2223.

3. Uploaded Routing Configuration
  1. [root@liqiang.io]# cloudflared tunnel route dns 1c025733-a2ec-4ec5-8d3a-9c9d6775e49b default

Here you want to register a public service with the domain name default, the suffix of the domain name here depends on whether you have bound the domain name, if so it is your bound domain name, if not it is the one assigned to you by Cloudflare, for example: default.cdn.cloudflare.net

4. Start the service

When everything is ready, you can expose your service, just execute.

  1. [root@liqiang.io]# cloudflared tunnel run

This way your service will be exposed to the public network.

client

1. HTTP services

If you are exposing HTTP services, then no additional configuration is needed, just access the domain name, for example, mine is the sample domain name: default.liqiang.io, and you can see the exposed HTTP services by accessing it directly.

2. SSH service

If you are exposing an SSH service, you can’t access it directly, but need to configure the local SSH configuration: ````.

  1. [root@liqiang.io]# cat ~/.ssh/config
  2. Host default.liqiang.io
  3. ProxyCommand /root/cloudflared access ssh --hostname %h

Then you can access this SSH service directly:

  1. [root@liqiang.io]# ssh root@default.liqiang.io

It’s just one more step and requires some extra configuration, but luckily, it’s a one-time job, so you can use it as usual.