Tips-Of-Mine/Applications
2
0
Fork 0
Code Pull Requests Wiki Activity
Applications/apps/cloudflare-tunnels.md
hcornet 0b373d31db update
2024-04-03 22:04:13 +02:00

86 lines
2.1 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Cloudflare Tunnel
##### Protect your web servers from direct attack
From the moment an application is deployed, developers and IT spend time locking it down — configuring ACLs, rotating IP addresses, and using clunky solutions like GRE tunnels.
Theres a simpler and more secure way to protect your applications and web servers from direct attacks: Cloudflare Tunnel.
Ensure your server is safe, no matter where its running: public cloud, private cloud, Kubernetes cluster, or even a Mac mini under your TV.
### I do everthing in the cli
install the cloudflare tunnel service.
in my case i will do the install on een ubuntu machine.
```
wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && sudo dpkg -i cloudflared-linux-amd64.deb
```
When you run the flowing command you get a url. login to cloudflare
```
cloudflared tunnel login
```
when cloudflare is connected you get a cert.pem.
make a note of the location.
create the tunnel
by name fill the name that you want for the tunnel.
```
cloudflared tunnel create <NAME>
# Take a note where your tunnel credentials are saved.
```
create a configuration file in the `.cloudflared` directory
```
nano /home/$USER/.cloudflared/config.yaml
```
set the following lines.
```
tunnel: Your-Tunnel-Id
credentials-file: /home/$USER/.cloudflared/1d4537b6-67b9-4c75-a022-ce805acd5c0a.json
1d4537b6-67b9-4c75-a022-ce805acd5c0a.json # Get the json file from previous step.
```
add your first site example.com
```
cloudflared tunnel route dns <name of the tunnel> <example.com>
```
create the ingress.
create config.yml file in you .cloudflared directory
```
ingress:
- hostname: example.com
service: http://internalip:80
- hostname: sub.example.com
service: http://internalip:88
- service: http_status:404 # this is required as a 'catch-all'
```
start the tunnel
```
cloudflared tunnel run <name of your tunnel>
```
Make a service to run automatic
```
cloudflared service install
```
start en enable the service
```
systemctl enable --now cloudflared
```
View Git Blame Copy Permalink