-
Notifications
You must be signed in to change notification settings - Fork 254
CloudFlare Tunnel
Cloudflare Tunnel provides a secure way to expose your internal applications to the internet without needing to open ports on your firewall or configure a VPN. It acts as a secure gateway between your internal network and Cloudflare, ensuring that traffic to your applications is protected and can be easily managed. This guide will walk you through the process of setting up a Cloudflare Tunnel, enabling it, and protecting your applications with additional security measures.
Cloudflare Tunnel, formerly known as Argo Tunnel, works by establishing an encrypted connection between your internal network and the Cloudflare network. Instead of exposing your IP address directly to the internet, you route your application traffic through a secure tunnel that ends at a Cloudflare data center. Here’s how it works:
- Secure Tunnel Creation: The Cloudflare Tunnel agent (a lightweight daemon) is installed on your server. This agent creates a secure connection to Cloudflare's edge servers, effectively acting as a tunnel.
-
Traffic Management: All incoming traffic to your application's domain (e.g.,
app.yourdomain.com) is directed through Cloudflare's network. Cloudflare's edge servers route the traffic through the tunnel to your internal application, ensuring encryption and protection. - No Open Ports Required: Since the traffic is routed through Cloudflare, you don't need to open any ports on your firewall. This reduces the risk of attacks and simplifies network security.
- Access Control: With Cloudflare’s Zero Trust model, you can enforce authentication and authorization policies, ensuring that only authorized users can access your internal applications.
To use Cloudflare Tunnel with PlexGuide, follow these steps:
- Access your PlexGuide server via SSH.
-
Install the Cloudflare Tunnel agent (if not already installed) using the following command:
This command will download and install the Cloudflare Tunnel client, setting up necessary configurations.
curl -s https://plexguide.com/install-cf-tunnel | sudo bash
- Log in to your Cloudflare account: Visit Cloudflare and sign in with your credentials.
- Create a new tunnel: Navigate to Zero Trust > Access > Tunnels and click on Create a Tunnel.
- Name your tunnel and click on Save. Cloudflare will generate a token for your tunnel.
-
Copy the provided command to authenticate your server. It will look something like this:
cloudflared tunnel login
- Run the command on your server to authenticate with Cloudflare. You will be redirected to the Cloudflare login page to complete the authentication.
-
Create a tunnel configuration file: Typically located at
/etc/cloudflared/config.yml. Define your tunnel settings:tunnel: your-tunnel-name credentials-file: /etc/cloudflared/your-tunnel-credentials.json ingress: - hostname: app.yourdomain.com service: http://localhost:3000 - service: http_status:404
- Replace
your-tunnel-namewith the name of your tunnel. - Replace
app.yourdomain.comwith the subdomain for your application. - Replace
localhost:3000with the actual port your internal application is running on.
- Replace
-
Start the Cloudflare Tunnel:
cloudflared tunnel run your-tunnel-name
Cloudflare Tunnel can be configured to route traffic to multiple internal applications. Modify the config.yml file to include additional hostnames and services.
tunnel: your-tunnel-name
credentials-file: /etc/cloudflared/your-tunnel-credentials.json
ingress:
- hostname: plex.yourdomain.com
service: http://localhost:32400
- hostname: sonarr.yourdomain.com
service: http://localhost:8989
- hostname: radarr.yourdomain.com
service: http://localhost:7878
- service: http_status:404Home - https://plexguide.com