目的
- 在目标机target_host上开启tunnel,本地转发本地端口target_port,远程主动链接cloudflare网络
- 获得独特的隧道域名 – 从这个域名访问即 (CF Host -> target_host:target_port)
- 建立cname – 可以通过cname来使用这个tunnel
参考
实现
YOUR_DOMAIN="idea.com"
# 下载安装 - 或从这里安装最新版 https://github.com/cloudflare/cloudflared/releases
### ubuntu/debian
wget -q https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
dpkg -i cloudflared-stable-linux-amd64.deb
### redhad/centos
wget -q https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.rpm
rpm -ivh cloudflared-stable-linux-amd64.rpm
which cloudflared # /usr/local/bin/cloudflared
# 获得权限
cloudflared tunnel login
# 创建tunnel
cloudflared tunnel create $(hostname)-argo
cloudflared tunnel list
# 临时试验
cloudflared tunnel --url localhost:80
# 正式创建tunnel - 不使用config.yml
cloudflared tunnel run --url localhost:9013 $(hostname)-argo
# 创建tunnel cname - 可以用二级域名来使用tunnel
cloudflared tunnel route dns $(hostname)-argo $(hostname)-argo.${YOUR_DOMAIN}
install & run as system service
# run as service
# 使用config - 必须事先create tunnel
cat > ~/.cloudflared/config.yml <<EOF
tunnel: 499dc378-6d03-xxxx-99d5-0f824efc316a
credentials-file: /root/.cloudflared/499dc378-6d03-xxxx-99d5-0f824efc316a.json
logfile: /var/log/cloudflared.log
ingress:
- hostname: $(hostname)-argo.${YOUR_DOMAIN}
service: http://localhost:80
- hostname: $(hostname)-argo-ssh.${YOUR_DOMAIN}
service: ssh://localhost:22
- service: http_status:404
EOF
cloudflared tunnel run
# 或者安装为system service - clean up existing /etc/cloudflared/config.yml
rm /etc/cloudflared/config.yml; cloudflared service install
systemctl enable cloudflared
systemctl start cloudflared
systemctl status cloudflared
journalctl -f -u cloudflared
cat > ~/.cloudflared/config.yml <<EOF
tunnel: 92661446-4e21-xxxx-99fa-3ebd4b40c273
credentials-file: /root/.cloudflared/92661446-4e21-xxxx-99fa-3ebd4b40c273.json
hostname: sk-argo.ck.mk
url: http://localhost:9013
logfile: /var/log/cloudflared.log
EOF
测试