Skip to content

[新服务]CloudFlare Argo Tunnel用于建立是有隧道

目的

  • 在目标机target_host上开启tunnel,本地转发本地端口target_port,远程主动链接cloudflare网络
  • 获得独特的隧道域名 – 从这个域名访问即 (CF Host -> target_host:target_port)
  • 建立cname – 可以通过cname来使用这个tunnel

参考

实现

YOUR_DOMAIN="idea.com"

# 下载安装 - 或从这里安装最新版 https://github.com/cloudflare/cloudflared/releases
### ubuntu/debian
wget -q https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.deb
dpkg -i cloudflared-stable-linux-amd64.deb
### redhad/centos
wget -q https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.rpm
rpm -ivh cloudflared-stable-linux-amd64.rpm

which cloudflared  # /usr/local/bin/cloudflared

# 获得权限
cloudflared tunnel login

# 创建tunnel
cloudflared tunnel create $(hostname)-argo
cloudflared tunnel list
# 临时试验
cloudflared tunnel --url localhost:80
# 正式创建tunnel - 不使用config.yml
cloudflared tunnel run --url localhost:9013 $(hostname)-argo
# 创建tunnel cname - 可以用二级域名来使用tunnel
cloudflared tunnel route dns $(hostname)-argo $(hostname)-argo.${YOUR_DOMAIN}

install & run as system service

# run as service
# 使用config - 必须事先create tunnel
cat > ~/.cloudflared/config.yml <<EOF
tunnel: 499dc378-6d03-xxxx-99d5-0f824efc316a
credentials-file: /root/.cloudflared/499dc378-6d03-xxxx-99d5-0f824efc316a.json
logfile: /var/log/cloudflared.log

ingress:
  - hostname: $(hostname)-argo.${YOUR_DOMAIN}
    service: http://localhost:80
  - hostname: $(hostname)-argo-ssh.${YOUR_DOMAIN}
    service: ssh://localhost:22
  - service: http_status:404
EOF

cloudflared tunnel run

# 或者安装为system service - clean up existing /etc/cloudflared/config.yml
rm /etc/cloudflared/config.yml; cloudflared service install
systemctl enable cloudflared
systemctl start cloudflared
systemctl status cloudflared
journalctl -f -u cloudflared
cat > ~/.cloudflared/config.yml <<EOF
tunnel: 92661446-4e21-xxxx-99fa-3ebd4b40c273
credentials-file: /root/.cloudflared/92661446-4e21-xxxx-99fa-3ebd4b40c273.json
hostname: sk-argo.ck.mk
url: http://localhost:9013
logfile: /var/log/cloudflared.log
EOF

测试

Leave a Reply

Your email address will not be published.