Skip to content

Cloudflared tunnel

Install cloudflared

sh
# for arch linux
yay -S cloudflared

INFO

If you are using another distro, please refer install guide.

Create tunnel

sh
cloudflared tunnel login
cloudflared tunnel create my-tunnel

Then, use cloudflared tunnel list to show ID of my-tunnel:

sh
~ $ cloudflared tunnel list
ID                                   NAME    CREATED              CONNECTIONS
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx my-tunnel 2023-01-08T02:26:41Z 2xLAX, 2xSJC

Create config.yml

sh
vim ~/.cloudflared/config.yml
yml
tunnel: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
credentials-file: /home/yunyuyuan/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json
ingress:
  - hostname: ssh.yunyuyuan.net
    service: ssh://localhost
  - hostname: vnc.yunyuyuan.net
    service: tcp://localhost:5900
  - hostname: git.yunyuyuan.net
    service: http://localhost:7654
  - hostname: git-ssh.yunyuyuan.net
    service: ssh://localhost:222
  - hostname: file.yunyuyuan.net
    service: http://localhost:80
  - hostname: aria.yunyuyuan.net
    service: http://localhost:80
  - service: http_status:404

Create tunnel&DNS script

sh
vim ~/tunnel-dns.sh
sh
# update cloudflare DNS record
/usr/bin/cloudflared tunnel route dns my-tunnel git.yunyuyuan.net
/usr/bin/cloudflared tunnel route dns my-tunnel git-ssh.yunyuyuan.net
/usr/bin/cloudflared tunnel route dns my-tunnel ssh.yunyuyuan.net
/usr/bin/cloudflared tunnel route dns my-tunnel vnc.yunyuyuan.net
/usr/bin/cloudflared tunnel route dns my-tunnel file.yunyuyuan.net
/usr/bin/cloudflared tunnel route dns my-tunnel aria.yunyuyuan.net
# run tunnel
/usr/bin/cloudflared tunnel run my-tunnel
# or ipv6 priority
# /usr/bin/cloudflared --edge-ip-version=6 tunnel run my-tunnel

Create tunnel service

sh
sudo vim /etc/systemd/system/cloudflared-tunnel.service
service
[Unit]
Description=cloudflared tunnel
Requires=network-online.target 
After=network-online.target
StartLimitInterval=300

[Service]
User=yunyuyuan
ExecStart=sh /home/yunyuyuan/tunnel-dns.sh
# auto retry, because cloudflare's DNS 1.1.1.1 maybe failure after boot.
Restart=always
RestartSec=30

[Install]
WantedBy=default.target

Start & Enable service

sh
sudo systemctl enable --now cloudflared-tunnel.service

Client-side Usage

SSH config

ini
Host ssh.yunyuyuan.net
  ProxyCommand D:\\tools\\cloudflared-windows-amd64.exe access ssh --hostname %h

VNC tunnel

sh
cloudflared access tcp --hostname vnc.yunyuyuan.net --url tcp://localhost:5901

Git

ini
Host ssh.yunyuyuan.net git-ssh.yunyuyuan.net
  ProxyCommand D:\\tools\\cloudflared-windows-amd64.exe access ssh --hostname %h
sh
# through tunnel
git clone [email protected]:yunyuyuan/self-host-starter.git
# through pure ipv6
git clone ssh://git@<youripv6>:222/yunyuyuan/self-host-starter.git

Multiple remotes

ini
[remote "github"]
  url = [email protected]:yunyuyuan/self-host-starter.git
  fetch = +refs/heads/*:refs/remotes/github/*
[remote "gitea"]
  url = [email protected]:yunyuyuan/self-host-starter.git
  fetch = +refs/heads/*:refs/remotes/gitea/*
[remote "origin"]
  url = [email protected]:yunyuyuan/self-host-starter.git
  url = [email protected]:yunyuyuan/self-host-starter.git