Cloudflared Argo tunnel
Have you been working with web applications that require a reverse proxy every time you're trying to deploy it on a domain? There's a faster solution for that!
Cloudflared is a tool mainly for companies that do not have their own managed network and it helps them get protected against attacks. It has a convenient tool called Argo tunnel, which was around Cloudflare for a long time.
Disclaimer: Argo tunnel on Cloudflare is a paid plan and fully hosted by Cloudflare! I will cover the Argo tunnel from Cloudflared, that is partially self-hosted.
Cloudflared Argo tunnel works like a proxy or a gateway for your web application. Unlike other reverse proxies like Nginx or Apache, Cloudflared has a "proxy" on Cloudflare, meaning you're fully behind them if set correctly. Reverse proxies are fully hosted on your own machine and you are required to expose your IP address.
This tool needs to be self hosted, and for that you'll need a server from yourself or from a provider of your choice.
Prerequisites:
- Linux server
- A domain
- Basic Linux terminal knowledge
This tutorial assumes you've already configured the Zero Trust dashboard. If you haven't done that yet, please set it up before continuing (https://one.dash.cloudflare.com/)
Step 1 - Install Cloudflared
This depends on the distribution you're using:
Debian (Bullseye)
# Add cloudflare gpg key
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
# Add this repo to your apt repositories
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
# install cloudflared
sudo apt-get update && sudo apt-get install cloudflared
Ubuntu 22.04 LTS (Jammy Jellyfish)
# Add cloudflare gpg key
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
# Add this repo to your apt repositories
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared jammy main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
# install cloudflared
sudo apt-get update && sudo apt-get install cloudflared
If your Linux distribution is different, please follow the installation instructions here.
Step 2: Configure Cloudflared
As mentioned before, we'll use the Argo tunnel, but first you'll need to configure it first. Head on to Zero Trust dashboard and click Access --> Tunnels. Click on Create tunnel and name it. Then select your Linux distribution and copy the second command snippet (since you've already installed Cloudflared) and paste it into your terminal. You may need screen
for Cloudflared to function in the background (apt install cloudflared). Now your tunnel is functional and ready for proxying.
Step 3: Create your first proxied service
The procedure is essentially the same as adding a DNS entry. Go to Public configuration and add an entry. Enter your subdomain name, select a domain you want to use, what type of service is that (in most cases, A record fits the best) and an application/service address. Keep in mind that if the service is located on the same server, you may use the address localhost:port
and if the server is on the same network, the server address where the app is would work too. That's it! Your application/service is proxied by Cloudflare.
The main purpose of Cloudflared Argo Tunnel is to proxy the application behind the firewall and behind Cloudflare at the same time. You don't need to open up any ports if the app is on the same server or on the same network.
Cloudflared also supports proxying SSH, RDP and most common protocols, meaning that you can connect to your server with a domain and get fully protected from Chinese bots.