Cloudflare Tunnel 使用笔记

Caret Up

安装

1
curl -L 'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64' -o /usr/bin/cloudflared chmod +x /usr/bin/cloudflared

登录

1
cloudflared tunnel login

输入命令后,终端会给出一个登录地址,复制到浏览器打开,授权需要使用的网站

授权完成后,本地客户端会自动生成证书,生成失败重新执行上述步骤即可

创建隧道

1
2
3
cloudflared tunnel create <隧道名字> 
# 比如 
cloudflared tunnel create webserver-1

一般建议一台服务器建立一条隧道

创建成功后,会输出隧道UUID,记录备用

创建域名指向

1
2
3
4
5
cloudflared tunnel route dns <隧道名字> <域名> 
# 比如一级域名(和Web界面不一样,不需要输入@) 
cloudflared tunnel route dns webserver-1 abc.com 
# 又比如二级域名 
cloudflared tunnel route dns webserver-1 www.abc.com

此时,Cloudflare 会自动添加一条 CNAME 记录到对应的域名

对于多个其他域名,需要登录控制台,手动添加

<隧道UUID>.cfargotunnel.com

配置文件

文档 Ingress rules · Cloudflare Zero Trust docs

~/.cloudflared/config.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
tunnel: 997809ba-c344-43fb-a349-3d4fd90f6afc
credentials-file: /root/.cloudflared/997809ba-c344-43fb-a349-3d4fd90f6afc.json

ingress:
  # Rules map traffic from a hostname to a local service:
- hostname: example.com
  service: https://localhost:8000
  # Rules can match the request's path to a regular expression:
- hostname: static.example.com
  path: \.(jpg|png|css|js)$
  service: https://localhost:8001
  # Rules can match the request's hostname to a wildcard character:
- hostname: '*.example.com'
  service: https://localhost:8002
  # Example of a request mapping to the Hello World test server:
- hostname: test.apihut.net
  service: hello_world
  # An example of a catch-all rule:
- service: https://localhost:8003
- service: http_status:404

验证配置文件

1
2
3
cloudflared tunnel ingress validate
# 测试是否命中
cloudflared tunnel ingress rule https://<域名1.com>

测试运行

1
cloudflared --loglevel debug --transport-loglevel warn --config ~/.cloudflared/config.yml tunnel run <隧道UUID>

我们登陆Cloudflare Zero Trust的Web控制台,左边选择Access-Tunnels,可以看到隧道已经跑起来了,状态是Active。

创建系统服务

1
2
3
cloudflared service install 
systemctl start cloudflared 
systemctl status cloudflared

总结

如果有多台服务器,那么可以在不同的服务器安装多个Cloudflared,配置多个Tunnel。

参考