CloudFlare Tunnel 是一个强大的工具,允许你将本地或者内部网络的服务安全地连接到 CloudFlare 的全球网络。通过使用 CloudFlare Tunnel,你可以轻松地为本地开发环境、内部应用程序或者其他需要保护的服务提供安全、快速的访问。本文将介绍 CloudFlare Tunnel 的基本概念、功能以及配置方法。
什么是 CloudFlare Tunnel?
CloudFlare Tunnel 是 CloudFlare 公司提供的一种代理服务,它允许你将本地或内部网络的服务(例如,Web 服务器、API 服务器等)通过加密的通道连接到 CloudFlare 的全球网络。这样,你的服务将得到 CloudFlare 提供的安全性、性能和可靠性优势。
CloudFlare Tunnel 的优势
- 安全性:通过 CloudFlare Tunnel,你的服务与互联网之间的所有流量都会被加密,从而增强了数据安全。此外,CloudFlare 提供了防火墙、DDoS 防护等安全功能,可以保护你的服务免受恶意攻击。
- 性能:CloudFlare 拥有全球范围内的数据中心,可以为你的服务提供 CDN 加速。这意味着,你的服务可以更快地为全球用户提供内容。
- 可靠性:CloudFlare 的全球网络具有高度冗余和可用性,可以确保你的服务在面临硬件故障或者网络问题时依然可用。
- 灵活性:CloudFlare Tunnel 可以用于多种场景,包括本地开发环境、内部应用程序、IoT 设备等。无论你的服务在何处运行,CloudFlare Tunnel 都可以为其提供安全的互联网连接。
如何配置 CloudFlare Tunnel?
要使用 CloudFlare Tunnel,你需要遵循以下步骤:
1.创建 CloudFlare 账户:首先,你需要在 CloudFlare 官网 ↗ 上创建一个账户,并添加你的域名。没有域名的话,你可以去注册一个eu.org免费域名(审核时间有点长),或者到namesilo注册一个你心仪的域名,常用的域名后缀(TLD)有.com .net .org .top .xyz
namesilo域名注册优惠码:ZYH8
2.安装 CloudFlare Tunnel 客户端:如果您使用的是linux,可以通过以下命令安装:
Debian Buster (stable)
# Add cloudflare gpg key sudo mkdir -p --mode=0755 /usr/share/keyrings curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null # Add this repo to your apt repositories echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared buster main' | sudo tee /etc/apt/sources.list.d/cloudflared.list # install cloudflared sudo apt-get update && sudo apt-get install cloudflared
Debian Bullseye (stable)
# Add cloudflare gpg key sudo mkdir -p --mode=0755 /usr/share/keyrings curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null # Add this repo to your apt repositories echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared bullseye main' | sudo tee /etc/apt/sources.list.d/cloudflared.list # install cloudflared sudo apt-get update && sudo apt-get install cloudflared
Debian Bookworm (testing)
# Add cloudflare gpg key sudo mkdir -p --mode=0755 /usr/share/keyrings curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null # Add this repo to your apt repositories echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared bookworm main' | sudo tee /etc/apt/sources.list.d/cloudflared.list # install cloudflared sudo apt-get update && sudo apt-get install cloudflared
Ubuntu 20.04 LTS (Focal Fossa)
# Add cloudflare gpg key sudo mkdir -p --mode=0755 /usr/share/keyrings curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null # Add this repo to your apt repositories echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared focal main' | sudo tee /etc/apt/sources.list.d/cloudflared.list # install cloudflared sudo apt-get update && sudo apt-get install cloudflared
Ubuntu 22.04 LTS (Jammy Jellyfish)
# Add cloudflare gpg key sudo mkdir -p --mode=0755 /usr/share/keyrings curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null # Add this repo to your apt repositories echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared jammy main' | sudo tee /etc/apt/sources.list.d/cloudflared.list # install cloudflared sudo apt-get update && sudo apt-get install cloudflared
Amazon Linux
# Add cloudflared-ascii.repo to /etc/yum.repos.d/ curl -fsSl https://pkg.cloudflare.com/cloudflared-ascii.repo | sudo tee /etc/yum.repos.d/cloudflared-ascii.repo #update repo sudo yum update # install cloudflared sudo yum install cloudflared
RHEL Generic
# Add cloudflared.repo to /etc/yum.repos.d/ curl -fsSl https://pkg.cloudflare.com/cloudflared-ascii.repo | sudo tee /etc/yum.repos.d/cloudflared.repo #update repo sudo yum update # install cloudflared sudo yum install cloudflared
Centos 7
# This requires yum config-manager sudo yum install yum-utils # Add cloudflared.repo to config-manager sudo yum-config-manager --add-repo https://pkg.cloudflare.com/cloudflared-ascii.repo # install cloudflared yum install cloudflared
Centos 8
# This requires dnf config-manager # Add cloudflared.repo to config-manager sudo dnf config-manager --add-repo https://pkg.cloudflare.com/cloudflared-ascii.repo # install cloudflared sudo dnf install cloudflared
Centos Stream
# This requires dnf config-manager # Add cloudflared.repo to config-manager sudo dnf config-manager --add-repo https://pkg.cloudflare.com/cloudflared-ascii.repo # install cloudflared sudo dnf install cloudflared
Gokeyless
Debian
sudo mkdir -p --mode=0755 /usr/share/keyrings curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null # Add this repo to your apt repositories echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/gokeyless buster main' | sudo tee /etc/apt/sources.list.d/cloudflare.list # install gokeyless sudo apt-get update && sudo apt-get install gokeyless
Centos 8
# This requires dnf config-manager # Add gokeyless.repo to config-manager sudo dnf config-manager --add-repo https://pkg.cloudflare.com/gokeyless.repo # install gokeyless sudo dnf install gokeyless 如果找不到对应你系统的命令,那你需要手动下载二进制文件进行安装https://github.com/cloudflare/cloudflared/releases
其他系统安装参考Cloudflare 文档
安装好后我们需要进行配置
参参考官方文档进行配置:设置您的第一个隧道 ·Cloudflare文档
这里说几个常见的问题,如果你遇到证书错误那么你需要在config.yml文件中配置入口规则,以下是一个示例配置:(这样配置后可以使用服务器的自签名证书)
tunnel: your_tunnel_id
credentials-file: /path/to/your/credentials.json
ingress:
- hostname: example.com
service: http://localhost:8080
originRequest:
noTLSVerify: true
http2Origin: true
- service: http_status:404
更多入口规则配置参考入口规则 ·Cloudflare 文档
如果需要设置开机自启,请按照以下步骤操作(ubuntu系统)
注意:请把示例中的moodle替换为你自己的隧道名称
1.使用文本编辑器(如nano
)创建一个新的systemd服务文件:
sudo nano /etc/systemd/system/cloudflared-moodle.service
2.将以下内容粘贴到新创建的文件中,注意替换<your_user>
为您的实际用户名:
[Unit]
Description=Cloudflare Tunnel for Moodle
After=network.target
[Service]
User=<your_user>
Group=<your_user>
ExecStart=/usr/local/bin/cloudflared tunnel run moodle
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
3.重新加载systemd配置:
sudo systemctl daemon-reload
4.启用新创建的服务,以便在开机时自动运行:
sudo systemctl enable cloudflared-moodle.service
5.现在,您可以手动启动服务:
sudo systemctl start cloudflared-moodle.service
6.检查服务状态以确保一切正常:
sudo systemctl status cloudflared-moodle.service
现在,Cloudflare Tunnel将在后台运行,并在系统启动时自动启动。如果您需要停止、启动或重启服务,可以使用以下命令:
- 停止服务:
sudo systemctl stop cloudflared-moodle.service
- 启动服务:
sudo systemctl start cloudflared-moodle.service
- 重启服务:
sudo systemctl restart cloudflared-moodle.service
要查看服务的状态和日志,您可以使用以下命令:
- 查看状态:
sudo systemctl status cloudflared-moodle.service
- 查看日志:
sudo journalctl -u cloudflared-moodle.service
评论