====== Cloudflare Tunnel ======

[[https://bra.live/setup-home-server-with-cloudflare-tunnel/|Cloudflare Tunnel 实现内网穿透]]

[[https://pimylifeup.com/raspberry-pi-cloudflare-tunnel/|Cloudflare tunnel in raspberry Pi]]

===== 安装 =====
中文资料的方案，但amd64可能不适合树莓派
<code>
curl -L 'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64' -o /usr/bin/cloudflared
chmod +x /usr/bin/cloudflared
</code>

英文资料的方案：
<code | download>
curl -L https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-archive-keyring.gpg >/dev/null

echo "deb [signed-by=/usr/share/keyrings/cloudflare-archive-keyring.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee  /etc/apt/sources.list.d/cloudflared.list

sudo apt update
sudo apt install cloudflared
</code>

===== 登录 =====

<color #ff7f27>''%%cloudflared tunnel login%%''</color> 登录后证书存放于 <color #ff7f27>''%%/root/.cloudflared/cert.pem%%''</color>

<konsole>
root@mail:~# cloudflared tunnel login
Please open the following URL and log in with your Cloudflare account:
https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%2Fw8pQi1dhFdy2Ruf329imEq8QOOmWE-LCUWKwJlaw6zo%3D
Leave cloudflared running to download the cert automatically.
2023-12-19T07:14:40Z INF Waiting for login...
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pem
</konsole>

===== 创建隧道 =====

<code>
root@mail:~# cloudflared tunnel create yfmai
Tunnel credentials written to /root/.cloudflared/9a0be6c9-be07-4321-939a-c5bb92ad8fc1.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.

Created tunnel yfmai with id 9a0be6c9-be07-4321-939a-c5bb92ad8fc1
</code>

将隧道指向域名 （如果域名之前已经指定A记录，需要在Cloudflare上删除原来的记录）
  cloudflared tunnel route dns yfmai yfmai.eu.org
  
  
===== 服务器端口 =====

将server的端口指向隧道
<code>
cloudflared tunnel run --url localhost:80 yfmai
cloudflared tunnel run --url localhost:443 yfmai
</code>

检查规则 
  cloudflared tunnel ingress validate
  
测试服务
  cloudflared --loglevel debug --transport-loglevel warn --config ~/.cloudflared/config.yml tunnel run 9a0be6c9-be07-4321-939a-c5bb92ad8fc1
  
测试规则是否命中
  cloudflared tunnel ingress rule https://yfmai.eu.org
  
  
如果需要与nginx同时使用，可以将所有的443端口访问重导向到nginx
<code>
- hostname: yfmai.eu.org
    service: https://127.0.0.1:443
    originRequest:
      noTLSVerify: true
      originServerName: yfmai.eu.org
</code>

启动服务
<code | download>
sudo cloudflared --config ~/.cloudflared/config.yml service install
// 或者
cloudflared service install
</code>
===== 注册系统服务 =====

<code>
cloudflared service install
systemctl start cloudflared
systemctl status cloudflared
</code>