Cloudflare Tunnel

Cloudflare Tunnel 实现内网穿透

Cloudflare tunnel in raspberry Pi

中文资料的方案，但amd64可能不适合树莓派

curl -L 'https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64' -o /usr/bin/cloudflared
chmod +x /usr/bin/cloudflared

英文资料的方案：

curl -L https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-archive-keyring.gpg >/dev/null

echo "deb [signed-by=/usr/share/keyrings/cloudflare-archive-keyring.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee  /etc/apt/sources.list.d/cloudflared.list

sudo apt update
sudo apt install cloudflared

cloudflared tunnel login 登录后证书存放于 /root/.cloudflared/cert.pem

root@mail:~# cloudflared tunnel create yfmai
Tunnel credentials written to /root/.cloudflared/9a0be6c9-be07-4321-939a-c5bb92ad8fc1.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.

Created tunnel yfmai with id 9a0be6c9-be07-4321-939a-c5bb92ad8fc1

将隧道指向域名 （如果域名之前已经指定A记录，需要在Cloudflare上删除原来的记录）

cloudflared tunnel route dns yfmai yfmai.eu.org

将server的端口指向隧道

cloudflared tunnel run --url localhost:80 yfmai
cloudflared tunnel run --url localhost:443 yfmai

检查规则

cloudflared tunnel ingress validate

测试服务

cloudflared --loglevel debug --transport-loglevel warn --config ~/.cloudflared/config.yml tunnel run 9a0be6c9-be07-4321-939a-c5bb92ad8fc1

测试规则是否命中

cloudflared tunnel ingress rule https://yfmai.eu.org

如果需要与nginx同时使用，可以将所有的443端口访问重导向到nginx

- hostname: yfmai.eu.org
    service: https://127.0.0.1:443
    originRequest:
      noTLSVerify: true
      originServerName: yfmai.eu.org

启动服务

sudo cloudflared --config ~/.cloudflared/config.yml service install
// 或者
cloudflared service install

cloudflared service install
systemctl start cloudflared
systemctl status cloudflared