Tunneling with Cloudflare

Prerequisites

• A domain name must be purchased and an account created at Cloudflare.

• Empty DNS record (if domain name purchased somewhere else than thorugh Cloudflare)

Note

The following applies for a locally managed tunnel (CLI)

Setup on Raspberry Pi

Installation

Source: https://pkg.cloudflare.com/index.html#debian-bookworm

# Add cloudflare gpg key
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

# Add this repo to your apt repositories
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared bookworm main' | sudo tee /etc/apt/sources.list.d/cloudflared.list

# install cloudflared
sudo apt-get update && sudo apt-get install cloudflared

Authentication

$ cloudflared tunnel login

Running this command will:

• Open a browser window and prompt you to log in to your Cloudflare account.

• Generate an account certificate, the cert.pem file, in the default cloudflared directory.

A browser window should have opened at the following URL:

https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%.cloudflareaccess.org

If the browser failed to open, please visit the URL above directly in your browser.

Follow the instruction to authenticate and get a self signed certificate required for https encryption.

You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/home/user/.cloudflared/cert.pem