Had a local business need to expose their CRM server to the public net today and the owner did not want to open any ports. Cloudflare's Argo Tunnel came to mind.
They had an existing Unraid server handling file shares and backups, so started looking at ways to leverage this (actually underutilised) server. Thought I'd share the steps I got to getting the tunnel to work here.
Below steps assume understanding/experience with reverse proxy setups and User Scripts.
The setup consists of two broad steps:
A. Install any reverse proxy as a Docker image (I used Nginx Proxy Manager) and take note of the exposed port / IP.
In this example, I will be setting only the HTTP proxy on port 1880.
This reverse proxy is the entry point of the tunnel. Configure this proxy to connect to whichever other services you have.
B. Installing cloudflared and run on startup
ssh into your server and download the cloudflared binary
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.tgz
unzip the tgz
tar -xvzf cloudflared-stable-linux-amd64.tgz
Login to Cloudflare (this will produce a URL. Open that URL on your browser)
./cloudflared tunnel login
Once authenticated, verify that the tunnel works (change your.hostname.com to your hostname)
./cloudflared tunnel --hostname your.hostname.com --url http://localhost:1880
Then visit your.hostname.com, you should see a Cloudflare welcome page. If DNS hasn't propagated, try setting your DNS resolver to 1.1.1.1
Save your configuration as a YAML-formatted file in ~/.cloudflared/config.yml; The contents should look like this:
hostname: your.hostname.com
url: http://localhost:1880
Copy the contents of ~/.cloudflared into /etc/cloudflared
mkdir -p /etc/cloudflared
cp ~/.cloudflared/config.yml /etc/cloudflared/
cp ~/.cloudflared/cert.pem /etc/cloudflared/
Install the User Scripts plugin if you haven't already, and create a new script. I named mine cloudflared
Remove the default description file and copy the contents of the script below:
#!/bin/bash
#description=Launches cloudflared with config and cert loaded in /etc/cloudflared
#backgroundOnly=true
#arrayStarted=true
# Above lines set the script info read: https://forums.unraid.net/topic/48286-plugin-ca-user-scripts/page/7/?tab=comments#comment-512697
# Set path to cloudflared binary
configpath=/etc/cloudflared
echo "Starting Cloudflared Binary with config and cert in $configpath"
/root/cloudflared --config $configpath/config.yml --origincert $configpath/cert.pem
echo "Exiting Cloudflared Binary"
exit
Refresh the User Scripts page and set the script to run on startup of array
View the logs to ensure that your routes are secured and established. You should see something like this:
Starting Cloudflared Binary with config and cert in /etc/cloudflared
time="2019-07-24T01:36:27+08:00" level=info msg="Version 2019.7.0"
time="2019-07-24T01:36:27+08:00" level=info msg="GOOS: linux, GOVersion: go1.11.5, GoArch: amd64"
time="2019-07-24T01:36:27+08:00" level=info msg=Flags config=/etc/cloudflared/config.yml hostname=your.hostname.com logfile=/var/log/cloudflared.log origincert=/etc/cloudflared/cert.pem proxy-dns-upstream="https://1.1.1.1/dns-query, https://1.0.0.1/dns-query" url="http://localhost:1880"
time="2019-07-24T01:36:27+08:00" level=info msg="Starting metrics server" addr="127.0.0.1:38457"
time="2019-07-24T01:36:27+08:00" level=info msg="Autoupdate frequency is set to 24h0m0s"
time="2019-07-24T01:36:27+08:00" level=info msg="Proxying tunnel requests to http://localhost:1880"
time="2019-07-24T01:36:30+08:00" level=info msg="Connected to HKG"
time="2019-07-24T01:36:30+08:00" level=info msg="Each HA connection's tunnel IDs: map[<REDACTED>]"
time="2019-07-24T01:36:30+08:00" level=info msg="Route propagating, it may take up to 1 minute for your new route to become functional"
time="2019-07-24T01:36:32+08:00" level=info msg="Connected to SIN"
time="2019-07-24T01:36:32+08:00" level=info msg="Each HA connection's tunnel IDs: map[<REDACTED>]"
time="2019-07-24T01:36:32+08:00" level=info msg="Route propagating, it may take up to 1 minute for your new route to become functional"
time="2019-07-24T01:36:33+08:00" level=info msg="Connected to HKG"
time="2019-07-24T01:36:33+08:00" level=info msg="Each HA connection's tunnel IDs: map[<REDACTED>]"
time="2019-07-24T01:36:33+08:00" level=info msg="Route propagating, it may take up to 1 minute for your new route to become functional"
time="2019-07-24T01:36:34+08:00" level=info msg="Connected to SIN"
time="2019-07-24T01:36:34+08:00" level=info msg="Each HA connection's tunnel IDs: map[<REDACTED>]"
time="2019-07-24T01:36:34+08:00" level=info msg="Route propagating, it may take up to 1 minute for your new route to become functional"
Voila!