Cloudflare Zero Trust Tunnel

Recommended Posts

I would love to see cloudflared as a native plugin for unRAID. I know that there is a docker container, but it would be, in my opinion, better to have it native so that it runs even when the array is offline.


This is a much easier way to proxy sites to containers. It does not require any ports to be forwarded and users cannot get your home public IP address. And, it can be used to connect to your home network when away by using the client.


This seems to be a must have for anyone wanting to share data and keep their network secure.

  • Upvote 2
Link to comment
Posted (edited)

So, I would still love to see this as a plug-in for unRAID. But, I have managed to scrape together a script that will work in the meantime. It's not perfect, but it does work so I thought I would share in case it helps someone else.


I am using the User Scripts plugin. I created a script called argo_tunnel and pasted the following into it.

#description=Create Cloudflare Zero Trust Tunnel
# Create Cloudflare Zero Trust Tunnel


# Set tunnel token found at

# Set folder for executables

/usr/local/emhttp/plugins/dynamix/scripts/notify -s "Cloudflare Tunnel" -d "Starting Cloudflare Tunnel."

mkdir -p $argofolder

# Download supervisor and cloudflared and make executable
wget -nc -P $argofolder/
chmod +x $argofolder/supervisord
wget -nc -O $argofolder/cloudflared
chmod +x $argofolder/cloudflared

# Create supervisord conf file
cat > $argofolder/supervisord.conf << EOL
file = /var/run/supervisor.sock
chmod = 0777
chown= nobody:nogroup

command = $argofolder/cloudflared --protocol quic tunnel run --token $argotoken
autostart = true
autorestart = true
startsecs = 20
startretries = 100
redirect_stderr = true
stdout_logfile = /var/log/cloudflared.log
stdout_logfile_maxbytes = 2M
stdout_logfile_backups = 0
stopsignal = INT

#Run Cloudflare Tunnel
$argofolder/supervisord -c $argofolder/supervisord.conf -d

#Stop Notification
#/usr/local/emhttp/plugins/dynamix/scripts/notify -s "Cloudflare Tunnel" -d "Stopping Cloudflare Tunnel."


There are two variables.

$argotoken - You will need to add your token from replacing PASTETOKENHERE.

$argofolder -  You can change this or leave the default to your liking.


It does not seem as if there is a way to start scripts in User Scripts at boot. Since I wanted this to start even if the array doesn't start, I added the following line to my /boot/config/go file.


sh /boot/config/plugins/user.scripts/scripts/argo_tunnel/script


If you didn't choose the same name for the script, you will need to update the path for the script above. And, if you don't want to edit the go file, you can simply choose "At First Array Start Only" for your script in User Scripts.


If this helps, please leave a comment. And, if you know a better way to implement this, please let me know.

Edited by Eddie Seelke
Changed URL for supervisord
Link to comment
  • 2 weeks later...

Hi mate, I have set up the Docker container from the official repo and it's working well, with a few items that I suspect you are a good source to discuss them with:

  1. Access via the tunnel to the URL does not work unless I set TLS to "Yes" rather than "strict" so that it uses the self-signed certificate (and I set TLS verification to off in the Cloudflare portal
  2. What is the correct setup if the internal host is accessed via DNS (e.g. host.mydomain.local) rather than IP address?

It's literally day 1 here so these are questions I would probably be able to work out later anyway.  Figured it can't hurt to ask.

Link to comment
  • 1 month later...

This is something I've been looking for! But when I run the script, I get a continuous error : 


INFO[2023-03-05T09:49:45Z] create process:cloudflared
INFO[2023-03-05T09:49:45Z] stop listening
INFO[2023-03-05T09:49:45Z] try to start program                          program=cloudflared
INFO[2023-03-05T09:49:45Z] success to listen on address                  addr=/var/run/supervisor.sock protocol=unix
DEBU[2023-03-05T09:49:45Z] wait program exit                             program=cloudflared
INFO[2023-03-05T09:49:46Z] fail to wait for program exit                 program=cloudflared
DEBU[2023-03-05T09:49:46Z] wait program exit                             program=cloudflared
INFO[2023-03-05T09:49:46Z] fail to wait for program exit                 program=cloudflared
DEBU[2023-03-05T09:49:46Z] wait program exit                             program=cloudflared


Any ideas?


I have the tunnel running via docker no problem. I've also had it running as a service on debian too without issue. And I've checked the tunnel token. Unless I'm using the wrong thing? Presuming that the tunnel token is what the code is needing......

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.