shrmn Posted July 23, 2019 Share Posted July 23, 2019 Had a local business need to expose their CRM server to the public net today and the owner did not want to open any ports. Cloudflare's Argo Tunnel came to mind. They had an existing Unraid server handling file shares and backups, so started looking at ways to leverage this (actually underutilised) server. Thought I'd share the steps I got to getting the tunnel to work here. Below steps assume understanding/experience with reverse proxy setups and User Scripts. The setup consists of two broad steps: A. Install any reverse proxy as a Docker image (I used Nginx Proxy Manager) and take note of the exposed port / IP. In this example, I will be setting only the HTTP proxy on port 1880. This reverse proxy is the entry point of the tunnel. Configure this proxy to connect to whichever other services you have. B. Installing cloudflared and run on startup ssh into your server and download the cloudflared binary wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-amd64.tgz unzip the tgz tar -xvzf cloudflared-stable-linux-amd64.tgz Login to Cloudflare (this will produce a URL. Open that URL on your browser) ./cloudflared tunnel login Once authenticated, verify that the tunnel works (change your.hostname.com to your hostname) ./cloudflared tunnel --hostname your.hostname.com --url http://localhost:1880 Then visit your.hostname.com, you should see a Cloudflare welcome page. If DNS hasn't propagated, try setting your DNS resolver to 1.1.1.1 Save your configuration as a YAML-formatted file in ~/.cloudflared/config.yml; The contents should look like this: hostname: your.hostname.com url: http://localhost:1880 Copy the contents of ~/.cloudflared into /etc/cloudflared mkdir -p /etc/cloudflared cp ~/.cloudflared/config.yml /etc/cloudflared/ cp ~/.cloudflared/cert.pem /etc/cloudflared/ Install the User Scripts plugin if you haven't already, and create a new script. I named mine cloudflared Remove the default description file and copy the contents of the script below: #!/bin/bash #description=Launches cloudflared with config and cert loaded in /etc/cloudflared #backgroundOnly=true #arrayStarted=true # Above lines set the script info read: https://forums.unraid.net/topic/48286-plugin-ca-user-scripts/page/7/?tab=comments#comment-512697 # Set path to cloudflared binary configpath=/etc/cloudflared echo "Starting Cloudflared Binary with config and cert in $configpath" /root/cloudflared --config $configpath/config.yml --origincert $configpath/cert.pem echo "Exiting Cloudflared Binary" exit Refresh the User Scripts page and set the script to run on startup of array View the logs to ensure that your routes are secured and established. You should see something like this: Starting Cloudflared Binary with config and cert in /etc/cloudflared time="2019-07-24T01:36:27+08:00" level=info msg="Version 2019.7.0" time="2019-07-24T01:36:27+08:00" level=info msg="GOOS: linux, GOVersion: go1.11.5, GoArch: amd64" time="2019-07-24T01:36:27+08:00" level=info msg=Flags config=/etc/cloudflared/config.yml hostname=your.hostname.com logfile=/var/log/cloudflared.log origincert=/etc/cloudflared/cert.pem proxy-dns-upstream="https://1.1.1.1/dns-query, https://1.0.0.1/dns-query" url="http://localhost:1880" time="2019-07-24T01:36:27+08:00" level=info msg="Starting metrics server" addr="127.0.0.1:38457" time="2019-07-24T01:36:27+08:00" level=info msg="Autoupdate frequency is set to 24h0m0s" time="2019-07-24T01:36:27+08:00" level=info msg="Proxying tunnel requests to http://localhost:1880" time="2019-07-24T01:36:30+08:00" level=info msg="Connected to HKG" time="2019-07-24T01:36:30+08:00" level=info msg="Each HA connection's tunnel IDs: map[<REDACTED>]" time="2019-07-24T01:36:30+08:00" level=info msg="Route propagating, it may take up to 1 minute for your new route to become functional" time="2019-07-24T01:36:32+08:00" level=info msg="Connected to SIN" time="2019-07-24T01:36:32+08:00" level=info msg="Each HA connection's tunnel IDs: map[<REDACTED>]" time="2019-07-24T01:36:32+08:00" level=info msg="Route propagating, it may take up to 1 minute for your new route to become functional" time="2019-07-24T01:36:33+08:00" level=info msg="Connected to HKG" time="2019-07-24T01:36:33+08:00" level=info msg="Each HA connection's tunnel IDs: map[<REDACTED>]" time="2019-07-24T01:36:33+08:00" level=info msg="Route propagating, it may take up to 1 minute for your new route to become functional" time="2019-07-24T01:36:34+08:00" level=info msg="Connected to SIN" time="2019-07-24T01:36:34+08:00" level=info msg="Each HA connection's tunnel IDs: map[<REDACTED>]" time="2019-07-24T01:36:34+08:00" level=info msg="Route propagating, it may take up to 1 minute for your new route to become functional" Voila! 1 2 Quote Link to comment
Zotarios Posted April 15, 2021 Share Posted April 15, 2021 Nice to have a guide now that it’s a free service!! Quote Link to comment
jaj08 Posted April 19, 2021 Share Posted April 19, 2021 So in the above case I am then having the service run directly on unRAID? Seems like ideally would love to see this moved over to a docker setup now that the tunnel service is free. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.