cloudflared安装配置教程
1. 创建一个cloudflared文件夹 , 并登录cloudflared拉取证书
mkdir -p /mnt/user/appdata/cloudflared/ && chmod -R 777 /mnt/user/appdata/cloudflared/
docker run -it --rm -v /mnt/user/appdata/cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared tunnel login
点击链接跳转到授权argo隧道页面,选择对应域名,点击 授权 ,下载证书
2. 创建隧道 , 设置DNS解析
2.1 修改 "TUNNELNAME" 为自己定义的名称
docker run -it --rm -v /mnt/user/appdata/cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2022.4.0-amd64 tunnel create TUNNELNAME
保存好 UUID 备用
2.2 前往CF网页,设置DNS解析
删除A记录,或者将A记录替换为指向@的CNAME ,目标改成 UUID.cfargotunnel.com (自行修改UUID)
3. 创建修改 config.yml
nano /mnt/user/appdata/cloudflared/config.yml
替换对应 IP:PROT , uuid , domain.com
tunnel: UUID
credentials-file: /home/nonroot/.cloudflared/UUID.json
# NOTE: You should only have one ingress tag, so if you uncomment one block comment the others
# forward all traffic to Reverse Proxy w/ SSL
ingress:
- service: https://192.168.50.249:44301
originRequest:
originServerName: domain.com
#forward all traffic to Reverse Proxy w/ SSL and no TLS Verify
#ingress:
# - service: https://192.168.50.249:44301
# originRequest:
# noTLSVerify: true
# forward all traffic to reverse proxy over http
#ingress:
# - service: http://192.168.50.249:8001
4. 应用搜索安装 cloudflared
存储库固定到当前较为稳定的版本 : cloudflare/cloudflared:2022.4.0-amd64 ,喜欢追新的就去掉'冒号+版本号'
发布参数中,替换UUID
修改网络类型
启动后,可以打开日志,检查版本号
拓展知识和命令
1. 列出所有隧道命令
docker run -it --rm -v /mnt/user/appdata/cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2022.4.0-amd64 tunnel list
2. 删除隧道命令
docker run -it --rm -v /mnt/user/appdata/cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2022.4.0-amd64 tunnel delete TUNNELID
3. 如果仍有活动链接,强制删除命令
docker run -it --rm -v /mnt/user/appdata/cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2022.4.0-amd64 tunnel delete -f TUNNELID
删除隧道同时会一起删除相关的凭据文件!
4. 多个域
不需要多个容器,只要将UUID.cfargotunnel.com用于CNAME的内容复制到CF中的其他域
5. 多个容器
如果非要多个容器运行..
docker run -it --rm -v /mnt/user/appdata/cloudflared:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2022.4.0 tunnel info UUID
6. PLEX等流媒体服务器及一切走HTML流量的程序
非HTML流量不可用于CFD,会封号
解决办法 : 关闭小云朵,关闭一切非HTML流量内容的代理
DEBUG 指南
案例 1
Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: x509: certificate is not valid for any names, but wanted to match youdomain.com
遇到上述错误可以尝试修改 yourdomain.com 为 app.yourdomain.com
tunnel: UUID
credentials-file: /home/nonroot/.cloudflared/UUID.json
ingress:
- service: https://192.168.1.20:18443
originRequest:
originServerName: app.yourdomain.com
案例 2
Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]bash
error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp 127.0.0.1:8080: connect: connection refused" cfRay=XXXXXXXXXXXX-NRT originService=http://localhost:8080
上述错误说明无法访问config.yml
解决: 确认config.yml是否保存在 /mnt/user/appdata/cloudflared/
其他案例
查看官方指南
https://support.cloudflare.com/hc/en-us/articles/360029779472-Troubleshooting-Cloudflare-1XXX-errors
https://support.cloudflare.com/hc/en-us/categories/200276217-Troubleshooting
启用远程SSH访问
创建DNS记录
添加入口规则
入口规则自上而下解析,因此规则应该高于服务https://REVERSEPROXYIP:PORT/ rule.
- hostname: ssh.domain.com
service: ssh://SSHIP:PORT



















折腾这快乐着折腾
校验提示文案
molezhang
校验提示文案
molezhang
校验提示文案
折腾这快乐着折腾
校验提示文案