【英文】Cloudflare内网穿透

Posted on Edited on Views:

Preface

Cloudflare Intranet Penetration

<!- more ->

Preparation

  • A domain name has been bound to Cloudflare

Download cloudflared

MacOS

1
brew install cloudflared

Log in to Cloudflare and authorize the Tunnel for the domain

1
cloudflared tunnel login
  • Next, a browser window will automatically open. If the current operating system does not have a GUI, you can copy the URL to another system’s browser for login.
1
2
3
4
5
A browser window should have opened at the following URL:

https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%2Fxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D

If the browser failed to open, please visit the URL above directly in your browser.
  • Log in to your Cloudflare account -> Select a domain name -> Authorize

  • Wait for the authorization to complete

  • At this point, the local prompt will indicate successful authorization and automatically generate a certificate
1
2
3
4
5
6
7
8
A browser window should have opened at the following URL:

https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%2Fxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D

If the browser failed to open, please visit the URL above directly in your browser.
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
~/.cloudflared/cert.pem

Create a tunnel

<tunnel_name>: Customize a tunnel name to distinguish different tunnels

1
cloudflared tunnel create <tunnel_name>
  • After successfully creating a tunnel, you will get a randomly generated UUID as the tunnel’s ID, and a certificate configuration file will be automatically created with the tunnel’s ID as the file name

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx: Take note of your tunnel’s ID
~/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json: Take note of the path to your tunnel certificate configuration file

1
2
3
Tunnel credentials written to ~/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.

Created tunnel mbp with id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Domain name resolution

  • In the Cloudflare console, create a CNAME type of resolution record for this domain name. The record name can be set arbitrarily, but it should be consistent with the following. The record value is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.cfargotunnel.com

Open the tunnel

  • Create a .yaml configuration file with a custom file name

tunnel: Fill in the ID of the tunnel that was just noted
credentials-file: Fill in the path of the certificate configuration file that was just noted
ingress: Configuration of the domain name for accessing the tunnel from the public network, each configuration represents a mapping

hostname: test.example.com, service: http://localhost:80: When accessing your domain name test.example.com, it will automatically be mapped to the internal network service http://127.0.0.1:80

example.com: Your domain name
test: Subdomain, the name of the CNAME type of record
http://localhost:80: The local address and port number. If the HTTP service is not on port 80, it can be changed to another port

service: http_status:404: When the accessed resource of the domain name is incorrect, it will automatically redirect to Cloudflare’s public 404 page

.yaml
1
2
3
4
5
6
7
tunnel: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
credentials-file: ~/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json
 
ingress:
  - hostname: test.example.com
    service: http://127.0.0.1:80
  - service: http_status:404

Completion

  • Screen capture

References

CSDN - Beauty of Operations