Cloudflare
Basics
Section titled Basics- You can use the free plan even for business use (reference)
- IPs that Cloudflare uses (reference)
- Don’t use most of Cloudflare’s tooling on-stream: it’s easy to leak tokens and IP and email addresses.
Tunnel
Section titled TunnelTunnel basics
Section titled Tunnel basicsI did a super simple tutorial video here: https://youtu.be/UR2lMDnqw2w
- What: can be used to expose a service to the internet via a domain name without the public being able to know your IP address. Great for hosting something from your home network.
- Requirements: your domain must be managed by Cloudflare.
- This is free and took me maybe about an hour to switch over.
- How: it’s dead simple to use. Just click the “View in Dashboard” button here and follow the instructions. Whichever computer will host a service should have its own version of
cloudflared.- Trying tunnels without an account: use quick tunnels to publicly expose a service without even needing a Cloudflare account (reference)!
- Download
cloudflared cloudflared tunnel --url http://localhost:7895- It’ll spit out a URL that you can share.
- Download
- Use with multiple computers: if you set up multiple computers on the same protocol/port (e.g.
localhost:3000on your desktop and your laptop), then they’ll just get round-robin’d through DNS. What’s actually happening is that Cloudflare adds a CNAME record with your tunnel ID in it, and the tunnel knows which connectors you added.
- Trying tunnels without an account: use quick tunnels to publicly expose a service without even needing a Cloudflare account (reference)!
Gotchas:
- The tunnel only has a health check for your machine, not your service. This means that if you run the
sudo cloudflared tunnel installcommand and do nothing else, Cloudflare will still route traffic to your machine only for it to 404. You would need to start your web server in that example. - The
sudo cloudflared tunnel installcommand contains a secret token, so you should delete the command from your history after running it. - You should obviously be incredibly careful exposing anything to the internet. It’s probably a good idea to delete the tunnel entirely if you’re done testing something.
- You cannot tunnel UDP connections (reference).
Tunnel command-line usage
Section titled Tunnel command-line usage- The very first thing you have to do is
cloudflared login, which will open a browser and have you authorize a domain. - See basic information about a tunnel and its connectors:
cloudflared tunnel list→cloudflared tunnel info NAME_OR_UUID_FROM_THE_LIST_COMMAND
- Delete a connector
- First, you have to stop
cloudflared. By default, the installation commands dosudo cloudflared service install, so you need to runsudo cloudflared service uninstall. This means that the tunnel will no longer start at login. - Then run
cloudflared tunnel delete TUNNEL_NAME_FROM_THE_LIST_COMMAND - Note that this does not delete your DNS entry that you may have added when creating the tunnel.
- First, you have to stop
It’s dead simple to set up receiving emails through Cloudflare (e.g. you@yournewdomain gets sent to you@yourolddomain)
- Click one of your domains
- Click “Email”
- Follow the instructions
That’s it. It creates some DNS records and then you can send emails to you@yournewdomain.
I haven’t personally set up sending emails through Cloudflare, but apparently that’s easy too (reference).
Troubleshooting
Section titled TroubleshootingCertificate issues with cloudflared
Section titled Certificate issues with cloudflaredIf you get an issue about a missing certificate when using cloudflared, just do cloudflared login and choose the domain that you want to manage. It’ll install a certificate for you.
”ERR error generating launchd template”
Section titled ”ERR error generating launchd template”Full error:
2024-03-08T22:25:02Z INF Installing cloudflared client as a system launch daemon. cloudflared client will run at boot
2024-03-08T22:25:02Z ERR error generating launchd template error="cloudflared service is already installed at /Library/LaunchDaemons/com.cloudflare.cloudflared.plist; if you are running a cloudflared tunnel, you can point it to multiple origins, avoiding the need to run more than one cloudflared service in the same machine; otherwise if you are really sure, you can do `cloudflared service uninstall` to clean up the existing service and then try again this command"If you are trying to set up multiple tunnels, just add another domain and service through the dashboard. Technically, you only need one tunnel to be able to serve multiple services (e.g. a web and a game server) (reference).
“com.cloudflare.cloudflared.plist: no such file or directory”
Section titled “com.cloudflare.cloudflared.plist: no such file or directory”When uninstalling a service, make sure to use sudo, otherwise you’ll see an error message referring to your user’s home directory (~):
> cloudflared service uninstall2024-03-08T22:28:50Z INF Uninstalling cloudflared as a user launch agenterror deleting /Users/adam/Library/LaunchAgents/com.cloudflare.cloudflared.plist: remove /Users/adam/Library/LaunchAgents/com.cloudflare.cloudflared.plist: no such file or directory