How to use the command 'cloudflared' (with examples)
Cloudflared is a versatile command-line tool that helps create secure tunnels to the Cloudflare network, allowing users to expose local services to the internet. Backed by Cloudflare’s robust infrastructure, it offers a secure and fast solution for developers looking to host services while bypassing the complexities of traditional tunneling methods. This article delves into the various use cases of the ‘cloudflared’ command and provides practical examples of how to employ these functionalities effectively.
Authenticate and associate the connection to a domain in the Cloudflare account
Code:
cloudflared tunnel login
Motivation:
Before utilizing any tunneling service, it’s essential to authenticate and link the connection to the correct domain within your Cloudflare account. This step not only ensures that the services you want to expose are associated accurately but also secures the overall operation by validating access permissions.
Explanation:
cloudflared tunnel login
: This command initiates the authentication process by launching a browser window prompting the user to log in to their Cloudflare account. Through this action, a persistent session is created between your local service and the Cloudflare network for secure communications.
Example output:
Upon executing the command, you might see:
A browser window should automatically open to complete the login.
If the browser does not open or you wish to use a different device, please visit:
https://dash.cloudflare.com/argotunnel?credentials=...
You have successfully logged in.
Create a tunnel with a specific name
Code:
cloudflared tunnel create my-tunnel
Motivation:
Naming a tunnel aids in better management and organization, especially when managing multiple tunnels. It allows the user to easily identify and differentiate between services, making maintenance and debugging more streamlined.
Explanation:
cloudflared tunnel create name
: Thecreate
argument is used to initiate a new tunnel, andmy-tunnel
specifies the name assigned to this particular tunnel. Naming conventions can be important in environments where numerous tunnels operate, thus aiding in efficient administration.
Example output:
When you run the command, a potential output could be:
Tunnel credentials written to /root/.cloudflared/123456-1234-1234-1234-123456789abc.json.
Created tunnel my-tunnel with id 123456-1234-1234-1234-123456789abc
Establish a tunnel to a host in Cloudflare from the local server
Code:
cloudflared tunnel --hostname mydomain.com localhost:8080
Motivation:
Establishing a tunnel directly from your local server to a specified host in the Cloudflare network is crucial for securely exposing local web applications or APIs to the external world. This capability allows development and collaboration from any geographical location while maintaining security.
Explanation:
cloudflared tunnel
: Starts the process of establishing a secure tunnel.--hostname mydomain.com
: Specifies the domain name or hostname that the service will be accessible through. It’s the publicly facing address where users will access the hosted service.localhost:8080
: Indicates the local address and port number of the running application on your server that will be accessible via the specified hostname.
Example output:
The command could yield an output like:
INFO[0000] Tunnel credentials loaded from /root/.cloudflared/123456-1234-1234-1234-123456789abc.json
INFO[0000] Serving mydomain.com -> 127.0.0.1:8080
Establish a tunnel to a host in Cloudflare from the local server, without verifying the local server’s certificate
Code:
cloudflared tunnel --hostname mydomain.com localhost:8080 --no-tls-verify
Motivation:
In development environments, it might be necessary to bypass TLS verification for various reasons, such as using self-signed certificates or testing purposes. This flexibility enables rapid development cycles without frequent interruptions due to SSL issues, maintaining focus on core development tasks.
Explanation:
cloudflared tunnel
: Initiates the tunnel creation.--hostname mydomain.com
: Specifies the domain accessible publicly.localhost:8080
: Represents the local server’s address and port.--no-tls-verify
: Disables the verification of the TLS/SSL certificate for the local server. This is particularly useful when working with self-signed certificates or when such verification is not required.
Example output:
Once you execute the command, the output may include:
INFO[0000] Skipping TLS verification for localhost:8080
INFO[0000] mydomain.com -> 127.0.0.1:8080
Save logs to a file
Code:
cloudflared tunnel --hostname mydomain.com http://localhost:8080 --loglevel info --logfile /var/log/cloudflared.log
Motivation:
Logging is a pivotal aspect of system management, offering insights into operations, potential errors, and user access patterns. By saving logs, administrators can retrospectively analyze events, detect anomalies, and refine performance parameters for enhanced system stability and security.
Explanation:
cloudflared tunnel
: Begins the process of opening a tunnel.--hostname mydomain.com
: Sets up the publicly accessible hostname.http://localhost:8080
: Indicates the local server address.--loglevel info
: Specifies the desired logging level, with ‘info’ capturing a moderate amount of detail about tunnel operations.--logfile /var/log/cloudflared.log
: Dictates the file path where logs will be stored, enabling persistent record-keeping.
Example output:
When the command runs, you may get:
INFO[0000] Log file created at /var/log/cloudflared.log
INFO[0000] mydomain.com -> 127.0.0.1:8080
Install cloudflared as a system service
Code:
cloudflared service install
Motivation:
Setting up cloudflared as a system service ensures that the tunnel is always active and automatically starts on server reboot. This setup provides reliability and consistency, minimizing downtime and maintenance overhead.
Explanation:
cloudflared service install
: Configures the cloudflared application to run as a persistent service on the system, ensuring it initiates on system startup and consistently operates without manual intervention.
Example output:
Executing the command will result in:
INFO[0000] Cloudflared service installation successful.
INFO[0000] Cloudflared will now start on system reboot.
Conclusion
The cloudflared command serves as a robust utility for establishing secure, manageable tunnels through the Cloudflare network. With its array of functionalities, from authentication and domain association to log management and system-level installation, it streamlines the process of securely making services globally accessible. Each use case demonstrates its practical application, making it a critical tool for developers and administrators alike.