cloudflare tunnels for anything but http(s)
cloudflare tunnels have worked great for anything http, its set up a tunnel for a device, add a public hostname, host it on device and run cloudflared
dada
however when i change the protocol from anything but http(s), nothing works at all, in most cases i can just slap an http header on it and call it a day, but im not sure how to do that with ssh (and id rather not)
what i want:
add public hostname ssh://localhost:3333 to device with sshd on it
systemctl restart sshd cloudflared on device with sshd on it
ssh [email protected] -p ???? (what port do i use, both 22, 80, 443, 8080, and 3333 didnt work)
7 Replies
For non-http/https, the client needs to install and run some software (cloudflared or warp w/ private networking)
?tunnel-tcp
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options:
For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here:
https://developers.cloudflare.com/cloudflare-one/applications/non-http/
For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/
For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/
Please note for all of these except SSH and VNC which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.
i have got cloudflared
ive never been able to get warp to work
you need to run it locally
on both machines
but why does it need to be on the connecting side?
then on the client who wants to connect you can run a command like
cloudflared access tcp --hostname ssh.example.com --url 127.0.0.1:9210
to set up proxying the tcp port locally then ssh [email protected] -p 9210
Because of the message above:
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. IYour tunnel doesn't have a unique IP or anything. Public Hostnames just use the normal CDN functionality which uses shared IPs, CF has no way of knowing which customer traffic on port 22 should go to when there's no extra identifying information. Running cloudflared on the connecting client's side adds that extra bit of context to who it should be routed to
:D that works thanks!
could that possibly be added as a msg when you try to add a non http(s) tunnel;