cloudflare tunnels for anything but http(s)

cloudflare tunnels have worked great for anything http, its set up a tunnel for a device, add a public hostname, host it on device and run cloudflared dada however when i change the protocol from anything but http(s), nothing works at all, in most cases i can just slap an http header on it and call it a day, but im not sure how to do that with ssh (and id rather not) what i want: add public hostname ssh://localhost:3333 to device with sshd on it systemctl restart sshd cloudflared on device with sshd on it ssh [email protected] -p ???? (what port do i use, both 22, 80, 443, 8080, and 3333 didnt work)
7 Replies
Chaika
Chaika3mo ago
For non-http/https, the client needs to install and run some software (cloudflared or warp w/ private networking) ?tunnel-tcp
Flare
Flare3mo ago
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options: For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/ For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/ For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/ Please note for all of these except SSH and VNC which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.
Solly
SollyOP3mo ago
i have got cloudflared ive never been able to get warp to work
Chaika
Chaika3mo ago
you need to run it locally
Solly
SollyOP3mo ago
on both machines but why does it need to be on the connecting side?
Chaika
Chaika3mo ago
then on the client who wants to connect you can run a command like cloudflared access tcp --hostname ssh.example.com --url 127.0.0.1:9210 to set up proxying the tcp port locally then ssh [email protected] -p 9210 Because of the message above:
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. I
Your tunnel doesn't have a unique IP or anything. Public Hostnames just use the normal CDN functionality which uses shared IPs, CF has no way of knowing which customer traffic on port 22 should go to when there's no extra identifying information. Running cloudflared on the connecting client's side adds that extra bit of context to who it should be routed to
Solly
SollyOP3mo ago
:D that works thanks! could that possibly be added as a msg when you try to add a non http(s) tunnel;
Want results from more Discord servers?
Add your server