UbuntuにCloudflaredをインストール

Ubuntu 24.04.1 LTS

uname -a
. /etc/os-release && echo "$PRETTY_NAME"
dpkg --print-architecture

Linux tah-ThinkPad-X1-Carbon-5th 6.8.0-41-generic #41-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug  2 20:41:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Ubuntu 24.04.1 LTS
amd64

neofetch

参考: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/

Cloudflare（https://dash.cloudflare.com）にアカウントを持ち、ドメイン（以下ではexample.com）をアカウントに追加していることを前提としています。

Cloudflared を使用することにより、固定の Public IP を用意したり、ポートを開いたりせずにサイトを公開することが可能です。

インストール

sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared any main" | sudo tee /etc/apt/sources.list.d/cloudflared.list

sudo apt-get update && sudo apt-get install cloudflared

認証

sudo cloudflared tunnel login

Please open the following URL and log in with your Cloudflare account:

https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%2FXXXXXXXXXXXX%3D

Leave cloudflared running to download the cert automatically.
20XX-XX-XXTXX:XX:XXZ INF You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pem

設定

sudo cloudflared tunnel create your-tunnel-service

出力から ID（xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx）を得られます。

Tunnel credentials written to /root/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.

Created tunnel your-tunnel-service with id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

以下でも ID を確認可能です。

sudo cloudflared tunnel list

/etc/cloudflared/config.ymlを編集します。

tunnel: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
credentials-file: /root/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json

ingress:
  - hostname: example.com
    service: http://localhost:80
  - hostname: api.example.com
    service: http://localhost:8888
  - service: http_status:404

上記では、http://localhost:80をexample.comとして、http://localhost:8888をapi.example.comとして公開しています。

以下のコマンドで、上記の ingress ルールを検証します。

sudo cloudflared tunnel ingress validate

Validating rules from /etc/cloudflared/config.yml
OK

DNS 設定

sudo cloudflared tunnel route dns your-tunnel-service example.com
sudo cloudflared tunnel route dns your-tunnel-service api.example.com

実行

sudo cloudflared tunnel run your-tunnel-service

サービス

sudo cloudflared service install
sudo systemctl start cloudflared

設定変更後

sudo systemctl restart cloudflared

SSH 接続

参考: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication/

/etc/cloudflared/config.ymlを編集します。

tunnel: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
credentials-file: /root/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json

ingress:
  - hostname: example.com
    service: http://localhost:80
  - hostname: api.example.com
    service: http://localhost:8888

  - hostname: ssh.example.com
    service: ssh://localhost:22

  - service: http_status:404

設定を反映します。

sudo cloudflared tunnel route dns your-tunnel-service ssh.example.com

sudo systemctl restart cloudflared

~/.ssh/configを編集します。

Host my-ssh-server
   Hostname ssh.example.com
   ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h

ssh USERNAME@my-ssh-server