OhidurArticles

Setting Up SSH Access via Cloudflare Tunnel on Raspberry Pi

A step-by-step guide to configuring Cloudflare Tunnel for SSH access on a Raspberry Pi.

Installing Cloudflared on the Server

To begin, you'll need to install the Cloudflared package on your Raspberry Pi:

sudo wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb
sudo dpkg -i ./cloudflared-linux-arm64.deb

Authenticating Cloudflared

Run the following command to log into your Cloudflare account and authenticate Cloudflared:

cloudflared tunnel login

Creating a Tunnel

Use the command below to create a new Tunnel:

cloudflared tunnel create <NAME>

Replace <NAME> with a desired name, such as pi-tunnel. This Tunnel can handle different types of connections like SSH and HTTP.

To list all Tunnels in your account, use:

cloudflared tunnel list

Adding an Ingress Rule

Edit your configuration file using:

nano /home/ubuntu/.cloudflared/config.yml

Here's a sample config.yml:

tunnel: d056d12e-b9d1-433d-837b-076b6cc5d6c6
credentials-file: /home/ubuntu/.cloudflared/d056d12e-b9d1-433d-837b-076b6cc5d6c6.json
ingress:
  - hostname: pi.ohidur.com
    service: http://localhost:80
  - hostname: pi-ssh.ohidur.com
    service: ssh://localhost:22
  - hostname: portainer.ohidur.com
    service: http://localhost:9000
  - hostname: code.ohidur.com
    service: http://localhost:8443
  - hostname: home.ohidur.com
    service: http://localhost:8004
  - hostname: cloud.ohidur.com
    service: http://localhost:7000
  - hostname: cockpit.ohidur.com
    service: https://localhost:9090
  - hostname: pub.ohidur.com
    service: http://localhost:5000
    originRequest:
        noTLSVerify: true
  - service: http_status:404

Find more information.

Routing Traffic to the Tunnel

Create a DNS record to route traffic to your Tunnel. In your Cloudflare dashboard, add a CNAME record with your Tunnel ID followed by cfargotunnel.com.

Example:

d056d12e-b9d1-433d-837b-076b6cc5d6c6.cfargotunnel.com

Running the Tunnel

Run the Tunnel to connect your service:

cloudflared tunnel run <NAME>

Running Cloudflared as a Service

For Linux:

sudo cloudflared service install

Alternatively,:

sudo cp ~/.cloudflared/config.yml /etc/cloudflared/config.yml

Start the system service:

sudo systemctl start cloudflared

To start it automatically on boot:

sudo systemctl enable cloudflared

Connecting from a Client Machine

MacOS

Install Cloudflared with Homebrew:

brew install cloudflare/cloudflare/cloudflared

Edit your SSH config file:

vim ~/.ssh/config

Add the following:

Host azure.widgetcorp.tech
  ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h

Windows

Include the configuration in your SSH setup:

Host azure.widgetcorp.tech
  ProxyCommand cloudflared access ssh --hostname %h

Ensure Cloudflared is in your system's PATH.