Zapic's Blog
使用Cloudflare Argo Tunnel快速免公网IP建站

Cloudflare真的是白嫖党的福利啊(
前几天,Cloudflare用户应该收到一封邮件,Cloudflare Argo Tunnel向所有用户免费开放使用了(Source Link).

A few months ago, we announced that we wanted to make Zero Trust security accessible to everyone, regardless of size, scale, or resources. Argo Tunnel, our secure method of connecting resources directly to Cloudflare, is the next piece of the puzzle.
几个月前,我们宣布我们想要让零信任安全对所有人可用,无论大小,规模资源如何.Argo Tunnel,将资源连接到Cloudflare的安全方式,就是完成这个项目的下一块拼图.

但是谁管他什么拼图不拼图的,嫖就完事了.
以下教程针对Linux环境,Windows用户请酌情调整.
什么?你不会酌情调整?
你他妈连Windows都不会用,自己滚回去补点基础再想着白嫖.

#0 安装cloudflared

下载cloudflared

在这个页面里寻找适合你的安装方式: Install cloudflared

#1 登录Cloudflare账号

[email protected]:~$ cloudflared tunnel login
Please open the following URL and log in with your Cloudflare account:

https://dash.cloudflare.com/argotunnel?callback=https%3A%2F%2Flogin.argotunnel.com%2F1145141919810%3D

Leave cloudflared running to download the cert automatically.

在浏览器打开显示的链接,登录你的Cloudflare账号.
然后选择一个域名启用Cloudflare Argo Tunnel,并同意授权.

注意

你有可能看到如下的消息:

Failed to write the certificate due to the following error:
Failed to fetch resource

Your browser will download the certificate instead. You will have to manually
copy it to the following path:

/home/zapic/.cloudflared/cert.pem

这通常发生在服务器网络状态不佳的状况下.
这时在浏览器完成授权后,会自动下载一个证书文件,你需要手动上传到服务器并放置在消息提示的位置.

这样登录就完成了.

#2 创建隧道

完成登录后,就可以创建和管理隧道了.

[email protected]:~$ cloudflared tunnel create Website
Tunnel credentials written to /home/zapic/.cloudflared/11451419-1981-0114-5141-919810114514.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.

Created tunnel Website with id 11451419-1981-0114-5141-919810114514
[email protected]:~$ cloudflared tunnel list
You can obtain more detailed information for each tunnel with `cloudflared tunnel info <name/uuid>`
ID                                   NAME    CREATED              CONNECTIONS
11451419-1981-0114-5141-919810114514 Website 2021-04-24T04:01:12Z
# 这会删除刚刚创建的隧道(Website)
# [email protected]:~$ cloudflared tunnel delete Website

#3 启动隧道

启动隧道只需要一个命令:

cloudflared tunnel run --url <Source> <NAME or UUID>

例如:

[email protected]:~$ cloudflared tunnel run --url http://localhost Website
2021-04-24T04:14:23Z INF Starting tunnel tunnelID=11451419-1981-0114-5141-919810114514
2021-04-24T04:14:23Z INF Version 2021.4.0
2021-04-24T04:14:23Z INF GOOS: linux, GOVersion: devel +11087322f8 Fri Nov 13 03:04:52 2020 +0100, GoArch: amd64
2021-04-24T04:14:23Z INF Settings: map[url:http://localhost]
2021-04-24T04:14:23Z INF Generated Connector ID: 19d5a3f6-cf86-4329-8179-d5b81f8ad4d9
2021-04-24T04:14:23Z INF cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/argo-tunnel/reference/service/
2021-04-24T04:14:23Z INF Initial protocol h2mux
2021-04-24T04:14:23Z INF Starting metrics server on 127.0.0.1:40341/metrics
2021-04-24T04:14:36Z INF Connection 2b912106-5d50-4c11-af02-f366454d4213 registered connIndex=0 location=AMS
...

这是隧道就已经在<UUID>.cfargotunnel.com创建好了.

关于HTTPS

cloudflared默认通过80端口访问你的服务.
这意味着如果你的网站只设置了https访问,或者设置了http跳转https时,都有可能不能正常工作.
你需要将http://localhost改为https://localhost,并添加参数--no-tls-verify禁用证书验证.

隧道已经创建好了,但是这时候还不能访问创建的隧道,你需要将他绑定到域名.

#4 绑定隧道到域名

也只需要一条命令:

cloudflared tunnel route dns <UUID or NAME> <DOMAIN>

例如:

[email protected]:~$ cloudflared tunnel route dns Website tunnel.zapic.moe
2021-04-24T05:00:27Z INF Added CNAME tunnel.zapic.moe which will route to this tunnel tunnelID=4967740f-8b77-4581-91d2-ee54a5b77a49

注意

你只能将隧道绑定到你刚刚授权的域名,如果你尝试将隧道绑定到未授权的域名,将会创建一个你欲绑定域名为名称的CNMAE记录.
例如,授权zapic.moe,但执行命令试图将域名绑定到tunnel.zapic.cc,这时Cloudflare将会在zapic.moe创建一条tunnel.zapic.cc.zapic.moe的CNAME解析.

你可以同时授权多个域名,只需要重复执行登录步骤,但是使用命令添加DNS记录时你只能向你使用的证书所对应的域名进行操作,对于其他域名需要手动添加.

然后通过浏览器访问你刚刚绑定的域名,就可以完成建站了.

#5 将cloudflared运行为服务(可选)

通过将cloudflared运行为服务可以实现开机自启,挂掉自动重启等功能,我寻思这也是Linux人都应该会的基本操作,在此不再赘述.

#6 结语

这篇文章只是很简单的介绍了cloudflared的基础使用方法,如果需要更高阶的配置(不同域名映射到不同的本地服务/一个进程运行多个隧道...etc),请参考Cloudflare的官方文档.