- Cloudflare build a
Zero Trust
feature for free to reverse our application (HTTP, TCP, SSH, etc) on-premise to Internet. - If you want to try this feature, at least you have a domain and manage it on Cloudflare then go to
https://one.dash.cloudflare.com/
- Assume you have point your server with agent
- Assume domain is
ssh.endpoint.com
- For client, we must have an
cloudflared
tools, we can download fromhttps://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/
- Assume we put
cloudflared
on/usr/local/bin/
for linux - Assume we put
cloudflared
onD:\
for windows
- Assume we put
nano /root/.ssh/config
---
Host ssh.endpoint.com
ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
User root
IdentityFile ~/.ssh/id_rsa
---
## for Native Terminal
C:\Users\YourLaptop\.ssh\config
---
Host ssh.endpoint.com
ProxyCommand D:\WHILE\cloudflared.exe access ssh --hostname %h
User root
---
## for Putty
fill ssh.endpoint.com on Session then Go to Proxy -> Local -> Add Commandline below
---
D:\cloudflared.exe access ssh --hostname %host
---
## for Winscp
---
D:\\cloudflared.exe access ssh --hostname %host
---
We can simplify remote our server with GUI Based provided by Cloudflare, you can read more about short-lived certificates.
- Make sure you have set ednpoint with
tcp
connection onone.dash.cloudflare.com
- Download cloudflared.exe
- Execute this
.\cloudflared.exe access tcp --hostname your.site.com --url tcp://localhost:12232
localhost:12232
-> our reverse endpoint- You can change
tcp with udp
for your needs.
We can use WARP to connect to our private subnet network just use WARP from Cloudflare, for reference you can use this :
- https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/
- https://community.cloudflare.com/t/no-access-to-private-network-through-tunnel-using-warp/409954
- You can use Twingate for alternative Zero Trust with Cloudflare