- Cloudflare build a
Zero Trustfeature for free to reverse our application (HTTP, TCP, SSH, etc) on-premise to Internet. - If you want to try this feature, at least you have a domain and manage it on Cloudflare then go to
https://one.dash.cloudflare.com/
- Assume you have point your server with agent
- Assume domain is
ssh.endpoint.com - For client, we must have an
cloudflaredtools, we can download fromhttps://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/- Assume we put
cloudflaredon/usr/local/bin/for linux - Assume we put
cloudflaredonD:\for windows
- Assume we put
nano /root/.ssh/config
---
Host ssh.endpoint.com
ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
User root
IdentityFile ~/.ssh/id_rsa
---
## for Native Terminal
C:\Users\YourLaptop\.ssh\config
---
Host ssh.endpoint.com
ProxyCommand D:\WHILE\cloudflared.exe access ssh --hostname %h
User root
---
## for Putty
fill ssh.endpoint.com on Session then Go to Proxy -> Local -> Add Commandline below
---
D:\cloudflared.exe access ssh --hostname %host
---
## for Winscp
---
D:\\cloudflared.exe access ssh --hostname %host
---
We can simplify remote our server with GUI Based provided by Cloudflare, you can read more about short-lived certificates.
- Make sure you have set ednpoint with
tcpconnection onone.dash.cloudflare.com - Download cloudflared.exe
- Execute this
.\cloudflared.exe access tcp --hostname your.site.com --url tcp://localhost:12232
localhost:12232-> our reverse endpoint- You can change
tcp with udpfor your needs.
We can use WARP to connect to our private subnet network just use WARP from Cloudflare, for reference you can use this :
- https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/
- https://community.cloudflare.com/t/no-access-to-private-network-through-tunnel-using-warp/409954
- You can use Twingate for alternative Zero Trust with Cloudflare