DEV Community

MD.AL-AMIN
MD.AL-AMIN

Posted on

1

How Cloudflare tunnel work(part-2)

Cloudflare Architecture

Image description

Cloudflare Tunneling, formerly known as Argo Tunnel, involves several steps and technologies working together to securely expose your local services to the internet. Here's a step-by-step explanation of the internal process and the technologies involved:

Cloudflare Tunnel Daemon (Cloudflared):

Cloudflared is the client-side software that runs on your local machine. It's responsible for creating and managing the encrypted connection between your machine and Cloudflare's edge network.
Cloudflared is built using Go programming language.

TLS Handshake:

When Cloudflared starts, it initiates a TLS handshake with Cloudflare's edge servers. This handshake establishes a secure, encrypted communication channel using Transport Layer Security (TLS) protocol.
TLS ensures that the data exchanged between Cloudflared and Cloudflare's edge is encrypted and secure.

WebSocket Connection:

After the TLS handshake is completed, Cloudflared establishes a WebSocket connection with Cloudflare's edge.
WebSocket is a communication protocol that provides full-duplex communication channels over a single TCP connection. It allows for efficient, bi-directional communication between Cloudflared and Cloudflare's edge servers.

Cloudflare Edge Network:

Cloudflare's edge network consists of data centers distributed globally. Each data center acts as a point of presence (PoP) where incoming traffic is processed and optimized.
Cloudflare's edge servers handle incoming requests from users and route them to the appropriate destination, including the Cloudflare Tunnel endpoints.

*Tunnel Endpoint:
*

Cloudflare assigns a unique tunnel endpoint to each Cloudflared instance running on your local machine. This endpoint acts as the entry point for incoming traffic destined for your local services.
The tunnel endpoint is a domain name or a subdomain hosted by Cloudflare.

Service Discovery:

You configure Cloudflared to specify which local services you want to expose to the internet. This can include web servers, APIs, or any other TCP-based service running on your machine.
Cloudflared dynamically discovers these services and establishes connections to them.

Encrypted Tunnel:

Once the WebSocket connection is established and services are discovered, Cloudflared creates an encrypted tunnel between your machine and Cloudflare's edge network.
This tunnel securely forwards incoming traffic from Cloudflare's edge to the specified local services running on your machine.

DNS Configuration:

You configure DNS records on Cloudflare's platform to point to the tunnel endpoint assigned to your Cloudflared instance.
This ensures that incoming traffic to your domain is directed through Cloudflare's network to your local machine via the established tunnel.

Traffic Routing:

When a user accesses your domain, their request is routed through Cloudflare's global network to the nearest data center.
From there, it's forwarded through the established tunnel to your local machine where your service is hosted.

Security Features:

Cloudflare provides various security features such as DDoS protection, Web Application Firewall (WAF), and rate limiting to safeguard your exposed services from malicious attacks and unauthorized access.

AWS Security LIVE!

Join us for AWS Security LIVE!

Discover the future of cloud security. Tune in live for trends, tips, and solutions from AWS and AWS Partners.

Learn More

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay