Local machine as a web server without public IP using Cloudflare tunnel(part-1)

MD.AL-AMIN — Thu, 22 Feb 2024 10:20:48 +0000

we can use our local machine as a public webserver using Cloudflare tunnel. you do not need any public IP.

Prerequisites

PC or laptop
you need a public domain(possible without a domain)
Cloudflare account

Cloudflare Tunnel
Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. With Tunnel, you do not send traffic to an external IP — instead, a lightweight daemon in your infrastructure (‘cloudflared’) creates outbound-only connections to Cloudflare’s global network. Cloudflare Tunnel can connect HTTP web servers, SSH servers, remote desktops, and other protocols safely to Cloudflare

Step-1(Install OS)

I use Ubuntu OS in my daily work. So I installed an Ubuntu server on my laptop which I will use as a server machine. You can also use another OS (ubuntu-desktop, Mac OS, windows). after installation, you have to ensure that you connect to the internet, after setup internet your machine is ready to serve as web-server.

Step-2(Connect your domain with cloudflare)

Create a Cloudflare account. after sign up then login in Cloudflare account. After login, you will redirect to the dashboard .From dashboard click add a site button. then enter your domain and submit then you will see name-server ,this name-serve add to your domain registered dashboard.

Congratulations your domain and cloudflare are connected now.

Step-3(Install cloudflare in your linux machine)

Add Cloudflare’s package signing key:



sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

Add Cloudflare’s apt repo to your apt repositories:



echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list

Update repositories and install cloudflared:



sudo apt-get update && sudo apt-get install cloudflared

After successfully install Cloudflare check



cloudflared -v

Installing process for other OS - Download And Install

Step-4(Create Tunnel and use)

1. Authenticate cloudflared



sudo cloudflared tunnel login

After this command you will be redirected to your Cloudflare account otherwise you will get a link, then you will use this link after you will see list of domain which you attach on your cloudflare account . i selected my domain iamalamin.com .
after selected youru domain it will create cert.pem file to your machine /root/.cloudflared/ directorey

2. Create cloudflare tunnel



sudo cloudflared tunnel create <NAME>

after this command you will get a tunnel.this tunnel has <Tunnel-UUID> which is store in /root/.cloudflared/ directory with <Tunnel-UUID>.json



sudo cloudflared tunnel list

show tunnel list in your machine

3. Create configure file for my tunnel

In your /root/.cloudflared directory, create a config.yml file using any text editor. This file will configure the tunnel to route traffic from a given origin to the hostname of your choice.



tunnel: <Tunnel-UUID>
credentials-file: /root/.cloudflared/<Tunnel-UUID>.json

ingress:
  - hostname: example-app.com
    service: http://localhost:3000
    originRequest:
      noTLSVerify: true

  - service: http_status:404

Here service: http://localhost:3000 this is your local application running url.

4. Start routing traffic

Now assign a CNAME record that points traffic to your tunnel subdomain:



sudo cloudflared tunnel route dns <Tunnel-UUID> <your-domain-name>

After this command a CNAME record will be created in your Cloudflare account domain dashboard.When I visited Cloudflare dashboard's Websites > your-domain.com > DNS > Records I saw that a new CNAME record is added in my domain's DNS record. This was added by the command I run.

5. Run the tunnel



sudo cloudflared tunnel run <Tunnel-UUID or NAME>

You need to always run this command to access your application using this tunnel.

6. Run Cloudflared as a service

To always run your Cloudflare you can use Cloudflare service on your machine.



sudo cloudflared service install
sudo systemctl start cloudflared
sudo systemctl status cloudflared

Now your application will run from your local machine publicly using cloudflare tunnel

How Cloudflare tunnel work(part-2)

MD.AL-AMIN — Wed, 21 Feb 2024 16:58:50 +0000

Cloudflare Architecture

Cloudflare Tunneling, formerly known as Argo Tunnel, involves several steps and technologies working together to securely expose your local services to the internet. Here's a step-by-step explanation of the internal process and the technologies involved:

Cloudflare Tunnel Daemon (Cloudflared):

Cloudflared is the client-side software that runs on your local machine. It's responsible for creating and managing the encrypted connection between your machine and Cloudflare's edge network.
Cloudflared is built using Go programming language.

TLS Handshake:

When Cloudflared starts, it initiates a TLS handshake with Cloudflare's edge servers. This handshake establishes a secure, encrypted communication channel using Transport Layer Security (TLS) protocol.
TLS ensures that the data exchanged between Cloudflared and Cloudflare's edge is encrypted and secure.

WebSocket Connection:

After the TLS handshake is completed, Cloudflared establishes a WebSocket connection with Cloudflare's edge.
WebSocket is a communication protocol that provides full-duplex communication channels over a single TCP connection. It allows for efficient, bi-directional communication between Cloudflared and Cloudflare's edge servers.

Cloudflare Edge Network:

Cloudflare's edge network consists of data centers distributed globally. Each data center acts as a point of presence (PoP) where incoming traffic is processed and optimized.
Cloudflare's edge servers handle incoming requests from users and route them to the appropriate destination, including the Cloudflare Tunnel endpoints.

*Tunnel Endpoint:
*
Cloudflare assigns a unique tunnel endpoint to each Cloudflared instance running on your local machine. This endpoint acts as the entry point for incoming traffic destined for your local services.
The tunnel endpoint is a domain name or a subdomain hosted by Cloudflare.

Service Discovery:

You configure Cloudflared to specify which local services you want to expose to the internet. This can include web servers, APIs, or any other TCP-based service running on your machine.
Cloudflared dynamically discovers these services and establishes connections to them.

Encrypted Tunnel:

Once the WebSocket connection is established and services are discovered, Cloudflared creates an encrypted tunnel between your machine and Cloudflare's edge network.
This tunnel securely forwards incoming traffic from Cloudflare's edge to the specified local services running on your machine.

DNS Configuration:

You configure DNS records on Cloudflare's platform to point to the tunnel endpoint assigned to your Cloudflared instance.
This ensures that incoming traffic to your domain is directed through Cloudflare's network to your local machine via the established tunnel.

Traffic Routing:

When a user accesses your domain, their request is routed through Cloudflare's global network to the nearest data center.
From there, it's forwarded through the established tunnel to your local machine where your service is hosted.

Security Features: