Cloudflare Zero Trust：Cloudflare Tunnel使用教程

zhile · 2024 年2 月 5 日 10:10

写教程用的，没事

PlayMcBKuwu · 2024 年2 月 5 日 10:12

顺便问下 172.17.0.1 是什么（
难道是 127.0.0.1 但是打错了么

zhile · 2024 年2 月 5 日 10:13

这个是docker0网关

zhile · 2024 年2 月 5 日 10:14

部署环境是什么，是不是隧道走代理了

zhile · 2024 年2 月 5 日 10:19

一个docker项目部署通常会暴露到127.0.0.1:port(桥接模式容器内部localhost),172.17.0.1:port(docker0网关)以及公网ip:port。
如果cloudflared用桥接模式127.0.0.1是该容器内部的地址，这种情况可以用172.17.0.1访问要绑定的项目

DreamH · 2024 年2 月 6 日 03:18

如果自签名的话需要把tls这个设为enabled

Mxyjs996 · 2024 年2 月 6 日 08:19

跟着教程试试看，谢谢分享。

Grok · 2024 年2 月 6 日 08:35

有空出个 RDP 的教程啊…

peanut996 · 2024 年2 月 6 日 09:00

degrade不用管。 cloudflared 会默认连接四个数据中心，如果有部分连不上就会变成degrade 服务降级，也能使用。

rooter · 2024 年2 月 6 日 10:20

确实能使用，我的两个tunnel，一个healthy,一个dgraded，好奇问一下

DreamH · 2024 年2 月 19 日 04:21

2024-02-19T04:17:55Z ERR Failed to create new quic connection error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=0 event=0 ip=198.41.192.57

有没有遇到这个问题的，两台机器没问题，有一台机器出这个问题。换成http2也不行，提示timeout，但是用nc连cf的7884能连上

BenSu · 2024 年2 月 21 日 03:56

CF是真心大善人……已成功

zhangwt-cn · 2024 年2 月 21 日 05:22

学习了

matata · 2024 年2 月 22 日 09:52

咨询一下用过CF Tunnel的佬，它会打P2P的Tunnel吗？还是流量都过CF节点？

coinscat · 2024 年2 月 22 日 15:05

真乃神器，在路由器上跑了个，太方便了

jinshenganyuci · 2024 年3 月 3 日 14:47

root@localhost:~# docker logs cloudflared
2024-03-03T14:30:15Z INF Starting tunnel tunnelID=56c80501-d617-4b4e-a8e5-5fb505ad6f94
2024-03-03T14:30:15Z INF Version 2024.2.1
2024-03-03T14:30:15Z INF GOOS: linux, GOVersion: go1.21.5-devel-cf, GoArch: amd64
2024-03-03T14:30:15Z INF Settings: map[no-autoupdate:true token:*****]
2024-03-03T14:30:15Z INF Generated Connector ID: 3e9c2bc5-6689-47af-9b0b-419b6634e0dc
2024-03-03T14:30:15Z INF Initial protocol quic
2024-03-03T14:30:15Z INF ICMP proxy will use 192.168.7.7 as source for IPv4
2024-03-03T14:30:15Z INF ICMP proxy will use fe80::be24:11ff:fef6:a629 in zone enp6s18 as source for IPv6
2024-03-03T14:30:15Z WRN The user running cloudflared process has a GID (group ID) that is not within ping_group_range. You might need to add that user to a group within that range, or instead update the range to encompass a group the user is already in by modifying /proc/sys/net/ipv4/ping_group_range. Otherwise cloudflared will not be able to ping this network error=“Group ID 65532 is not between ping group 1 to 0”
2024-03-03T14:30:15Z WRN ICMP proxy feature is disabled error=“cannot create ICMPv4 proxy: Group ID 65532 is not between ping group 1 to 0 nor ICMPv6 proxy: socket: permission denied”
2024-03-03T14:30:15Z INF Starting metrics server on 127.0.0.1:44319/metrics
2024-03-03T14:30:15Z INF You requested 4 HA connections but I can give you at most 2.
2024/03/03 14:30:15 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See UDP Buffer Sizes · quic-go/quic-go Wiki · GitHub for details.
2024-03-03T14:30:22Z INF Registered tunnel connection connIndex=0 connection=8ac5104a-e834-42c2-9899-9b4378f238b6 event=0 ip=198.18.1.92 location=hkg01 protocol=quic
2024-03-03T14:30:30Z WRN Failed to create new quic connection error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=1 event=0 ip=198.18.1.93
2024-03-03T14:30:30Z WRN Connection terminated error=“there are no free edge addresses left to resolve to” connIndex=1
2024-03-03T14:30:37Z INF Registered tunnel connection connIndex=1 connection=a9c3a24d-18b2-4fd3-af86-8a6b78661c95 event=0 ip=198.18.1.93 location=hkg10 protocol=quic
2024-03-03T14:31:10Z INF Unregistered tunnel connection connIndex=0 event=0 ip=198.18.1.92
2024-03-03T14:31:10Z WRN Failed to serve quic connection error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=0 event=0 ip=198.18.1.92
2024-03-03T14:31:10Z WRN Serve tunnel error error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=0 event=0 ip=198.18.1.92
2024-03-03T14:31:10Z INF Retrying connection in up to 1s connIndex=0 event=0 ip=198.18.1.92
2024-03-03T14:31:11Z WRN Connection terminated error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=0
2024-03-03T14:31:22Z INF Registered tunnel connection connIndex=0 connection=2f2ed546-8953-48f0-a18a-16248babe042 event=0 ip=198.18.1.92 location=hkg01 protocol=quic
2024-03-03T14:33:13Z INF Updated to new configuration config=“{"ingress":[{"hostname":"ql.iil.im", "originRequest":{}, "service":"http://127.0.0.1:5777"}, {"service":"http_status:404"}], "warp-routing":{"enabled":false}}” version=1
2024-03-03T14:35:35Z INF Updated to new configuration config=“{"ingress":[{"hostname":"ql.iil.im", "originRequest":{}, "service":"http://127.0.0.1:5777"}, {"hostname":"atm.iil.im", "originRequest":{}, "service":"http://192.168.7.7:8821"}, {"service":"http_status:404"}], "warp-routing":{"enabled":false}}” version=2
2024-03-03T14:36:24Z ERR error=“stream 197 canceled by remote with error code 0” connIndex=0 event=1 ingressRule=1 originService=http://192.168.7.7:8821
2024-03-03T14:36:24Z ERR Request failed error=“stream 197 canceled by remote with error code 0” connIndex=0 dest=https://atm.iil.im/admin/css/style.min.css event=0 ip=198.18.1.92 type=http
2024-03-03T14:36:24Z ERR error=“stream 189 canceled by remote with error code 0” connIndex=0 event=1 ingressRule=1 originService=http://192.168.7.7:8821
2024-03-03T14:36:24Z ERR Request failed error=“stream 189 canceled by remote with error code 0” connIndex=0 dest=https://atm.iil.im/admin/js/jquery.min.js event=0 ip=198.18.1.92 type=http
2024-03-03T14:40:16Z ERR error=“stream 337 canceled by remote with error code 0” connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:5777
2024-03-03T14:40:16Z ERR Request failed error=“stream 337 canceled by remote with error code 0” connIndex=0 dest=https://ql.iil.im/8722.ce0c50ec.async.js event=0 ip=198.18.1.92 type=http
2024-03-03T14:40:17Z ERR error=“stream 309 canceled by remote with error code 0” connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:5777
2024-03-03T14:40:17Z ERR Request failed error=“stream 309 canceled by remote with error code 0” connIndex=0 dest=https://ql.iil.im/380.a496e1b1.async.js event=0 ip=198.18.1.92 type=http
2024-03-03T14:40:20Z ERR error=“stream 333 canceled by remote with error code 0” connIndex=0 event=1 ingressRule=0 originService=http://127.0.0.1:5777
2024-03-03T14:40:20Z ERR Request failed error=“stream 333 canceled by remote with error code 0” connIndex=0 dest=https://ql.iil.im/4925.41fbadf8.async.js event=0 ip=198.18.1.92 type=http
root@localhost:~#

superares · 2024 年3 月 3 日 14:51

一直在用 Zero Trust 的 Tunnel，很好用。
我是直接在 OpenWrt 上装 cli，配置好后，直接转发进内网电脑

King-Huiwen-of-Qin · 2024 年3 月 3 日 14:52

国内直连速度有点慢

txj · 2024 年3 月 3 日 15:10

还好，页面元素要不是特别大勉强可用

SteveJobs · 2024 年3 月 3 日 15:41

zero trust如果设置“目录”的话，有些项目喜欢用/相对路径就会出错，不得不搞了一堆home-xxx.zzz.com二级域名~

话题		回复	浏览量
Cloudflare 优选域名/IP 开发调优	108	8969	2024 年12 月 13 日
OpenWrt 用 Cloudflare Tunnel 代替 Frp 及优选资源荟萃 Cloudflare	10	638	2024 年12 月 11 日
Serv00一键四协议安装脚本(vmess-ws\|vmess-ws-tls(argo)\|hysteria2\|tuic)，集成哪吒探针服务资源荟萃 GitHub	137	9707	2024 年12 月 20 日
（迟来的详细教程）serv00搭建siteproxy 开发调优 Serv00 , VPS	17	1952	2024 年12 月 12 日
（Linux系统）Cloudflare WARP+ MASQUE 协议配置指南资源荟萃 Cloudflare	17	2072	2024 年12 月 16 日

Cloudflare Zero Trust：Cloudflare Tunnel使用教程

相关话题