Cloudflare s proxy is only for HTTP
Cloudflare's proxy is only for HTTP Traffic. They're not assigning you a Unique IP or anything, so without something like Cloudflare Spectrum they'd have no way to tell what arbitary tcp traffic is for your zone vs someone elses.
You could use Arbitrary TCP w/ cloudflared: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/
Would basically boil down to you installing cloudflared on the client machine and using something like
cloudflared access tcp --hostname tcp.site.com --url localhost:3306
I wouldn't use it for heavy traffic or something mission critical imo as you are adding another layer and as far as I know, that was designed more for client to site connections then point to point/server to server. People have used it in the past though10 Replies
@chaika.me Do you think it's worth making a Helpflare tag for this question? it seems to come up a lot
I think it would be nice to have
tbh, I think it would be cool if the Zero Trust GUI told you when you selected a non-http service "This depends on Arbitrary TCP and you will need to install cloudflared on every client machine to connect to it" or something like that
One of those things where if you just blindly use the dashboard, it lets you select a domain and a service, people assume it would simply just work
lol, yea it would be very expensive for Cloudflare though if they just handed out the unique IPs to each zone that it would require to get that to work
Awesome - would you be happy writing one or should I give it a shot sometime?
This is also very valuable feedback
yea that would probably stop like 99.99% of people dead in their tracks lol
Sure, you're talking about something like
Btw, you can't use CF Spectrum pointed at your tunnel, can you? Might be worth mentioning if you can
Btw, you can't use CF Spectrum pointed at your tunnel, can you?You can for HTTPS Spectrum apps, but that's an advanced Enterprise use-case and not exactly worth mentioning here It won't work for TCP/UDP on Spectrum (yet)
Please note for all of these except SSH which can be browser-renderedVNC can also be browser rendered but I forgive you for not caring about it
ahhh I forgot about that lol, there's not even a guide for it in the ZT Docs
nvm there is: https://developers.cloudflare.com/cloudflare-one/tutorials/vnc-client-in-browser/
It's just not in the list on the non-http page
Render a VNC client in browser · Cloudflare Zero Trust docs
Cloudflare can render a Virtual Network Computer (VNC) terminal in your browser without any client software or configuration required.
?tunnel-tcp
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options:
For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides on how to set them up with Tunnels and Cloudflare Access:
https://developers.cloudflare.com/cloudflare-one/applications/non-http/
For Arbitrary TCP like Minecraft, MySQL, and any other application, Cloudflare has a guide on how to get it working with
cloudflared:https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/
Please note for all of these except SSH and VNC which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.thank you!