How to open/forward TURN/STUN port using cloudflare tunnel?

I've this

version: "3.7"
services:
  screego:
    image: ghcr.io/screego/server:1.10.0
    ports:
      - 5050:5050
      - 3478:3478
      - 50200-50400:50200-50400/udp
    environment:
      SCREEGO_EXTERNAL_IP: "dns:share.ashishjullia.com@1.1.1.1:53"
      SCREEGO_TURN_PORT_RANGE: "50200:50400"
      SCREEGO_CORS_ALLOWED_ORIGINS: "https://share.ashishjullia.com"
      SCREEGO_AUTH_MODE: "none"
      SCREEGO_TRUST_PROXY_HEADERS: "false"
      SCREEGO_LOG_LEVEL: "debug"
  cf-tunnel:
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=<>

version: "3.7"
services:
  screego:
    image: ghcr.io/screego/server:1.10.0
    ports:
      - 5050:5050
      - 3478:3478
      - 50200-50400:50200-50400/udp
    environment:
      SCREEGO_EXTERNAL_IP: "dns:share.ashishjullia.com@1.1.1.1:53"
      SCREEGO_TURN_PORT_RANGE: "50200:50400"
      SCREEGO_CORS_ALLOWED_ORIGINS: "https://share.ashishjullia.com"
      SCREEGO_AUTH_MODE: "none"
      SCREEGO_TRUST_PROXY_HEADERS: "false"
      SCREEGO_LOG_LEVEL: "debug"
  cf-tunnel:
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=<>

version: "3.7"
services:
  screego:
    image: ghcr.io/screego/server:1.10.0
    ports:
      - 5050:5050
      - 3478:3478
      - 50200-50400:50200-50400/udp
    environment:
      SCREEGO_EXTERNAL_IP: "dns:share.ashishjullia.com@1.1.1.1:53"
      SCREEGO_TURN_PORT_RANGE: "50200:50400"
      SCREEGO_CORS_ALLOWED_ORIGINS: "https://share.ashishjullia.com"
      SCREEGO_AUTH_MODE: "none"
      SCREEGO_TRUST_PROXY_HEADERS: "false"
      SCREEGO_LOG_LEVEL: "debug"
  cf-tunnel:
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=<>

version: "3.7"
services:
  screego:
    image: ghcr.io/screego/server:1.10.0
    ports:
      - 5050:5050
      - 3478:3478
      - 50200-50400:50200-50400/udp
    environment:
      SCREEGO_EXTERNAL_IP: "dns:share.ashishjullia.com@1.1.1.1:53"
      SCREEGO_TURN_PORT_RANGE: "50200:50400"
      SCREEGO_CORS_ALLOWED_ORIGINS: "https://share.ashishjullia.com"
      SCREEGO_AUTH_MODE: "none"
      SCREEGO_TRUST_PROXY_HEADERS: "false"
      SCREEGO_LOG_LEVEL: "debug"
  cf-tunnel:
    image: cloudflare/cloudflared
    restart: unless-stopped
    command: tunnel run
    environment:
      - TUNNEL_TOKEN=<>

And I'm tryin to forward all these ports via th cf tunnel.

I can forward port

5050 which is a HTTP port

5050 which is a HTTP port

5050 which is a HTTP port

5050 which is a HTTP port but not sure whether it is possible to forward the 3478 which is a STUN/TURN port and I want to open

50200-50400/udp

50200-50400/udp

50200-50400/udp

50200-50400/udp as well.

Is there a way with which I can just forward/expose/open the complete network of this compose file? I mean the network local to this cloudflared network or container.

Is it even possible?

I know a complete network can be opened using the

private  network

private network

private  network

private network of a tunnel but I want to map this application to a domain/sub-domain.

Here is my conversation with the owner of the application: https://github.com/screego/server/issues/167

Any help and pointers are appreciated as I really want this project to get going but want to self host it at the same time.

Erisa•1/30/24, 9:44 PM

?tunnel-tcp

Flare•1/30/24, 9:44 PM

Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options:

For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here:
https://developers.cloudflare.com/cloudflare-one/applications/non-http/

For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/

For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/

Please note for all of these except SSH and VNC which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.

Erisa•1/30/24, 9:44 PM

tldr no its not possible

dhakkadOP•1/30/24, 9:46 PM

@Erisa | Support Engineer possible via warp in gateway mode or not?

Erisa•1/30/24, 9:47 PM

Yes if everyone who connects to the site uses WARP and you expose it over a defined private IP range

Erisa•1/30/24, 9:47 PM

The setup isnt simple but is covered under https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/

dhakkadOP•1/30/24, 10:06 PM

Yup, got it, thanks for the help.

How to open/forward TURN/STUN port using cloudflare tunnel?

Similar Threads

Similar Threads

Similar Threads