Using a tunnel for SSH?
I have a Cloudflare tunnel for a Raspberry Pi http service, and it works great. I would really like to avoid opening up a port on my router to externally access it, but I don't know the best way to do that with a channel.
I'm ok enough with having to use cloudflared to run ssh but I'm not 100% sure what I'm doing.
2 Replies
Support AI
Based on the provided documentation, it seems like you're looking for a way to access your Raspberry Pi's http service without opening a port on your router.
One possible solution is to use Cloudflare Tunnel with SSH, as you mentioned. According to the documentation, you can use Cloudflare Tunnel to create a secure, outbound-only connection from your server to Cloudflare's global network. This would allow you to access your Raspberry Pi's http service without exposing it to the public internet.
To achieve this, you can follow the instructions outlined in the documentation for SSH with WARP to Tunnel. This method requires running the
cloudflared daemon on the Raspberry Pi (or any other host machine within the private network) and installing the Cloudflare WARP client on your device.
By doing so, you can access your Raspberry Pi's http service as if you were on the same private network, without the need to open a port on your router.
Please note that this method requires managing your own SSH keys, and you may want to consider using Access for Infrastructure for more granular access policies or to allow Cloudflare to manage SSH keys for you.Sources
This is an AI generated response, it may not be 100% accurate. Please validate the output. You can ask followups by replying to this message or mentioning me.
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options:
For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here:
https://developers.cloudflare.com/cloudflare-one/applications/non-http/
For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/
For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/
Please note for all of these except SSH, VNC and RDP which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.