Cloudflare 内网穿透
date
Oct 18, 2023
slug
Technology-Sharing-00
status
Published
tags
Cloudflare
技术分享
summary
将内网的服务器映射到公网上。
type
Post
Tunnel(隧道)可以做什么
- 将本地网络的服务暴露到公网,可以理解为内网穿透。
- 自动为你的域名提供 HTTPS 认证。
- 将非常规端口服务转发到 80/443 常规端口。
- 为你的服务提供额外保护认证。
前置条件
持有一个域名
将域名DNS解析托管到Cloudflare
Visa信用卡或Paypal
服务器内网穿透
在这里填写Team name,随意填写
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F6b725bb2-40f2-475d-b9a4-b5f32e0aea2e%2Fimage.png?table=block&id=c7d0d4d2-c474-4eae-9a78-790640a69eeb&cache=v2)
选择第一个免费服务
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F55de61aa-a264-4c54-8a7c-b1d57b90d1ba%2Fimage-2.png?table=block&id=d83465b7-44f5-4553-b645-6515bd014aa3&cache=v2)
添加付款信息
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2Fcf4cf3eb-3fba-41d1-81b0-1f77cb6a615f%2Fimage-3.png?table=block&id=d3292be4-cce3-46dd-8f29-0d52055f915b&cache=v2)
创建隧道
完成后,在首页控制面板左侧点击Zero Trust,
跳转到新的页面Access Tunnels中,创建一个Tunnel,名字起什么都可以
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F63a83e59-8c84-442f-9404-a33d6e13b83d%2Fimage-4.png?table=block&id=bd9173ce-c374-4f2f-a9e6-593eb0839b09&cache=v2)
选择Cloudflared部署方式
Tunnel 需要通过 Cloudflared 来建立云端与本地网络的通道
根据自己的内网服务器来选择安装的系统版本
因为研究室用的是树莓派(arm64)安装的yunohost,我这里选择的是Debian-arm64
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F9ad24713-c7d4-447d-8a35-c9439a3f818e%2Fimage-5.png?table=block&id=a788cec6-f349-4d1e-9ec4-2e59c70bfc69&cache=v2)
复制完成后通过终端ssh链接到自己的内网服务器,粘贴此命令等待安装完成
为你的域名配置一个子域名(Subdomain),Path留空,URL处填写内网的IP地址
注:如果在Yunohost上选择内网穿透时请打开这个选项
因为Yunohost注册时选择的官方域名,本地会有自己签名的证书,但是Cloudflare会颁发证书,进行内网穿透时会起冲突,主页会一只显示502
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2Fca9782ec-86b7-4b03-976c-a87ca7ba02ea%2Fimage-6.png?table=block&id=80d76cf9-caaa-4939-93f1-1156864e3107&cache=v2)
访问配置的三级域名
Tunnel 中可以添加多条三级域名来跳转到不同的内网服务,在 Tunnel 页面的 Public Hostname 中新增即可。
ssh内网穿透
内网服务器已成功穿透到公网,但是无法远程后台管理,所以还使用cloudflare来实现ssh内网穿透。
在隧道中添加一个ssh域名;类型选择ssh,url输入服务器IP
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F01a7ace5-49cc-4483-a94d-8e9f31e49d2a%2FE382B9E382AFE383AAE383BCE383B3E382B7E383A7E38383E38388202023-10-23209.45.03.png?table=block&id=10c98eab-5d11-40c5-ba3f-686f21159080&cache=v2)
在应用中添加ssh
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F71c5b0f8-caed-4135-9cfb-b9ae15b4a5f5%2FE382B9E382AFE383AAE383BCE383B3E382B7E383A7E38383E38388202023-10-23209.53.11.png?table=block&id=b5f015fe-9fa0-472f-885a-c1fc9af06a43&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F4363fc57-4f1f-4f42-a945-244fee59dd7c%2FE382B9E382AFE383AAE383BCE383B3E382B7E383A7E38383E38388202023-10-23209.54.01.png?table=block&id=7e733107-cc2a-4eae-88cb-82900250a9d3&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2Ff2e6f64c-69de-47ab-bc80-52f40bee0c3a%2FE382B9E382AFE383AAE383BCE383B3E382B7E383A7E38383E38388202023-10-232010.01.21.png?table=block&id=de7b384e-7a45-4825-b72b-0f37d3c22e99&cache=v2)
其余不用修改,选择下一步
在输入一名字,验证方式选择邮箱,添加邮箱
拉到底部,选择下一步
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F3c81873b-2c35-4eb5-a723-535bf928199e%2FE382B9E382AFE383AAE383BCE383B3E382B7E383A7E38383E38388202023-10-232010.07.12.png?table=block&id=bb5dc8e7-1339-42ad-a865-2232536acf7b&cache=v2)
拉到底部选在ssh,添加应用
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2Ff7c20d88-9cbf-4fe5-a709-1c385f4be7a4%2FE382B9E382AFE383AAE383BCE383B3E382B7E383A7E38383E38388202023-10-232010.13.08.png?table=block&id=cb0f77a8-586c-40af-aac7-9755402e6d56&cache=v2)
浏览器打开设置到的域名,输入绑定的邮箱接收验证码
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F06c19921-74f4-4d8b-87e3-177e2ce9d387%2FE382B9E382AFE383AAE383BCE383B3E382B7E383A7E38383E38388202023-10-232010.16.24.png?table=block&id=bec15d6b-3124-44b3-95ae-7f9280869724&cache=v2)
验证服务器中用户身份
![notion image](https://www.notion.so/image/https%3A%2F%2Fprod-files-secure.s3.us-west-2.amazonaws.com%2Fdf134355-786c-4ad5-8e01-366643be1292%2F41f4d547-10b2-470a-8ee8-8bea0d7070a2%2FE382B9E382AFE383AAE383BCE383B3E382B7E383A7E38383E38388202023-10-232010.21.27.png?table=block&id=1a26a55c-48e5-4022-aa81-212e872c973f&cache=v2)