Skip to main content
Crusoe Support Help Center home page
Crusoe

How-To: Access Services Within Private VPC via Cloudflare Tunnel on Crusoe Linux VM Using Cloudflare CLI

Matt Roark
Matt Roark
Updated

Overview

This article provides a comprehensive guide for accessing specific resources on a private network via a Cloudflare Tunnel on a Crusoe Linux VM. By leveraging a dedicated domain, users can securely route traffic to targeted resources. This solution enhances security and simplifies access management, making it ideal for organizations that need to connect to specific internal applications or services.

Prerequisites

Before proceeding with the steps outlined in this guide, ensure that you have the following:

  • A free Cloudflare account is created.
  • A registered domain name with any domain registrar.
  • Cloudflare is set as your primary DNS provider, meaning that the name servers for your domain are pointed to Cloudflare.
  • Basic familiarity with command-line operations and SSH.

Step 1: Create a Crusoe VM

  1. Log in to your Crusoe account.
  2. Navigate to the VM creation section.
  3. Select a dedicated CPU-based instance type for optimal performance.
  4. Configure any additional settings (such as storage size, network options, etc.) as per your requirements.
  5. Launch the VM and note the public IP address for SSH access.

Step 2: SSH into the VM

  1. Open a terminal (or Command Prompt/PowerShell on Windows).

  2. Connect to your VM using SSH:

    ssh ubuntu@<VM_PUBLIC_IP>
    

    Replace <VM_PUBLIC_IP> with the actual public IP address of your VM.

Step 3: Add Cloudflare Package Repository

For Ubuntu 22.04, execute the following commands:

  1. Create a keyrings directory:

    sudo mkdir -p --mode=0755 /usr/share/keyrings
    
  2. Add the Cloudflare GPG key:

    curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
  3. Add the Cloudflare package repository:

    echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared jammy main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
    
  4. Update the package list and install cloudflared:

    sudo apt-get update && sudo apt-get install cloudflared
    

Step 4: Log in to the Cloudflare Tunnel

  1. Authenticate your Cloudflare account:

    cloudflared tunnel login
    

    Follow the prompts to authorize your account.

Step 5: Create a Cloudflare Configuration File

  1. Generate a configuration file by running:

    vi /etc/cloudflared/config.yml
    
  2. Add the following configuration, replacing <Tunnel-UUID> and <DOMAIN> with your tunnel’s UUID and your target domain:

    tunnel: <TUNNEL_NAME_OR_UUID>
    credentials-file: /etc/cloudflared/<TUNNEL_UUID>.json
    ingress:
    - hostname: <DOMAIN>
    service: http://<TARGET_RESOURCE_IP>:<PORT>
    - service: http_status:404
    • Replace <TARGET_RESOURCE_IP> with the IP address of the resource you want to access.
    • Replace <PORT> with the appropriate port number for the service.
  3. Save and exit the editor.

Step 6: Run the Cloudflare Tunnel as a System Service

    • Install the tunnel as a service:
      sudo cloudflared tunnel service install
      
      This command registers cloudflared as a systemd service.
    • Start the cloudflared service:
      sudo systemctl start cloudflared
      
    • Enable the cloudflared service to start on boot:
      sudo systemctl enable cloudflared
      
    • Verify the service status (optional):
      sudo systemctl status cloudflared
      
      Ensure the service is active (running).

Step 7: Update DNS Records in Cloudflare

  1. Log in to your Cloudflare dashboard.
  2. Navigate to the DNS settings for your domain.
  3. Create a CNAME record pointing your chosen hostname to the Cloudflare Tunnel:
    • Type: CNAME
    • Name: The hostname you configured in your config.yml (e.g., app if your full domain was app.yourdomain.com).
    • Target: your_tunnel_id.cfargotunnel.com (replace your_tunnel_id with your actual Tunnel UUID).
    • Proxy status: Ensure it is Proxied (orange cloud).

After saving the DNS record, traffic to your specified domain (e.g., app.yourdomain.com) will now be securely routed through the Cloudflare Tunnel to your private resource on the Crusoe VM.

Additional Resources

Related to

Was this article helpful?

0 out of 0 found this helpful

Still need help?

Our support team is ready to assist you with any questions.

Have more questions? Submit a request

Recently Viewed

Comments

0 comments

Article is closed for comments.