Cloudflare: How to Set up Cloudflare Argo Tunnel FREE on Unraid - Bypass CGNAT

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

FYI I prefer to use erisamoe/cloudflared so you don't have to manually update the tag to get updates. Not sure why cloudflare don't tag the current build with 'latest' in their repo.

👍︎︎ 6 👤︎︎ u/dcoulson 📅︎︎ Jun 06 2021 🗫︎ replies

oh sweet, this would probably stop those RU bots trying to scan my server via IP.

👍︎︎ 4 👤︎︎ u/ziggie216 📅︎︎ Jun 06 2021 🗫︎ replies

/u/dcoulson

/u/lunchplease1979

👍︎︎ 2 👤︎︎ u/jassycliq 📅︎︎ Jun 06 2021 🗫︎ replies

I have this working for http://mydomain.com but my subdomains are not working. I setup a cname record for the subdomain and I am pointing it at @. Any idea how I can fix this error?

Instead of pointing to @, I tried pointing at my tunnel (UUID.cdargotunnel.com) but that didn't work.

Subdomains were previously working. I am using nginx proxy manager.

Edit: resolved by flushing dns on my computer I was using to access.

👍︎︎ 2 👤︎︎ u/54lzy 📅︎︎ Jun 06 2021 🗫︎ replies

Does this work with Swag?

👍︎︎ 2 👤︎︎ u/Buttholehemorrhage 📅︎︎ Jun 06 2021 🗫︎ replies

works great, and perfect timing as I set up a friends server who is behind CGnat.

👍︎︎ 2 👤︎︎ u/impoze 📅︎︎ Jun 07 2021 🗫︎ replies

Great video as usual! Suggestion.. please slow down, felt very rushed.

👍︎︎ 2 👤︎︎ u/ziggie216 📅︎︎ Jun 06 2021 🗫︎ replies

!remindme 12 hours

👍︎︎ 1 👤︎︎ u/canfail 📅︎︎ Jun 06 2021 🗫︎ replies

!remindme 12 hours

👍︎︎ 1 👤︎︎ u/MysticalMan 📅︎︎ Jun 06 2021 🗫︎ replies
Captions
hi guys and welcome back to another ibracorp  video absolutely stoked to have you guys coming   back and checking out the channel today  we have a really exciting video for you   today hopefully that uh you will enjoy just  as much as we did getting it all together   today we're going to be showing you how to get  a tunnel working from your unraid server out   through cloudflare and out to the world there's  so many benefits to this method and just to give   you a few if you're someone that has ports 80 and  443 blocked for example you have double nat going   on you might have ports exposed on your router  you want to have your origin ip always hidden   this is the video for you and this basically  ties in with our previous cloudflare videos   as well as our nginx proxy manager video as well  they all work hand in hand and they culminate to   this point basically if you've got all set up and  you want to tighten it all down this is going to   be one of the best options for you now guys i did  have some instructions on getting plex to work   via cloudflare but due to conflicting information  i actually don't want to be endorsing that because   i don't want anybody to get their cloudflare  account disabled so the only exception to our   port situation where we don't want exposed ports  in this scenario unfortunately i can't say that we   fully can have no ports open and the reason is  at this point i think the safest advice that i   can publicly put out there is that you need to use  plex with the port open on your server so that you   are not going via cloudflare and having any issues  with them so i highly recommend that you do it   that way there are methods out there that people  are using to use cloudflare but unfortunately i   cannot recommend that because i don't want anybody  to have any issues so apologies for that one   it's also worth noting that this setup will not  require you to make any major changes to existing   infrastructure or containers basically everything  will still go through your nginx proxy manager or   reverse proxy whatever that might be that you're  using obviously you'll need to make slight   adjustments and that's why i'm here today to put  that together for you before we get started i just   want to give a big big thank you to our community  members and our community leaders for putting this   together we have alios hawks and disc duck who  have worked very hard to get all this content   together for us this week they've helped with the  scripting and the writing of documentation which   is now up on the git and they've also created a  template which is on the unraid app store so big   thank you to them please remember to support your  local developer and if you like their work be sure   to buy them a beer or a coffee so without further  ado let's just get stuck into it because we've   been waiting all week for this and i'm really  excited to get started with you so let's do it   all right guys so you're interested in setting  up a tunnel formerly this used to be called argo   tunnels until cloudflare basically announced  that they were allowing users to take advantage   of their tunneling system for free now i'm going  to quickly swing up a couple of benefits of using   this for you up on the screen and why we want  to use them one portability because we're using   a tunnel from our server you could basically  take your server anywhere around the world   and you'll still have it all working perfectly  fine once you plug it in and the reason is we're   not going to be pointing to any origin ip  address so that alone is huge because if you   have a dynamic ip address from your isp we don't  care anymore that doesn't matter we're going to be   safe the next is you'll be able to take advantage  of cloudflare ctn now if you're already using our   method using our cloudflare videos you are using  event taking advantage of that cdn functionality   so you know ddos attacks and things like that to  add that you won't have any open ports if you're   using everything via the tunnel basically you  don't have to expose any ports because nothing   is going to be hitting those ports everything  is going to be channeled through the tunnel now   this is not going to make much sense so what i'm  going to do is bring up an image that hawks has   kindly put together for us and it's going to make  a little bit more sense so let me switch to that   so here we are here's our fantastic image here  this image has been created in draw io which i've   recommended before and it's really fantastic tool  that is free in open source and is an alternative   to something like microsoft physio so again  thanks to hawks putting this together here   we have a working image with different layers so  this allows me to explain it to you a little bit   easier so what you're looking at now is a normal  routing layout basically what most people probably   have especially if they followed our cloudflare  videos and that includes myself what you're   looking at here is our unright environment or your  server environment you have your server it's going   through the applications via the reverse proxy  out to your router we have ports 1443 and 443 open   which is accepting our https requests that's being  passed along the entire route all the way here to   our dns server out in cloudflare where it's being  served out to the edge so this would be considered   our origin request up until this point here to  the internet now what we're going to be changing   is adding our tunneling so let's have a look  at what that looks like if i just untick normal   routing and we tick argo routing gives us a better  image of what to expect so what you're looking at   here is instead of the reverse proxy just reaching  out it's actually going to hit our cloudflare d   which i'm going to call cloudflared for the rest  of this video it hits our cloud flared daemon   that damon is the tunnel sends the communication  out it ignores any of this because it's going via   tunnel is basically just communication  it doesn't need any particular ports   clav-led itself knows which ports it's accepting  and where to send it to that communicates with   the reverse proxy so on the reverse proxy we don't  have to really change anything so that means you   can keep all your proxying the same so the only  changes we're making are removing our forwarding   and adding the cloudflare daemon to intercept  traffic so that goes right through the firewall   no problem still in the tunnel while it's in the  tunnel it hits the argo service up on cloudflare   cloudflare then serves the content out to the  world as you can see here we can now close   ports 80 and 443 on our router or our firewall  and block those requests coming in directly   so what does this give us well we don't have any  leaked ip address we have no ip address showing at   any point in the stage of operation we have an  ssl that will be at every stage of the process   the ssl will be applied both on the origin and on  the edge so if you followed our cloudflare video   and you set up your origin certificate perfect  because that's where this is going to come in   you're less likely to get a man in the middle  attack that's because of the certs that we have   both the origin and edge and also the tunnel  directly to cloudflare there's basically it   makes it very difficult for someone to intercept  that traffic now again we're going to be bypassing   double net issues and it's almost impossible to  find the origin of the server because no ip is   ever shared publicly it's all hidden in the  tunnel and is served out by cloudflare from   their own ip addresses another added benefit  of this of course is improved latency because   it uses cloudflare smart routing it avoids  congested areas of the internet now if i just   apply our congestion traffic here you see  all this traffic that has to bounce around   and starts getting congested especially if you're  going directly from your server guys depending on   where you are in the world you may not have  the best internet someone on the other side   probably isn't going to get the best experience  now not all cases you're even going to be going   to that length to have it working 100 on the  other side of the world you know in those cases   a vps might be more for you but in our scenario  we're home users or we're home labs and we want to   access stuff remotely but we want it to  be secure this is going to be the best way   because it's going to be served by cloudflare we  don't have to worry about it coming directly from   our setup per se everything gets sent through the  tunnel and then cloudflare can handle the caching   and send stuff out from there which can speed  up things quite a bit so that's pretty much the   explanation and you know pretty much an overview  image of how it all works and i hope that makes   a little bit more sense i'll just flick back to  the normal routing for you and you can see all the   routing that we're having to avoid here okay we're  basically avoiding having to go anywhere near this   sort of setup anymore and being able to close  all your ports i mean that's amazing one of my   follow-up videos in the next few weeks will be  a review on the udm pro and the one thing that   i've started noticing with threat management  is the amount of hits on ports 80 and 443   people trying to intercept traffic or trying to  gain administrator privileges you can avoid all   of that basically because they don't have to  hit your server at all anymore everything is   going directly to cloudflare and cloudflare can  deal with it and mitigate it the way they need to   so with that all done and said we've explained how  this all works let's just show you how to get it   working and let's get started making it happen now  as i said thanks to our community members alios   and hawkins we have instructions that have been  written up and the template up on the ca store   to get to the instructions it's just github.com  forward slash alios forward slash cloudflare as   you can see he's written up our instructions here  the guys worked really hard to get this up for you   so this is what we're going to be following  today i'm going to be following it off screen   just to make it easier for you watching the video  so you can basically follow me if you want but if   you like as well i'll have the link down in  description for this documentation so please   support the developer give them a start give  him a follow whatever it takes buy him a coffee   we all like to make sure we support each other in  this community and look he's bringing us all this   information that i didn't know about before so i  like to give credit where it's due okay so with   the guide out of the way and we're ready to go we  can start on our tunneling send yourself over to   your unraid server as you can see here our old  faithful pumba is back in action as usual the   first thing we're going to do is some setup steps  so in the documentation step one we need to run   a command in the terminal see in the top right  here you'll see terminal let's just click that   in the terminal we're going to paste this command  okay so we've run it it's printed our link go   ahead and click the link now now it's opened up in  a separate tab which i've just pulled over for you   go ahead and click the site that you want to go  through the link so this one over here we want to   authorize that to go through argo tunnel you will  notice that i am already logged into cloudflare   so i did that before we started the video but  it may ask you to log in first and if it does   and doesn't send you to this screen after you log  in just close it and click the link again in the   terminal window and you'll get this so we're going  to go ahead and authorize it we'll click authorize   success it has now installed a certificate  allowing your origin to create an argo   tunnel on this zone you may now close  this window and start your argo tunnel   so we'll go ahead and close that and as you can  see back in the terminal window it says you have   successfully logged in if you wish to copy your  credentials they have been saved to blah blah blah   so first step complete no problems there now  we need to create a tunnel to do this we'll run   another command from the unread terminal so i'm  copying this from the guide and i'm going to make   a small change so what i'm going to do is bring  over notepad plus plus here so here's notepad plus   plus i'm going to paste the command in and we're  just going to have a quick read of what it's doing   and i'll just zoom in for those mobile users to  make it a bit easier for you so we've got docker   run hyphen it hyphen hyphen rm hyphen v and it's  going to update a folder which we haven't created   yet which is what this is going to be doing  tunnel create and then the tunnel name so for   the tunnel name i'm just going to change that  to ibracorp.org then we're going to copy this   and go back to our terminal window so while  we've got the terminal here we will right click   and go paste once you've pasted it go ahead and  click enter and with we've created a tunnel now   what that's just done is create a dot json file  which contains a secret used to authenticate   our tunneled connection with cloudflare so right  after where it says with id that's our uuid all   right it's a unique identifier so we're going  to right click and go copy and just in a notepad   somewhere just keep that there for future use  because we're going to need to come back to it   now that that's done in the terminal the next  command we're going to put in is a nano command   so that we can edit the file now you can do  this on your local file server if you prefer   something like notepad plus plus and open it up  in windows explorer but you can also do it right   here in the terminal so just to show you what  i typed i basically type nano forward slash mnt   forward slash user app data cloudflared forward  slash config.yaml after i pasted that in and then   opened up this nano screen so nano is basically  just a text editor so in here is where we need   to put all of our config now i'm going to show  you the config that i use so in the config we're   going to click paste and this is also in the guide  guys but this is my one just to show you what it   looked like once i finished setting it up so as  you can see we've got tunnel credentials file the   ingress which is going to be a reverse proxy and  the origin server name so we're going to make some   changes here if we go back to our notepad plus  plus this is our uuid so we're going to need to   copy that and head back to this terminal here with  nano open and we need to update a few things so in   the tunnel here we need to make sure that we've  got the right tunnel name right next to tunnel go   ahead and click paste that's our uuid so we've put  that there we also need to rename the json file   that it's trying to reference so as you can see  this is actually my old file so it's referencing   the old tunnel id so we need to make sure it's the  most recent one that we just created so i've gone   ahead and added that i can see it matches there as  well so those two first two are basically the same   for the ingress this is where you're going  to be forwarding it to your reverse proxy   so if you're using npm like i am we'll go to  docker here and we'll start up nginx proxy   manager so that it's ready to go for us and what  i'll do is i'll even start a couple of other apps   just so that we've got some stuff to test with so  as you can see our port for nginx proxy manager   on https is one eight four four three we want as  much communication as we can going through ssl   so we're only going to allow ssl so as you can  see that ip address matches our reverse proxy for   nginx proxy manager be sure there's no trailing  slash we've just got the ip address followed by   the port number if however all your apps are on  a on the same custom docker network then what you   can do is just put the name of the container so in  this case you could put for example you could just   put npm if your container was called npm or in my  case it's called nginx proxy manager i'm going to   put the ip address here just because that's what  shows up as default in your origin request and   your origin server name it is your root domain  so make sure you put your root domain in there   yours could be domain.com etc etc under here is  a rule if you wanted to forward any http traffic   if you did this is how you would do it just make  sure that you update all the relevant information   so this doesn't need to be here that was put  in by mistake but yeah if you wanted http this   is how you would do it just add that underneath  now i don't recommend that personally but each to   their own so once you've done all that we're just  going to hit go ahead and click ctrl o and that   writes all of our changes it's going to ask you to  confirm the name and then go ahead and click enter   and it says down the bottom here wrote 12 lines  so we've just saved that file just for those that   might be confused if you go to the server through  your windows explorer for example as you can see   here appdata we've got our cloudflare here's the  file that we've created here's the yaml file that   we also created if i open that up that's what's  showing in our terminal so all we've done is just   do it through the terminal instead of trying to  do it through the file explorer so either option   works it doesn't matter now there are a lot more  commands and things you can put into this file   if you wanted to so i suggest you have a read of  those in the guide on git which links to a lot of   ingress rules that are supported by cloudflare so  that might help you customize your setup a little   bit better but for the average user that we're  you know someone like us who just wants to set   it up with https and that's it this is the way to  do it so with that done guys that's pretty much   that part complete so all we need to do now is  get the app on the ca store so let's go to apps   here in unraid and as you can see it's already at  the top because alios just released it recently   otherwise you might have to search it cloudflared  and it's by alios's repository go ahead and click   to install so mine starts off in advance if yours  does not start off in advance you might start like   this just make sure you click to advance in the  top right here have a read through you'll see   a couple of things and we've got post arguments  tunnel run uuid so back in our notepad plus plus   we're going to copy our uuid which we got earlier  and we're going to paste it right here and replace   this once we've done that we're going to set  the network type to be our custom docker network   that's just personal preference i highly recommend  that you have them all on a custom docker network   so have them all on the same network if you  can just makes it a bit easier and you can   also reference them to each other as well using  your hostname with that done we should be able   to just start it up so go ahead and click apply  i'll also add if you go back into the template   just make sure that this is referencing your app  data location where we did all that work earlier   it should by default thanks to the template but if  not just some extra thing to check we'll go to the   docker tab left click it and go to logs now the  first thing you'll notice is we have an outdated   version that's what the log's telling us right  but the connections are still established so what   i actually recommend you do is we're going to set  a specific version that's latest as of this video   so i'll show you how to do that we'll close this  head back to our cloud flared docker container   we'll go into the template go to the repository  field here and on the right hand side put in a   semicolon followed by the version now as of making  this video this is the latest version 2021.5.10   hyphen amd 64. if you don't know what it  is and you want to get the latest version   you can always just go to the docker hub page  which is right there so we'll go to that and if   we go to tags here you can see what the tag is  so basically you can take any version you want   and that will also mean that it won't upgrade  further than that version so it's important to   remember to come back at a later point if you like  and make sure you've got the latest if you don't   specify a version it should technically pull the  latest for us the issue though is with this one   unfortunately it keeps trying to pull a previous  version which might be considered the stable one   but it's actually not so this one i found a lot  more stable and works really well so we're going   to use this version here once we're done go ahead  and click apply and so what it's going to do now   is it's going to pull the latest version that  we've specified and replaced the one with that   we've already had then we'll left-click and go  to logs again now what you're looking at here   are clean logs this looks good this is exactly  what we want to see so we're happy with that   but it doesn't end there we've got one more step  to get this fully working and that is all so the   next thing you need to do is head over to your  cloudflare account so we're here in cloudflare   go to your dns settings and under ibrocorp.org  here for example that's our root domain so your   root domain is obviously going to be different  so again like i mentioned before we don't have   to worry about dynamic dns anymore which means we  don't need to know what the specific ip address is   so all we need to do in this case is paste  the following we're going to take our uuid   we're going to paste that there and then we're  going to add cf for cloudflare argo tunnel.com   so it should be your uuid dot cfrgotunnel.com once  you've got that go ahead and click save so what   we're doing there is we're telling cloudflare  where to find the site and the site is at that   tunnel address so like i said you can basically  take your server to the other side of the globe   have a completely different ip address doesn't  matter it's going by your tunnel now obviously   we have it proxied and then for all your other c  names all you have to do is point it to your route   okay so the workflow is ibracorp.org is found  here all of these subdomains are found at ibracorp   pretty simple and make sure they're all proxied  as well now that is pretty much it guys that is   how we got the tunnel working and it's now running  so to test it we're going to go to a website now   so just note also that we haven't had to make  any changes in nginx proxy manager so let's try   and hit a website that i've set up in nginx proxy  manager so in nginx proxy manager for ibracorp.org   at the moment i've just got it pointing to sonar  so let's go to ibracorp.org there you go so i've   put in ibracorp.org and it sent her straight to  sonar and i'll prove to you why this is working   previously if i wanted to do this sort of stuff  while i was recording a video for you guys i would   have to change the for forwards on my router to  send 80 and 443 to my test server which would   basically take all my other stuff offline while i  did a video right now this is going via the tunnel   so there's nothing that i have to change on  the router anymore it's basically adaptive   and since you can have separate tunnels you can  basically have separate sites separate things   going through and not have to worry about making  any changes on your router now just to prove again   i'll go with a sub domain as well and for this one  i have reactive resume running on the test server   so i've been able to test using a subdomain  resume.record.org you can see all of our   certificates are valid if we open it up that's our  edge certificate there and because in cloudflare   we have full strict settings basically the whole  way through is secure now if you haven't watched   my cloudflare videos those are still beneficial  and you need to have the basics set up before you   can go into the tunnel so i recommend you check  those out that is it you've got the tunnel it's   working all good i'm going to show you a couple  more things that might be of assistance to you so   a couple of disclaimers here if you wanted to get  rid of your tunnel you would need to run a couple   of commands so let's say you've got your tunnel  but you don't want it anymore you just want to   get rid of it or you want to see what's available  open up the terminal and we're going to paste this   in here okay we've got a thing that's going to  list all of our tunnels that we're running so with   this command it's going to list all the tunnels  that we have and the connections that they have   so you cannot have two tunnels with the same name  you need to give them a new name if you create a   new one let's say we want to remove the old one  now see this one here i did that yesterday while   i was testing i don't want that anymore so what  i'm going to do is get rid of it so to delete   that and revoke it we need to clearly identify it  as one that we want to change so copy the id i'll   drop that there i'll grab this id again and as you  can see here's the command here in front of you   i'll change this part here we'll copy that head  back to our terminal window and i'll paste it   in here so what we've done there is get rid  of that tunnel so we've revoked it so if you   wanted to reuse that name you have to revoke it  first also worth noting that deleting the tunnel   also invalidates the credentials file associated  with the tunnel meaning those connections cannot   be re-established so you have to set up a new one  and have a new credentials file but that's pretty   much done guys we now have a working tunnel it's  working perfectly fine we've got the logs here   and that's a clean set of logs if you look at that  you can see there's no errors we've got no issues   everything's running beautifully always worth  noting that the uuid is private make sure you   do not share that out to anywhere and it make  sure that you keep your credentials file safe   with that in hand we've now basically set up  a tunnel with cloudflare everything is heading   out through there everything is secure how easy  was that and it's only that easy because of all   the help that we've got in the community on our  discord server so i hope you guys enjoyed that   that was so exciting i really couldn't wait to  get this video out there because i think it's   a very important topic and for something that can  address so many different issues that people have   especially those bully isps that really try and  tell you to f off basically for having you know   you're wanting to use your ports 80 and 443 i mean  this basically tells them where to go and lets you   have everything you want run the way you like  it and going out through cloudflare now i would   be remiss if i didn't thank cloudflare for their  amazing service they offer so much for free which   you know you've got to really give them credit  guys so big thank you to cloudflare hopefully   one day maybe they want me to work with them on  something in specific another big thank you to   our discord community hawks alios disc duck the  rest of our community members who keep pitching   in all these great ideas and working together  to come up with something really really cool   i really really thank you all for that also be  doing a collaboration with awesome open source in   the next few weeks maybe a little bit longer keep  an eye out on his channel i've got it featured on   mine he's also put one out recently that i helped  him with too and i really can't wait to get into   the next video if you like this video guys give  me a big thumbs up please and subscribe it really   helps the channel out and congratulations  to us on 3000 subs thank you for everyone   who has helped support us and i hope you enjoyed  today's video we'll see you in the next ibra corp video you
Info
Channel: IBRACORP
Views: 15,966
Rating: undefined out of 5
Keywords: argo, argo tunnel setup, authelia, cdn, cf setup, cgnat, cloudflare, cloudflare argo tunnel, cloudflare argo tunnel setup, cloudflare cdn, cloudflare dns, cloudflare on unraid, cloudflare setup unraid, cloudflare ssl, cloudflare tunnel, cloudflare tunnel tutorial, cloudflare tutorial, ddos, dns, free ssl, ibra corp, ibraco, ibracorp, security, setup cloudflare, unraid, unraid argo, unraid cloudflare, unraid cloudflare argo tunnel, unraid how to, unraid plugins
Id: RQ-6dActAr8
Channel Id: undefined
Length: 24min 36sec (1476 seconds)
Published: Sat Jun 05 2021
Related Videos
my SUPER secure Raspberry Pi Router (wifi VPN travel router)
NetworkChuck
373K
Unraid Parity Drive DOWN - How I fixed a disabled hard drive in my NAS server
PC Tech Hustle
1.3K
Unmanic - Library Optimizer - Save Petabytes of Space & More
IBRACORP
4.6K
SpaceX's Starlink Reviewed: How is it after 4 months?
Jeff Geerling
528K
Don't Talk to the Police
Regent University School of Law
16M
you need to learn Ansible RIGHT NOW!! (Linux Automation)
NetworkChuck
439K
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
Securing NGinX Proxy Manager - follow up - securing your admin console for this Open Source Software
Awesome Open Source
24K
How to Make Your Own VPN (And Why You Would Want to)
Wolfgang's Channel
1.4M
Ubiquiti: UniFi Dream Machine Pro (UDM-Pro) - Worth it? Setup & Install (2021)
IBRACORP
8.6K
Save Terabytes of Disk Space Using H265 & Tdarr
Spaceinvader One
37K
Authelia: Install Guide + NGINX Proxy Manager (Deep Dive)
IBRACORP
15K
NGINX Proxy Manager: How to Install and Setup Reverse Proxy on Unraid (2021)
IBRACORP
27K
Cloudflare: A Complete Guide, Features & Walkthrough (2021)
IBRACORP
5.5K
Unraid: Atomic-Moves, Hardlinks & Media Automation - Why Use
IBRACORP
12K
New Square Dish! Major Starlink Updates
Crosstalk Solutions
140K
Authelia - Free, Open Source, Self Hosted authorization and authentication for your web applications
Awesome Open Source
11K
Unraid: 20 Must Have Plugins (2021 Edition)
IBRACORP
31K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.