Go to file
Lee Valentine 206523344f TUN-4017: Add support for using cloudflared as a full socks proxy.
To use cloudflared as a socks proxy, add an ingress on the server
side with your desired rules. Rules are matched in the order they
are added.  If there are no rules, it is an implicit allow.  If
there are rules, but no rule matches match, the connection is denied.

ingress:
  - hostname: socks.example.com
    service: socks-proxy
    originRequest:
      ipRules:
        - prefix: 1.1.1.1/24
          ports: [80, 443]
          allow: true
        - prefix: 0.0.0.0/0
          allow: false

On the client, run using tcp mode:
cloudflared access tcp --hostname socks.example.com --url 127.0.0.1:8080

Set your socks proxy as 127.0.0.1:8080 and you will now be proxying
all connections to the remote machine.
2021-03-10 21:26:12 +00:00
.mac_resources AUTH-2712 mac package build script and better config file handling when started as a service 2020-06-25 16:44:57 -05:00
.teamcity AUTH-3103 CI build fixes 2020-09-18 19:33:30 +00:00
carrier Revert "AUTH-3394: Creates a token per app instead of per path" 2021-03-10 13:54:38 -06:00
certutil TUN-2943: Copy certutil from edge into cloudflared 2020-05-04 17:37:29 -05:00
cmd/cloudflared Revert "AUTH-3394: Creates a token per app instead of per path" 2021-03-10 13:54:38 -06:00
component-tests TUN-4055: Skeleton for component tests 2021-03-08 11:08:34 +00:00
config TUN-4017: Add support for using cloudflared as a full socks proxy. 2021-03-10 21:26:12 +00:00
connection TUN-4026: Fix regression where HTTP2 edge transport was no longer propagating control plane errors 2021-03-04 18:45:39 +00:00
edgediscovery TUN-3471: Add structured log context to logs 2021-01-05 20:21:16 +00:00
fips TUN-3905: Cannot run go mod vendor in cloudflared due to fips 2021-03-09 17:31:59 +04:00
h2mux TUN-3617: Separate service from client, and implement different client for http vs. tcp origins 2021-02-23 14:19:44 +00:00
hello TUN-3890: Code coverage for cloudflared in CI 2021-02-09 13:16:00 -06:00
ingress TUN-4017: Add support for using cloudflared as a full socks proxy. 2021-03-10 21:26:12 +00:00
ipaccess TUN-4017: Add support for using cloudflared as a full socks proxy. 2021-03-10 21:26:12 +00:00
logger TUN-3795: Use RFC-3339 style date format for logs, produce timestamp in UTC 2021-01-26 15:04:33 +00:00
metrics TUN-3635: Send event when unregistering tunnel for gracful shutdown so /ready endpoint reports down status befoe connections finish handling pending requests. 2021-02-08 15:38:42 +00:00
origin TUN-4063: Cleanup dependencies between packages. 2021-03-09 14:02:59 +00:00
overwatch AUTH-2169 make access login page more generic 2020-06-08 11:20:30 -05:00
signal TUN-1562: Refactor connectedSignal to be safe to close multiple times 2019-03-05 15:51:35 -06:00
socks TUN-4017: Add support for using cloudflared as a full socks proxy. 2021-03-10 21:26:12 +00:00
ssh_server_tests AUTH-2089: Revise ssh server to function as a proxy 2019-10-07 13:04:04 -05:00
sshgen Revert "AUTH-3394: Creates a token per app instead of per path" 2021-03-10 13:54:38 -06:00
teamnet TUN-3809: Allow routes ip show to output as JSON or YAML 2021-02-23 14:19:47 +00:00
tlsconfig TUN-3983: Renew CA certs in cloudflared 2021-03-01 16:30:28 +00:00
token Revert "AUTH-3394: Creates a token per app instead of per path" 2021-03-10 13:54:38 -06:00
tunneldns TUN-4063: Cleanup dependencies between packages. 2021-03-09 14:02:59 +00:00
tunnelrpc TUN-3470: Replace in-house logger calls with zerolog 2020-12-23 14:15:17 -06:00
tunnelstore TUN-3670: Update Teamnet API gateway prefixes 2021-01-11 13:40:44 -06:00
validation TUN-3470: Replace in-house logger calls with zerolog 2020-12-23 14:15:17 -06:00
vendor TUN-3963: Repoint urfave/cli/v2 library at patched branch at github.com/ipostelnik/cli/v2@fixed which correctly handles reading flags declared at multiple levels of subcommands. 2021-02-24 20:04:59 +00:00
watcher AUTH-2596 added new logger package and replaced logrus 2020-05-27 17:07:19 -05:00
websocket Allow partial reads from a GorillaConn; add SetDeadline (from net.Conn) (#330) 2021-03-09 19:57:04 +04:00
.docker-images AUTH-2871: fix rpm builds 2020-07-08 14:39:28 +00:00
.dockerignore TUN-3806: Use a .dockerignore 2021-01-26 14:04:53 +00:00
.gitignore TUN-4063: Cleanup dependencies between packages. 2021-03-09 14:02:59 +00:00
CHANGES.md TUN-4069: Fix regression on support for websocket over proxy 2021-03-09 19:43:10 +00:00
Dockerfile TUN-3830: Use Go 1.15.7 2021-01-28 22:37:23 -06:00
LICENSE TUN-595: Add License/Readme files to cloudflared 2018-05-03 02:17:07 -05:00
Makefile TUN-3905: Cannot run go mod vendor in cloudflared due to fips 2021-03-09 17:31:59 +04:00
README.md Update the TryCloudflare link 2021-02-11 15:19:28 +00:00
RELEASE_NOTES Release 2021.2.5 2021-02-23 18:33:42 +00:00
cfsetup.yaml TUN-4047: Add cfsetup target to run component test 2021-03-08 11:57:18 +00:00
cloudflared_man_template AUTH-2644: Change install location and add man page 2020-07-06 19:27:25 +00:00
dev.Dockerfile TUN-3830: Use Go 1.15.7 2021-01-28 22:37:23 -06:00
github_message.py AUTH-3148 fixed cloudflared copy and match all the files in the checksum upload 2020-10-06 11:39:40 -05:00
github_release.py AUTH-3185 fixed indention error 2020-10-21 12:14:39 -05:00
go.mod TUN-3963: Repoint urfave/cli/v2 library at patched branch at github.com/ipostelnik/cli/v2@fixed which correctly handles reading flags declared at multiple levels of subcommands. 2021-02-24 20:04:59 +00:00
go.sum TUN-3905: Cannot run go mod vendor in cloudflared due to fips 2021-03-09 17:31:59 +04:00
jet.yaml TRAFFIC-448: build cloudflare for junos and publish to s3 2020-09-24 19:23:53 +04:00
postinst.sh AUTH-2858: Set file to disable autoupdate 2020-07-10 18:03:07 +00:00
postrm.sh AUTH-2858: Set file to disable autoupdate 2020-07-10 18:03:07 +00:00
wix.json AUTH-2712 mac package build script and better config file handling when started as a service 2020-06-25 16:44:57 -05:00

README.md

Argo Tunnel client

Contains the command-line client for Argo Tunnel, a tunneling daemon that proxies any local webserver through the Cloudflare network. Extensive documentation can be found in the Argo Tunnel section of the Cloudflare Docs.

Before you get started

Before you use Argo Tunnel, you'll need to complete a few steps in the Cloudflare dashboard. The website you add to Cloudflare will be used to route traffic to your Tunnel.

  1. Add a website to Cloudflare
  2. Change your domain nameservers to Cloudflare

Installing cloudflared

Downloads are available as standalone binaries, a Docker image, and Debian, RPM, and Homebrew packages. You can also find releases here on the cloudflared GitHub repository.

User documentation for Argo Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps

Creating Tunnels and routing traffic

Once installed, you can authenticate cloudflared into your Cloudflare account and begin creating Tunnels that serve traffic for hostnames in your account.

TryCloudflare

Want to test Argo Tunnel before adding a website to Cloudflare? You can do so with TryCloudflare using the documentation available here.

Deprecated versions

Cloudflare currently supports all versions of cloudflared. Starting on March 20, 2021, Cloudflare will no longer support versions released prior to 2020.5.1.

All features available in versions released prior to 2020.5.1 are available in current versions. Breaking changes unrelated to feature availability may be introduced that will impact versions released prior to 2020.5.1. You can read more about upgrading cloudflared in our developer documentation.

Version(s) Deprecation status
2020.5.1 and later Supported
Versions prior to 2020.5.1 Will no longer be supported starting March 20, 2021