6fceb94998
Per the contribution guidelines, this seemed to me like a small enough
change to not warrant an issue before creating this pull request. Let me
know if you'd like me to create one anyway.
## Background
While working with `cloudflared` on FreeBSD recently, I noticed that
there's an inconsistency with the available CLI commands on that OS
versus others — namely that the `service` command doesn't exist at all
for operating systems other than Linux, macOS, and Windows.
Contrast `cloudflared --help` output on macOS versus FreeBSD (truncated
to focus on the `COMMANDS` section):
- Current help output on macOS:
```text
COMMANDS:
update Update the agent if a new version exists
version Print the version
proxy-dns Run a DNS over HTTPS proxy server.
tail Stream logs from a remote cloudflared
service Manages the cloudflared launch agent
help, h Shows a list of commands or help for one command
Access:
access, forward access <subcommand>
Tunnel:
tunnel Use Cloudflare Tunnel to expose private services to the Internet
or to Cloudflare connected private users.
```
- Current help output on FreeBSD:
```text
COMMANDS:
update Update the agent if a new version exists
version Print the version
proxy-dns Run a DNS over HTTPS proxy server.
tail Stream logs from a remote cloudflared
help, h Shows a list of commands or help for one command
Access:
access, forward access <subcommand>
Tunnel:
tunnel Use Cloudflare Tunnel to expose private services to the Internet
or to Cloudflare connected private users.
```
This omission has caused confusion for users (including me), especially
since the provided command in the Cloudflare Zero Trust dashboard
returns a seemingly-unrelated error message:
```console
$ sudo cloudflared service install ...
You did not specify any valid additional argument to the cloudflared tunnel command.
If you are trying to run a Quick Tunnel then you need to explicitly pass the --url flag.
Eg. cloudflared tunnel --url localhost:8080/.
Please note that Quick Tunnels are meant to be ephemeral and should only be used for testing purposes.
For production usage, we recommend creating Named Tunnels. (https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/)
```
## Contribution
This pull request adds a "stub" `service` command (including the usual
subcommands available on other OSes) to explicitly declare it as
unsupported on the operating system.
New help output on FreeBSD (and other operating systems where service
management is unsupported):
```text
COMMANDS:
update Update the agent if a new version exists
version Print the version
proxy-dns Run a DNS over HTTPS proxy server.
tail Stream logs from a remote cloudflared
service Manages the cloudflared system service (not supported on this operating system)
help, h Shows a list of commands or help for one command
Access:
access, forward access <subcommand>
Tunnel:
tunnel Use Cloudflare Tunnel to expose private services to the Internet or to Cloudflare connected private users.
```
New outputs when running the service management subcommands:
```console
$ sudo cloudflared service install ...
service installation is not supported on this operating system
```
```console
$ sudo cloudflared service uninstall ...
service uninstallation is not supported on this operating system
```
This keeps the available commands consistent until proper service
management support can be added for these otherwise-supported operating
systems.
|
||
|---|---|---|
| .github | ||
| .mac_resources | ||
| .teamcity | ||
| carrier | ||
| cfapi | ||
| cfio | ||
| cmd/cloudflared | ||
| component-tests | ||
| config | ||
| connection | ||
| credentials | ||
| datagramsession | ||
| diagnostic | ||
| edgediscovery | ||
| features | ||
| fips | ||
| flow | ||
| hello | ||
| ingress | ||
| internal/test | ||
| ipaccess | ||
| logger | ||
| management | ||
| metrics | ||
| mocks | ||
| orchestration | ||
| overwatch | ||
| packet | ||
| proxy | ||
| quic | ||
| retry | ||
| signal | ||
| socks | ||
| sshgen | ||
| stream | ||
| supervisor | ||
| tlsconfig | ||
| token | ||
| tracing | ||
| tunneldns | ||
| tunnelrpc | ||
| tunnelstate | ||
| validation | ||
| vendor | ||
| watcher | ||
| websocket | ||
| .docker-images | ||
| .dockerignore | ||
| .gitignore | ||
| .golangci.yaml | ||
| CHANGES.md | ||
| Dockerfile | ||
| Dockerfile.amd64 | ||
| Dockerfile.arm64 | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
| RELEASE_NOTES | ||
| build-packages-fips.sh | ||
| build-packages.sh | ||
| catalog-info.yaml | ||
| cfsetup.yaml | ||
| check-fips.sh | ||
| cloudflared.wxs | ||
| cloudflared_man_template | ||
| dev.Dockerfile | ||
| fmt-check.sh | ||
| github_message.py | ||
| github_release.py | ||
| go.mod | ||
| go.sum | ||
| postinst.sh | ||
| postrm.sh | ||
| release_pkgs.py | ||
| wix.json | ||
README.md
Cloudflare Tunnel client
Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins.
This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you
via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible.
Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs.
All usages related with proxying to your origins are available under cloudflared tunnel help.
You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic
at Layer 4 (i.e., not HTTP/websocket), which is relevant for use cases such as SSH, RDP, etc.
Such usages are available under cloudflared access help.
You can instead use WARP client
to access private origins behind Tunnels for Layer 4 traffic without requiring cloudflared access commands on the client side.
Before you get started
Before you use Cloudflare Tunnel, you'll need to complete a few steps in the Cloudflare dashboard: you need to add a website to your Cloudflare account. Note that today it is possible to use Tunnel without a website (e.g. for private routing), but for legacy reasons this requirement is still necessary:
Installing cloudflared
Downloads are available as standalone binaries, a Docker image, and Debian, RPM, and Homebrew packages. You can also find releases here on the cloudflared GitHub repository.
- You can install on macOS via Homebrew or by downloading the latest Darwin amd64 release
- Binaries, Debian, and RPM packages for Linux can be found here
- A Docker image of
cloudflaredis available on DockerHub - You can install on Windows machines with the steps here
- To build from source, first you need to download the go toolchain by running
./.teamcity/install-cloudflare-go.shand follow the output. Then you can runmake cloudflared
User documentation for Cloudflare Tunnel can be found at https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
Creating Tunnels and routing traffic
Once installed, you can authenticate cloudflared into your Cloudflare account and begin creating Tunnels to serve traffic to your origins.
- Create a Tunnel with these instructions
- Route traffic to that Tunnel:
- Via public DNS records in Cloudflare
- Or via a public hostname guided by a Cloudflare Load Balancer
- Or from WARP client private traffic
TryCloudflare
Want to test Cloudflare Tunnel before adding a website to Cloudflare? You can do so with TryCloudflare using the documentation available here.
Deprecated versions
Cloudflare currently supports versions of cloudflared that are within one year of the most recent release. Breaking changes unrelated to feature availability may be introduced that will impact versions released more than one year ago. You can read more about upgrading cloudflared in our developer documentation.
For example, as of January 2023 Cloudflare will support cloudflared version 2023.1.1 to cloudflared 2022.1.1.
Development
Requirements
- GNU Make
- capnp
- cloudflare go toolchain
- Optional tools:
Build
To build cloudflared locally run make cloudflared
Test
To locally run the tests run make test
Linting
To format the code and keep a good code quality use make fmt and make lint
Mocks
After changes on interfaces you might need to regenerate the mocks, so run make mock