Access non-http applications via Argo Tunnel?

Zero Trust Cloudflare Tunnel
1

Hi everyone,

I’m trying to see if I can use Cloudflare’s Argo Tunnel to route traffic for non-web applications through to my server.

I’ve so far followed the documentation to the point where I have a subdomain routing traffic through to an nginx server on a test vm, I have it set to not proxy it as I’m aware cloudflare doesn’t allow non-http traffic through it on the free plan.

here is the config I have setup:

url: localhost
tunnel: [REDACTED]
credentials-file: [REDACTED]

in theory this should allow traffic destined for any port through to the localhost of the machine running the tunnel, and I’ve successfully tested it with an nginx server which I can access from the tunnel’s sub-domain, but attempting to access the server over SSH or a minecraft server doesn’t work using that same sub-domain times out.

Is there something I’m missing? is it just a matter of upgrading to a paid plan? I can’t find anything in the documentation that restricts the tunnel to web-traffic only.

Thanks.

2

Cloudflare Tunnel can proxy just about anything, but you’d need cloudflared running at both ends.

3 Likes
3

I need it running on client machines as well? but that doesn’t explain why I can access the nginx server being proxied from a range of devices, all of which can’t access the server locally either.

4

NGINX works because it is an HTTP/S application. That’s the default setting for any :orange: Proxied hostname.

I have SSH set up in Tunnel, but I need to use cloudflared on my desktop to be able to connect to it.

6 Likes
5

ok, interesting, but when you say proxied hostname, are you referring to the toggle in the DNS settings for the domain? because I have the proxy disabled for this DNS record.

6

Even if your DNS record is :grey: DNS Only, a tunnel is a CNAME for what’s essentially proxied traffic to your server. If it’s going through Cloudflare, it’s assumed to be HTTP/S.

7

Oh now I see, so the tunnel itself has the equivalent of the “proxied” toggle permanently turned on,
in that case, would you be able to point me in the right direction for setting up a “client” to connect to the tunnel?

8

Apart from HTTP/S (SSH and VNC are using their browser renderer thing so they don’t count), Cloudflare for Teams will not usually proxy services on a subdomain, unless you have a Cloudflare client on either side.

You can install cloudflared and connect to your tunnel through there, however I find it easier to just do the following instead. You can still technically do this with a bit of mucking around without the WARP client
You can spin up a tunnel, and then access that local network, just like a normal VPN. Setup the tunnel with cloudflared on your server, then use the 1.1.1.1 app to log into Cloudflare for Teams, and connect to your server. Instructions below:

1 Like