Argo Tunnel for individual applications

I am extremely excited by the boring announcement this week A Boring Announcement: Free Tunnels for Everyone saying Argo Tunnel is not charged by bandwidth anymore.

However, I would like to double check that my potential usage is valid within what is being discussed.

Our application runs on a computer and includes a web server so that we can remotely connect for support and low volume API calls. This is an app, and it runs on several machines within a single office. If each of these machines was to run an argo tunnel (probably using named tunnels) so that each machine could potentially have a unique DNS address, that would be totally awesome - but is this potentially “too much” somewhere?

Currently, we have IT techs go into the “offices” and open a port on firewall to one or two master machines, and sometimes a port for all machines. While this works, we would much prefer argo tunnels due to ease and improved security.

From an accounts perspective, each “office” are independent, unrelated to each other, customers of ours. They would generally sign up for Free or Pro accounts.

And, yes, we already have shed loads of security around what we currently do - but with argo tunnels we could potentially get much better

As this is outbound only, could this also be used to host a website using Starlink instead of a classic cable/fibre connection? Starlink cannot currently offer static IP (afaik). Not expecting high reliability, just something functional for low volume use.

First of all, if you’re not pushing terabytes of data in a month, Cloudflare will hardly notice. It sounds like your traffic will be the tiniest fraction of a blip of data in the grand scheme of things.

Is this a single server the other devices connect to? I do have cloudflared on my home computers so I can SSH through Cloudflare Tunnel (new sensible name), and I have Access set up to limit connections. But that’s for SSH.

If your API is an HTTP/S connection, I’m not quite sure if the clients can/need to use cloudflared for those connections. Wouldn’t the standard connection still be ok?

Then you can set up Access to “Bypass” the gatekeeper login for those specific IP addresses.

The bandwidth is near zero, the number of connections/hour would generally be single digits, my concern was more around the number of active open tunnels at once - and that it is available on the free plan.

The environment is a lot like a home, a good analogy, - I have say 5 computers all running an app, that app is fully distributed and so no one computer is a server etc. Within the home VPN, no problems,

The issue is more when an external user wants to connect into those machines - to remotely start a connection we need the firewall open (lets ignore uPnP and hole punching for now), and a static IP etc.
As I see it, cloudflare tunnels avoid these requirements and it simply becomes sb2847374726gdc.example.com to connect. And we simply get a different address for each computer inside each home.

For the application itself, most of the connections are from the home out to well known servers and we dont need/use CF for that. But, for things like the home owner wanting to check status (which is a web page on their cellphone), or a random support engineer, or an external SaaS app, then these connections are external originating.

Another way to think of this is imagine MS-Word had a web server when it was running. At the moment you cannot get to me running word. If Word also started a CF Tunnel, then you could potentially open a connection to my running copy of Word, from outside my house, if you knew the DNS address etc. My 2nd computer also running Word would have its own address. Better, if I take my computer to the cafe and join their WiFi - you can still get in on the same DNS address?
CF Tunnel will let me do that right?

Anyway, your reply has given me confidence, I will register a test domain now and try it all out.

Thanks

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.