Argo tunnel mysql

m trying to do Argo Tunnel to mysql server:

cloudflared tunnel --url tcp://localhost:3306 --hostname sql.domain.com

and try to connect

mysql -h sql.domain.com -uroot -p13 -P 80
mysql -h sql.domain.com-uroot -p13 -P 443
mysql -h sql.domain.com -uroot -p13 -P 3306

nothing works.

getting:
ERROR 2013 (HY000): Lost connection to MySQL server at ‘reading initial communication packet’, system error: 2

any help pls?

I’m pretty sure you can’t connect through an existing tunnel with just a mysql command. You need to connect through cloudflared at the client end as well. I just don’t know how to cobble the two together.

2 Likes

but with http you can do that.

You most certainly can.

https://developers.cloudflare.com/cloudflare-one/tutorials/smb#connect-a-local-machine-to-access-the-file-share

See the example on how to run the command from the client. Particularly, read the following instructions:

  1. Make sure cloudflared is installed on the client desktop that will connect to the drive. cloudflared will need to be installed on each user device that will connect.
  2. Run the following command to create a connection from the device to Cloudflare. Any available port can be specified.
cloudflared.exe access tcp --hostname smb.site.com --url localhost:8445

Change the hostname to your SQL hostname, and you can specify any local port to use under the --url parameter.

2 Likes

doing tunnel for http is ok. no need client configuration.

so now if I want to do tunnel to mysql server, I have to install 10K Cloudflared clients?

looks bad solution…

Why are you trying to tunnel 10,000 SQL connections through Cloudflare? What are you doing right now for your SQL connections?

for now I give me server ip. and I’m getting huge attacks.

this why argo tunnel was good solution for me.
so I can whitelist my connections.

You’d still be using the same hostname and still get the same amount of attacks.

And you’ll still have to Allowlist the same 10,000 IP addresses.

yes.
but I know my clients only come from USA for examples.

so I can block all other the countries using Cloudflare Firewall.

If your business has 10,000 IP addresses connecting to a critical system, perhaps you should look into an Enterprise Plan with Spectrum. Then you can just proxy that connection and use Firewall Rules.

for now I have max 100 connections.

will be 10k+

I need to use Argo Tunnel

It would appear that’s not an option. Maybe @SamRhea has some ideas.

cc @abe who can help out on this one

1 Like

Alternatively, you can use a single instance of cloudflared to route traffic to many services using ingress rules. You can also use the Cloudflare for Teams free plan to securely access these services for up to 50 users with Zero Trust policies through Cloudflare Access. This should alleviate some of the burden of maintaining your whitelisted connections which may be dynamic or grow over time.

1 Like

I just want to the argo tunnel to my mysql
Server

Thanks, Abe.

The catch is that they want many external servers to connect to their MySQL server.

One cloudflared on the server (that’s the easy part).

But how to get hundreds or thousands of external servers to be able to connect through Cloudflare Tunnel? Will each one also need to run cloudflared?

yes.
like simple doing normal argo tunnel to http port.

no need for client on each machine.

for now I’m doing connecting to the mysql server via SERVER IP
I want to do it VIA DNS (HOSTNAME),
so I can take advantage the CloudFlare Tunnel. and use the firewall.