Cloudflared Tunnel - Routing Traffic - SFTP

Good Afternoon Folks,

I hope you’re all well

I have recently been having a little play around with Cloudflare Tunnels via the Zero Cloud application, this is to host an HTTPS Panel and an API on a different VM hosting a Dameon. I have managed to get it all working without any issues after some issues with CORS, however, I have come across one issue which I just can’t wrap my head around.

So to list what I currently have going via the tunnel:

  • A VM running on an internal IP - 192.168.XXX.XXX - The tunnel has a DNS record for the hostname - panel.mydomain.com - which points to the internal IP

  • A VM running on an internal IP - 192.168.XXX.XXX - The tunnel has a DNS record for the hostname - dameon.mydomain.com - which points to the internal IP with an included port of 8443

Now this works well (For something I’ve done), now sadly the Deamon requires SFTP to communicate files between, which I figured would be easy to set up, apart from I have no ability to change the SFTP address, which ends up being “sftp://dameon.mydomain.com:22”, now I have had a good think and quite a lot of messing around but I can’t figure out
how to correctly route the SFTP traffic down the tunnel.

Now I am aware that Cloudflare only proxies HTTPS and HTTP and with it going down a Tunnel it auto proxies the traffic anyway, but thought a lot of reading I am finding some are managing to set it up and others are not, so I thought It is best to check to see if this is possible, or if I am going to be wasting my time looking into this.

The other option I have was to redirect my traffic for SFTP using an A record to the server directly and then processing it there, but, as it uses the same FQDN as the Dameon I have found it a little difficult to wrap my head around how this could be setup. I am a good 75% sure it can’t be done, but I have a small slither of hope it can!

So just to recap what I am trying to do, have a service running on the DNS record “dameon.mydomain.com” while also using this for SFTP as well via a different port “:22”, in this example, either through the Cloudflared Tunnel or re-routing the traffic to a separate IP.

If anyone has some advice or a solution to try and am happy to take it all on and have a look.

Cheers,
Joe