I’m trying to connect my domain to my server using Cloudflare’s Cloudflare Tunnel this way I can connect different services to subdomains without exposing my Private IP and opening ports on my router. I can also secure my services through a login.
That being said I’m running into some problems. But before I get into those here’s what I have so far.
I created a jail called Cloudflared. I used a jail so I can isolate my server’s connection to Cloudflare, and if I need to I can stop all together to close my connection to Cloudflare. I’ve also been playing around in the shell and I don’t want to cause problems for the rest of my server.
So, in this jail I was able to install cloudflared using this port: [https://www.freshports.org/net/cloudflared]. (I found this guide really helpful when it comes to installing ports on FreeBSD: [How To Install and Manage Ports on FreeBSD 10.1 | DigitalOcean]) It took me a while of playing but I was able to learn how to connect my Cloudflare account, create a tunnel and config file, and run the tunnel to connect to Cloudflare. Then, I went to Cloudflare’s Zero Trust dashboard and setup applications for each of my services. Cloudflare has some really great guides for how to use cloudflared. This brings me to problem number 1.
PROBLEM #1 : Right now, the only way I can open the tunnel is by opening the shell and typing in “cloudflared tunnel run [tunnel name}”. And when I close the tab or it refreshes on its own the cloudflared connection goes offline. So, how do I program the jail to maybe run this command at startup and in the background? They have guides for how to install cloudflared as a service but there only for Linux, Mac, and Windows. [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/as-a-service/]
But, if I run the code manually I am able to access some of the services I have setup, especially the HTTP websites like my simple Apache web server. However, there are a few that are giving me some trouble.
PROBLEM #2: WebDAV : I would like enable the WebDAV service so I can access my files through a browser or an iOS app like Documents [Documents－File Reader. Browser on the App Store] while I’m on the go or be able to map/mount the drive from anywhere on my laptop. I see it is possible [WebDAV support · Issue #69 · cloudflare/cloudflared · GitHub]. I have the code added to the config file as follows:
` #WebDAV Server
- hostname: webdav.[domain].com
service: https://[local IP]:[local port]`
But, when I run the tunnel I get the following error:
ERR error="Unable to reach the origin service. The service my be down or it may not be responding to traffic from cloudflared: x509: cannot validate certificate for [local IP] because it doesn't contain any IP SANs.
PROBLEM #3: SSH: I want to use SSH particularly to setup and off site backup securely. The problem here, I cannot connect to the SSL through my domain name but it does work locally. I have SSL browser rendering enabled in Cloudflare’s Zero Trust dashboard but it takes me to a “Unable to connect to origin. Please confirm that the tunnel is set up correctly and the origin is healthy.” error message and connecting via Terminal on macOS times out even after editing the SSH config file. [https://developers.cloudflare.com/cloudflare-one/tutorials/ssh/]
Another part of this issue, is it possible to create a TrueNAS SSH Secure Connection using terminal because Cloudflare requires you to authenticate the connection using their portal.
Problem #4: Minecraft Server: I also want to share my Minecraft server (hosted in a jail with MineOS) through my domain as well. This one I’m really stumped on without a guide to follow. As a simple guess I added Minecraft as a services to the config file and pointed it to the correct port.
- hostname: minecraft.ralphshepherd.com
But like the SSH, cloudflared gives me another error message:
ERR error="Unable to reach the origin service. The service my be down or it may not be responding to traffic from cloudflared: EOF.
Lastly, I know that I can use Cloudflare’s Warp which could be easier since I don’t have to authenticate into each service one at a time. But, I also haven’t been able to find a good guide on how to configure that. And, I would still have to figure out how to connect to the tunnel in the background of the jail without having to type the run command manually.
Any answers to any of these questions, or if you have any other ideas on how to connect my TrueNAS server and it’s services to my domain simply and securely that would be greatly appreciated.