Protect a subdomain with CF Access / Argo Tunnel

We setup some remote servers and like to avoid exposing the public IP address. By default we get some sub domain assigned (something like but no root domain.
Is there some way to make traffic to these servers go through Cloudflare first? Basically we need RDP and SSH access and are looking for the equivalent of Google’s IAP or Azure’s Bastion where the connection is tunneled through their network without exposing the public IP. Argo Tunnel requires a root domain. Is there some way around this or maybe some other Cloudflare tool we could use?

If you’re trying to tunnel SSH and RDP, I don’t think Argo Tunnel is going to do it. It’s for tunneling Web Servers.

Excluding that, if you mean Root Domain, like your domain on Cloudflare…then, yes. Your domain has to be on Cloudflare with Cloudflare DNS unless you have a Partner setup, in which case Argo Tunnel probably isn’t an option.

For RDP:

SSH is also supposed to work:

For GCE and Azure it works without root domain. Though I’m not sure how it exactly works under the hood. Would be nice when CF could enable access by IP. Is there any technical reason a root domain is required for this feature?

1 Like

Not entirely sure what this means. Yes, you need to own a domain to proxy traffic through a host using a DNS record that you control. You can cname to rnadomstuff… on a zone you sign up for Cloudflare.

Does that make sense?

Maybe …
Sorry, new to Cloudflare :slight_smile:
So this means we need to buy some domain name which we then can use with Cloudflare + our servers domain name to put our stuff behind Argo Tunnel?