Link Search Menu Expand Document

Protect Grafana with cloudflared tunnel

Table of contents

Install cloudflared daemon

wget -q
dpkg -i cloudflared-linux-amd64.deb

Once installed, cloudflared is a binary file under the default path: /usr/local/bin/cloudflared

Permission change

useradd -s /usr/sbin/nologin -r -M cloudflared
chown cloudflared:cloudflared /usr/local/bin/cloudflared
ls -la /usr/local/bin/cloudflared 
chmod +x /usr/local/bin/cloudflared
cloudflared -v 

Login Cloudflare dashboard

cloudflared tunnel login
  • In the browser, open the URL output in the terminal
  • Authorize the zone
  • Upon successful login, a cert.pem will be added to the default path: /root/.cloudflared/cert.pem

Configure cloudflared and run it as service

  1. Create a new tunnel: cloudflared tunnel create grafana
  2. Once tunnel created, there will be 1 uuid.json file under the directory ~/.cloudflared/
  3. Go to cd ~/.cloudflared/
  4. Create config.yml file by running vim config.yml
     tunnel: UUID
     credentials-file: /root/.cloudflared/UUID.json
     logfile: /var/log/cloudflared.log
     loglevel: debug
     transport-loglevel: debug
       - hostname:
         service: http://localhost:3000
       - service: http_status:404
  5. Update DNS for => CNAME =>
  6. Then run the tunnel cloudflared tunnel run grafana
  7. Once all connected, run cloudflared service install
  8. To start the daemon: systemctl start cloudflared
  9. To reload: systemctl daemon-reload
  10. Check status: systemctl status cloudflared

Get started with Clickhouse on Grafana