Protect Grafana with cloudflared tunnel
Table of contents
Install cloudflared
daemon
wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
dpkg -i cloudflared-linux-amd64.deb
Once installed, cloudflared
is a binary file under the default path: /usr/local/bin/cloudflared
Permission change
useradd -s /usr/sbin/nologin -r -M cloudflared
chown cloudflared:cloudflared /usr/local/bin/cloudflared
ls -la /usr/local/bin/cloudflared
chmod +x /usr/local/bin/cloudflared
cloudflared -v
Login Cloudflare dashboard
cloudflared tunnel login
- In the browser, open the URL output in the terminal
- Authorize the zone
- Upon successful login, a
cert.pem
will be added to the default path:/root/.cloudflared/cert.pem
Configure cloudflared
and run it as service
- Create a new tunnel:
cloudflared tunnel create grafana
- Once tunnel created, there will be 1
uuid.json
file under the directory~/.cloudflared/
- Go to
cd ~/.cloudflared/
- Create
config.yml
file by runningvim config.yml
tunnel: UUID credentials-file: /root/.cloudflared/UUID.json logfile: /var/log/cloudflared.log loglevel: debug transport-loglevel: debug ingress: - hostname: grafana.example.com service: http://localhost:3000 - service: http_status:404
- Update DNS for
grafana.example.com
=> CNAME =>UUID.cfargotunnel.com
- Then run the tunnel
cloudflared tunnel run grafana
- Once all connected, run
cloudflared service install
- To start the daemon:
systemctl start cloudflared
- To reload:
systemctl daemon-reload
- Check status:
systemctl status cloudflared