sudo useradd -s /usr/sbin/nologin -r-M cloudflared
# To Create a cloudflared user to run the daemonsudo nano /etc/default/cloudflared
# Proceed to create a configuration file for cloudflared
Run cloudflared on start
Add below to file: /etc/default/cloudflared, This file contains the command-line options that get passed to cloudflared on startup
CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
# Command-line args for cloudflared, using Cloudflare DNS
Update the permissions for the configuration file and cloudflared binary to allow access for the cloudflared user
Run ls -la /usr/local/bin/cloudflared to check the permission
System configuration on cloudflared.service
Create systemd script
sudo nano /etc/systemd/system/cloudflared.service
Add below to this cloudflared.service file, this will control the running of the service and allow it to run on startup:
[Unit]Description=cloudflared DNS over HTTPS proxyAfter=syslog.target network-online.target[Service]Type=simpleUser=cloudflaredEnvironmentFile=/etc/default/cloudflaredExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTSRestart=on-failureRestartSec=10KillMode=process[Install]WantedBy=multi-user.target
Run cloudflared daemon
Enable the systemd service to run on startup, then start the service and check its status:
proxy-dns: true
proxy-dns-port: 5053
proxy-dns-upstream:
- https://1.1.1.1/dns-query
- https://1.0.0.1/dns-query
# Uncomment following if you want to also want to use IPv6 for external DOH lookups
#- https://[2606:4700:4700::1111]/dns-query
#- https://[2606:4700:4700::1001]/dns-query
Reload systemctl daemon-reload
Install cloudflared.service
sudo cloudflared service install
sudo systemctl start cloudflared
sudo systemctl status cloudflared