通过cf zero trust tunnel访问windows server内网服务
配置
控制台创建tunnel

下载cloudflared
https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-windows-amd64.msi
安装服务
cloudflared.exe service install {token}
这一步会通过Registry Editor安装windows服务,安装后:

稍等一段时间控制台会显示:

保证连通性
确保从server上能够访问:

修改服务参数
定位到注册表HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > cloudflared
, 修改ImagePath
的value:
:: 默认
"C:\Program Files (x86)\cloudflared\cloudflared.exe" tunnel run --token {token}
参数参考tunnel arguments,例:
:: quic协议/info logging/logging to file/10 times retries
"C:\Program Files (x86)\cloudflared\cloudflared.exe" tunnel --protocol quic --logfile "C:\Program Files (x86)\cloudflared\info.log" --loglevel info --retries 10 run --token {token}
或者使用config文件:
:: run with config file
"C:\Program Files (x86)\cloudflared\cloudflared.exe" tunnel --config "C:\Program Files (x86)\cloudflared\config.yml" run
rdp服务
在客户端下载cloudflared
同上
配置public hostname

创建通道
假设rdp端口为默认3389
,在客户端执行:
cloudflared access rdp --hostname rdp.example.com --url rdp://localhost:3389
然后连接localhost:3389
web服务
配置public hostname
可以设置host
header,配合内网反向代理分流:

[参考]
- https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/remote/remote-management/
- https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/ports-and-ips/
- https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/install-and-setup/tunnel-guide/local/local-management/arguments/
- https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/rdp/