by Perplexity

系统级安装验证

1. 安装 cloudflared # 通过 Homebrew 安装(需预先安装 Xcode CLT) 
xcode-select --install
brew install cloudflare/cloudflare/cloudflared
# 验证二进制完整性 
shasum -a 256 $(which cloudflared) | grep 3d9d9a...  # 替换为官方校验码
2. 身份认证 cloudflared tunnel login
  • 执行后浏览器自动打开 Cloudflare 仪表盘
  • 选择目标域名(如 example.com)
  • 认证完成后生成 cert.pem 文件于 ~/.cloudflared/

隧道生命周期管理

1. 创建持久化隧道 
cloudflared tunnel create macmini-tunnel
输出示例: 
Tunnel credentials written to /Users/xxx/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json
Tunnel UUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2. 配置文件架构 
nano ~/.cloudflared/config.yml
完整配置模板: 
tunnel: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
credentials-file: /Users/xxx/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json
ingress:
- hostname: ssh.example.com
service: ssh://localhost:22
originRequest:
connectTimeout: 30s
tlsTimeout: 10s
- hostname: web.example.com
service: http://localhost:8080
originRequest:
httpHostHeader: web.example.com
disableChunkedEncoding: true
- service: http_status:404

DNS 记录优化策略

1. CNAME 记录绑定 
cloudflared tunnel route dns macmini-tunnel ssh.example.com
等效于在 Cloudflare 仪表盘创建:
Type Name Target Proxy
CNAME ssh xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.cfargotunnel.com Proxied
2. 通配符解析 
cloudflared tunnel route dns macmini-tunnel "*.apps.example.com"
实现动态子域名解析,需配合 Ingress 规则: 
ingress:
- hostname: "{{sub}}.apps.example.com"
service: http://localhost:{{sub_port}}

服务守护进程配置

1. 注册系统服务 
sudo cloudflared service install --legacy
服务文件位置: 
/Library/LaunchDaemons/com.cloudflare.cloudflared.plist
2. 日志监控方案 # 实时查看错误日志 
tail -f /Library/Logs/com.cloudflare.cloudflared.err.log
# JSON 格式日志解析 
log show --predicate 'process == "cloudflared"' --info --debug --last 1h

安全增强措施

1. Zero Trust 策略 
cloudflared access policy create \
--name dev-team \
--applications ssh.example.com \
--decision allow \
--include any(emails.split('@')[1] == 'company.com')
2. 双向 mTLS 认证 
ingress:
- hostname: db.example.com
service: postgres://localhost:5432
originRequest:
mTLS:
cert: /path/to/client.crt
key: /path/to/client.key

性能调优参数

1. QUIC 协议优化 
ingress:
- service: ssh://localhost:22
originRequest:
http2Origin: false
http3: true
2. 区域路由选择 
cloudflared tunnel --region hkg run macmini-tunnel
支持的区域代码:hkg (香港)、nrt (东京)、syd (悉尼)

验证与排错

1. 连通性测试 # 检查隧道状态 
cloudflared tunnel info macmini-tunnel
# 模拟请求 
cloudflared tunnel test-http-override ssh.example.com
2. 网络路径追踪 
mtr --tcp --port 7844 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.cfargotunnel.com
关键操作验证点
  1. 执行 cloudflared tunnel list 确认隧道状态为 ACTIVE
  2. 查看系统服务状态:sudo launchctl list | grep cloudflare
  3. 通过 dig +short ssh.example.com 验证 DNS 解析是否指向 .cfargotunnel.com
遇到 ERR_CONNECTION_REFUSED 错误时,检查本地服务是否监听 localhost 而非 127.0.0.1,MacOS 需配置为 0.0.0.0
来源 [1] Cloudflare Tunnel Tutorial — A better alternative to ngrok - LearnAWS https://learnaws.io/blog/cloudflare-tunnel [2] Create a locally-managed tunnel · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/ [3] DNS records - Cloudflare Zero Trust https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/routing-to-tunnel/dns/ [4] Run as a service on macOS - Cloudflare Docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/macos/ [5] Hackers Leveraging Cloudflare Tunnels: Emerging Cyber Threat https://offensoacademy.com/hackers-leveraging-cloudflare-tunnels/ [6] Cloudflare Tunnel for Global Testing Tools | Restackio https://www.restack.io/p/global-website-performance-testing-tools-answer-cloudflare-tunnel [7] Home Assistant Add-on: Cloudflared - GitHub https://github.com/brenner-tobias/addon-cloudflared/blob/main/cloudflared/DOCS.md [8] How to Configure Cloudflare Tunnel on Ubuntu 24.04 - LinuxTuto https://www.linuxtuto.com/how-to-configure-cloudflare-tunnel-on-ubuntu-24-04/ [9] Guide to Configuring Cloudflare Tunnel Reverse Proxy ... - ServBay https://support.servbay.com/advanced-settings/how-to-use-cloudflared [10] How to easily use Cloudflare's secure DNS on your Mac ... - ZDNET https://www.zdnet.com/article/how-to-easily-use-cloudflares-secure-dns-on-your-mac-and-why-it-even-matters/ [11] Install cloudflared on macOS with MacPorts https://ports.macports.org/port/cloudflared/ [12] Install cloudflared to set up secure Cloudflare Tunnels for free https://somnathrakshit.github.io/blog/install_cloudflared/ [13] cloudflared - Homebrew Formulae https://formulae.brew.sh/formula/cloudflared [14] Set up your first tunnel · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/ [15] Cloudflare Tunnel client (formerly Argo Tunnel) - GitHub https://github.com/cloudflare/cloudflared [16] Update cloudflared · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/update-cloudflared/ [17] Can't set up a tunnel on macOS in 2024.2.1 · Issue #1200 - GitHub https://github.com/cloudflare/cloudflared/issues/1200 [18] Use cloudflared to expose a Kubernetes app to the Internet https://developers.cloudflare.com/cloudflare-one/tutorials/many-cfd-one-tunnel/ [19] You Need to Learn This! Cloudflare Tunnel Easy Tutorial - YouTube https://www.youtube.com/watch?v=ZvIdFs3M5ic [20] 'cloudflared tunnel login' does not complete · Issue #1252 - GitHub https://github.com/cloudflare/cloudflared/issues/1252 [21] How to Set Up Cloudflare Tunnels on Ubuntu - Tanner's Tech https://tcude.net/creating-cloudflare-tunnels-on-ubuntu/ [22] Enable automatic cloudflared authentication https://developers.cloudflare.com/cloudflare-one/applications/non-http/cloudflared-authentication/automatic-cloudflared-authentication/ [23] 'cloudflared tunnel login' fails - Stack Overflow https://stackoverflow.com/questions/78519322/cloudflared-tunnel-login-fails [24] Useful commands - Cloudflare Zero Trust https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/tunnel-useful-commands/ [25] CloudflareD tunnel authentication w/ certificate - Reddit https://www.reddit.com/r/CloudFlare/comments/yk76ug/cloudflared_tunnel_authentication_w_certificate/ [26] cloudflare tunnel - how do you login and generate cert without a ... https://www.reddit.com/r/selfhosted/comments/sjlzip/cloudflare_tunnel_how_do_you_login_and_generate/ [27] Client-side cloudflared · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/applications/non-http/cloudflared-authentication/ [28] Support for non interactive authentication · Issue #665 - GitHub https://github.com/cloudflare/cloudflared/issues/665 [29] Can't log into your Cloudflare account to Authenticate cloudflared https://community.cloudflare.com/t/cant-log-into-your-cloudflare-account-to-authenticate-cloudflared/371450 [30] Cloudflare Zero Trust Tunnel Guide: Exposing Self-Hosted Services ... https://www.youtube.com/watch?v=gpWo94XXrhU [31] Create a Free Cloudflare Tunnel - Learn With Omar https://omar2cloud.github.io/cloudflare/cloudflared/cloudflare/ [32] Getting Started With Cloudflare Tunnels - YouTube https://www.youtube.com/watch?v=_OYWOPlWFFY [33] Setting Up Cloudflare Tunnel to Expose Local Sites - Meow Apps https://meowapps.com/cloudflare-tunnel-local-flywheel/ [34] How to Set Up a Persistent Cloudflare Tunnel Without Buying a ... https://www.reddit.com/r/CloudFlare/comments/1czgvpw/how_to_set_up_a_persistent_cloudflare_tunnel/ [35] Cloudflare Tunnel Setup on Linux - GitHub Gist https://gist.github.com/obrassard/ba6a15ef8719c7a7c3e0f4947893c97f [36] Cloudflare Tunnels: Getting Started with Domains, DNS, and Tunnels https://www.youtube.com/watch?v=Q5dG8g4-Sx0 [37] CloudFlare tunnels and domain names : r/selfhosted - Reddit https://www.reddit.com/r/selfhosted/comments/110e45k/cloudflare_tunnels_and_domain_names/ [38] DNS delegation with BIND and Cloudflare - Server Fault https://serverfault.com/questions/1073990/dns-delegation-with-bind-and-cloudflare [39] Tunnels FAQ - Cloudflare Zero Trust https://developers.cloudflare.com/cloudflare-one/faq/cloudflare-tunnels-faq/ [40] Specify DNS resolver host:port when running tunnel #1229 - GitHub https://github.com/cloudflare/cloudflared/issues/1229 [41] How to Setup ‪@cloudflare‬ FAST (DNS, Performance ... - YouTube https://www.youtube.com/watch?v=CiOXICbaBQk [42] Issue with creation of Domain name and setting up the DNS record ... https://community.cloudflare.com/t/issue-with-creation-of-domain-name-and-setting-up-the-dns-record-properly/698101 [43] cloudflared tunnel [^command options] - Fig.io https://fig.io/manual/cloudflared/tunnel [44] Create a Cloudflare Tunnel · Cloudflare Learning Paths https://developers.cloudflare.com/learning-paths/zero-trust-web-access/connect-private-applications/create-tunnel/ [45] Allow DNS system extension and Cloudflare certificate on Mac devices https://support.threatdown.com/hc/en-us/articles/25612056233363-Allow-DNS-system-extension-and-Cloudflare-certificate-on-Mac-devices-Nebula [46] Run as a service · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/ [47] Step by Step set up the cloudflare tunnel - IT Capture https://www.itcapture.com/how-to/step-by-step-set-up-the-cloudflare-tunnel/ [48] Effortless Cloudflared Setup on Ubuntu: Set and Forget | Saputra https://saputra.org/threads/effortless-cloudflared-setup-on-ubuntu-set-and-forget.1503/ [49] cloudflared as a service on windows running with less system ... https://github.com/cloudflare/cloudflare-docs/issues/7881 [50] cloudflared service install broken on macOS · Issue #327 - GitHub https://github.com/cloudflare/cloudflared/issues/327 [51] CentOS 7 systemd cloudflared.service which config.yml · Issue #313 https://github.com/cloudflare/cloudflared/issues/313 [52] How can I start Cloudflare WARP daemon in mac os using ... - Reddit https://www.reddit.com/r/CloudFlare/comments/144bxh3/how_can_i_start_cloudflare_warp_daemon_in_mac_os/ [53] Cloudflared legacy service install fails - Pi-hole Userspace https://discourse.pi-hole.net/t/cloudflared-legacy-service-install-fails/54160 [54] Best practices · Cloudflare Learning Paths https://developers.cloudflare.com/learning-paths/zero-trust-web-access/connect-private-applications/best-practices/ [55] Using Cloudflare Tunnel with PlexGuide - GitHub https://github.com/plexguide/PlexGuide.com/wiki/CloudFlare-Tunnel [56] Configuring Cloudflare Tunnels for Secure Remote Access (Tutorial) https://www.youtube.com/watch?v=y8s_Q_0s9TU [57] Protect your origin server - Cloudflare Fundamentals https://developers.cloudflare.com/fundamentals/security/protect-your-origin-server/ [58] Tunnel with firewall - Cloudflare Zero Trust https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/deploy-tunnels/tunnel-with-firewall/ [59] Securing Private Network Access with Cloudflare Tunnel - Cycle.io https://cycle.io/blog/2025/02/securing-private-network-access-with-cloudflare-tunnel [60] Security and Cloudflare Tunnel Integration Recommendations https://community.enhance.com/d/2313-security-and-cloudflare-tunnel-integration-recommendations [61] Cloudflare Tunnel · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ [62] Secure Cloudflare Tunnels with vLANs and an Internal ... - YouTube https://www.youtube.com/watch?v=1n9lCYCLUYI [63] Restrict Access To Cloudflare Tunnel: What You Should Know https://www.youtube.com/watch?v=cahInL0qg-Q [64] Is it safe enough to expose my services via cloudflare tunnels - Reddit https://www.reddit.com/r/selfhosted/comments/z36bpk/is_it_safe_enough_to_expose_my_services_via/ [65] Is Cloudflare Tunnel safe (privacy focused)? - Nextcloud community https://help.nextcloud.com/t/is-cloudflare-tunnel-safe-privacy-focused/150268 [66] HOWTO: Secure Cloudflare Tunnels remote access https://community.home-assistant.io/t/howto-secure-cloudflare-tunnels-remote-access/570837 [67] How to test cloudflare tunnel speed? https://community.cloudflare.com/t/how-to-test-cloudflare-tunnel-speed/717128 [68] Named tunnels wont accept no-tls-verify · Issue #277 - GitHub https://github.com/cloudflare/cloudflared/issues/277 [69] Tunnel Vision: CloudflareD AbuseD in the WilD - GuidePoint Security https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/ [70] Restrict access to devices behind cloudflare tunnel (WARP or other) https://www.reddit.com/r/CloudFlare/comments/1cj5hn2/restrict_access_to_devices_behind_cloudflare/ [71] Quick Tunnels - Cloudflare Zero Trust https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/trycloudflare/ [72] Questions about settings and security (Clouflare tunnel setup) #6285 https://github.com/Ylianst/MeshCentral/discussions/6285 [73] Configuration file · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/configuration-file/ [74] Cloudflared tunnel for hosting Multiple Domains on a single PC https://stackoverflow.com/questions/75167514/cloudflared-tunnel-for-hosting-multiple-domains-on-a-single-pc [75] Introduction to Cloudflare Tunnels & Cloudflare Access - jonasclaes.be https://jonasclaes.be/introduction-to-cloudflare-tunnels/ [76] One Cloudflare tunnel, multiple services : r/selfhosted - Reddit https://www.reddit.com/r/selfhosted/comments/1brgk4s/one_cloudflare_tunnel_multiple_services/ [77] Cloudflare Tunnel Easy Setup - Crosstalk Solutions https://www.crosstalksolutions.com/cloudflare-tunnel-easy-setup/ [78] How to Use Cloudflare Tunnel to Expose Multiple Local Services https://tech.aufomm.com/how-to-use-cloudflare-tunnel-to-expose-multiple-local-services/ [79] How should I configure cloudflared? · nextcloud all-in-one - GitHub https://github.com/nextcloud/all-in-one/discussions/655 [80] Support for multiple replicas of a service under the same hostname https://github.com/cloudflare/cloudflared/issues/725 [81] Easiest Way to Set Up a Cloudflared Tunnel in Proxmox! - YouTube https://www.youtube.com/watch?v=K7mjfnb22v4 [82] Multiple services with same hostname · Issue #417 - GitHub https://github.com/cloudflare/cloudflared/issues/417 [83] Launch your Mac from a browser with Cloudflare - Sam Rhea https://blog.samrhea.com/posts/2021/zero-trust-mac-browser/ [84] Install Cloudflared on Alpine Linux - GitHub Gist https://gist.github.com/sarkrui/a2998f3a6256a43a5a41dbf5edf5947f [85] Downloads · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/ [86] Mac mini M4 本地部署解鎖版DeepSeek - 雲行九天CloudVoyage https://www.aitwg.com/?p=240 [87] Run as a service on macOS - Cloudflare Docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/as-a-service/macos/ [88] Create a locally-managed tunnel (CLI) · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/ [89] Connect through Cloudflare Access using a CLI https://developers.cloudflare.com/cloudflare-one/tutorials/cli/ [90] Login to Your CloudFlare Account - Knowledgebase - Dimofinf https://www.dimofinf.sa/index.php/knowledgebase/316/Login-to-Your-CloudFlare-Account.html [91] Add Login to a Node.js App with Cloudflare Tunnel Zero Trust (2023 ... https://mydigitalmark.com/add-login-to-nodejs-with-cloudflare-argo-tunnels/ [92] Protect Your WordPress Login pages with Cloudflare Zero Trust https://runcloud.io/blog/wordpress-login-pages-cloudflare-zero-trust [93] Cloudflared tunnel automatic authentication - Stack Overflow https://stackoverflow.com/questions/77443344/cloudflared-tunnel-automatic-authentication [94] Cloudflare tunnels with authentication - Tinkering with Technology https://blog.ceard.tech/2023/04/cloudflare-tunnels-with-auth.html [95] cloudflared tunnel create - Fig.io https://fig.io/manual/cloudflared/tunnel/create [96] Enable Zero-Trust SSH with Cloudflare on Windows, Mac, Linux ... https://runcloud.io/blog/zero-trust-ssh [97] When running `cloudflared tunnel route dns tunnel-name ... - GitHub https://github.com/cloudflare/cloudflared/issues/1295 [98] How to set up DNS records for your domain in a Cloudflare account https://www.namecheap.com/support/knowledgebase/article.aspx/9607/2210/how-to-set-up-dns-records-for-your-domain-in-a-cloudflare-account/ [99] setting up cloudflared tunnel with DNS partial setup - Reddit https://www.reddit.com/r/CloudFlare/comments/1cjibbh/setting_up_cloudflared_tunnel_with_dns_partial/ [100] Run as a service on Windows · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/local-management/as-a-service/windows/ [101] Run as a service · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/as-a-service/ [102] How to do DNS over HTTPS with macOS https://blog.smittytone.net/2022/05/07/how-to-do-dns-over-https-on-macos/ [103] Tunnel with firewall - Cloudflare Zero Trust https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-with-firewall/ [104] Cloudflare: How to Secure Your Origin Server? - Vaadata https://www.vaadata.com/blog/cloudflare-how-to-secure-your-origin-server/ [105] Secure Self-Hosting with Cloudflare Tunnels and Docker: Zero Trust ... https://dev.to/mihailtd/secure-self-hosting-with-cloudflare-tunnels-and-docker-zero-trust-security-5bbn [106] Security approaches for access via Cloudflare tunnels : r/homelab https://www.reddit.com/r/homelab/comments/16dzutj/security_approaches_for_access_via_cloudflare/ [107] Secure Cloudflare Tunnels? : r/selfhosted - Reddit https://www.reddit.com/r/selfhosted/comments/1ainaxc/secure_cloudflare_tunnels/ [108] How i can verify my cloudflared tunnel is routing traffic through it? i ... https://community.cloudflare.com/t/how-i-can-verify-my-cloudflared-tunnel-is-routing-traffic-through-it-i-dont-see-any-entries-in-logs-when-i-hit-my-end-point/427437 [109] Self-Managed Cloudflared Configuration - HackerOne Help Center https://docs.hackerone.com/en/articles/9648357-self-managed-cloudflared-configuration [110] Cloudflare Tunnel - Magic WAN https://developers.cloudflare.com/magic-wan/zero-trust/cloudflare-tunnel/ [111] Cloudflare Tunnels for Global Testing Tools | Restackio https://www.restack.io/p/global-website-performance-testing-tools-answer-cloudflare-tunnels [112] Load balancing - Cloudflare Zero Trust https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/routing-to-tunnel/lb/ [113] Multiple Tunnels, One Cloudflared instance https://community.cloudflare.com/t/multiple-tunnels-one-cloudflared-instance/507149 [114] Tunnel run parameters · Cloudflare Zero Trust docs https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/ [115] Create a tunnel (dashboard) - Cloudflare Zero Trust https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/ [116] One Tunnel for Multiple Servers with Different Services https://community.cloudflare.com/t/one-tunnel-for-multiple-servers-with-different-services/496345