群晖使用Argo Tunnel对外暴露内网网站

众所周知国内建站需要备案,但一些小众的域名是没法在国内备案的,所以像我这边的域名只能一直使用frp这样的第三方服务来实现内网穿透,前面也有文章说了如何实现frp内网穿透,但frp需要借助一台海外的VPS,每年定期续费也是一笔开销。秉持着能薅羊毛绝不空手的原则,我发现cloudflare提供的Argo Tunnel非常适合我这种需求,而且他也有docker端镜像。

首先需要在本地建立文件夹用于将获取tunnel需要的证书映射出来,执行登录以后会显示一个链接,需要复制到浏览器打开。

sudo mkdir /volume1/homes/admin/Docker/cloudflared/chengyong/
sudo chown 65532:65532 /volume1/homes/admin/Docker/cloudflared/chengyong/
sudo docker run -it --rm --name= cloudflared -v /volume1/homes/admin/Docker/cloudflared/chengyong/:/etc/cloudflared/ -v /volume1/homes/admin/Docker/cloudflared/chengyong/:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2022.2.0 tunnel login

然后执行创建,执行完会显示你创建的tunnelID,此tunnelID与生成的json文件同名,类似于“xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”,其实也就是你域名CNAME里面的子域名最前面的部分。

sudo docker run -it --rm --name= cloudflared -v /volume1/homes/admin/Docker/cloudflared/chengyong/:/etc/cloudflared/ -v /volume1/homes/admin/Docker/cloudflared/chengyong/:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2022.2.0 tunnel create my-tunnel

接着在你创建的文件夹下,创建config.yaml文件,粘贴如下内容,其中xxx的部分就是你之前创建的时候获取到的tunnelID,顺便检查下文件夹下有没有生成cert.pemxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json文件:

credentials-file: /etc/cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json
tunnel: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
ingress:

  - hostname: chengyong.im
    service: http://172.17.0.1:18080
    
    originRequest:
      noTLSVerify: true
  
  - service: http_status:404

上述操作结束后,再创建一个长期运行的容器,即可实现内网穿透。

sudo docker run -d --name=chengyong --restart=always -v /volume1/homes/admin/Docker/cloudflared/chengyong/:/etc/cloudflared/ -v /volume1/homes/admin/Docker/cloudflared/chengyong/:/home/nonroot/.cloudflared/ cloudflare/cloudflared:2022.2.0 tunnel run

至此Argo Tunnel内网穿透搭建完成,还是很简单的。其中可能会出现如下错误,需要注意处理:

ERR Configuration file /home/nonroot/.cloudflared/config.yaml was empty 
Tunnel credentials written to /home/nonroot/.cloudflared/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.
Created tunnel my-tunnel with id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

上述提示不是错误,因为原本就没有json文件,需要借助创建来生成,此时去看目录下已经生成了json文件了。

Failed to add route: code: 1003, reason: An A, AAAA or CNAME record already exists with that host.

上述提示表示你cloudflare的DNS里面已经有了记录,需要先删除原记录才能创建。

标签:内网穿透, cloudflare, 群晖

原创不易,请勿在未经作者同意的情况下,转载到其他平台或者博客

评论区

13 评论
    SamanthaChrome 103Linux
    5天前回复

    I genuinely enjoy examining on this iternet site,
    it hhas excellent blog posts.

    TamaraFirefox Browser 102Linux
    11月24日回复

    Thank you, I've recently been searching for information approximaately
    this subject for a while and yours is thhe best I've
    discovered till now. However, what in regards to the conclusion?
    Arre you certain about the source?

    RichardYandex BrowserWindows 10
    11月6日回复

    Some genuinel interesting information, well written and loosely
    usr pleasant.

    hikvision camera wiring diagramYandex BrowserWindows 10
    11月5日回复

    If some one wants to be updated with lztest technologies therefore hee must be pay a
    quick visit this weeb page and bbe up to date every day.

    BrittanyChrome 103Windows 10
    11月4日回复

    Some truly interesting information, wel written and broadly speaking user pleasant.

    IrvinOpen Browser 89OSX
    11月2日回复

    If you are going for best contents like me, just go too see this website daily since it provides feature contents, thanks

    11月1日回复

    Thank you for the good writeup. It in truth was a leisure
    account it. Glance complicated to far added agreeaable from you!
    However, how could we be in contact?

    DavisChrome 103OSX
    10月28日回复

    Definitely consider that which you said. Your fawvourite justification appeared to be
    at the net thee easiest thing to take into accout of.
    I say to you, I certainly get irked whilst other folks thin about worries that they plainly don't recognize
    about. You managed to hit thhe nail upon the highest as well as outlined
    out the whole thing with no need side effect , peolple could take a signal.
    Will probably be agan to get more. Thanks!

    MonikaYandex BrowserWindows 10
    10月20日回复

    Unquestionably believe that that you said. Your favorite justification seemed to be at the net thee simplest thing to understand of.
    I ssay to you, I definitel geet annoyged whilst people consider
    worries that thney plainly do not recognize about. You managed to hit the
    nail upon the top as smartly as outlined out the entire thing without
    having side-effects , folks can take a signal. Will probably be back
    to get more. Thanks!

    GraceFirefox Browser 102Linux
    10月13日回复

    My brother suggested I mighht like this blog. He was entirfely right.
    This post truly mde my day. You can nott imagine just how much time I had spent for this info!
    Thanks!

    MargaritoChrome 103Linux
    10月11日回复

    My brother suggested I might like this blog. He was totallyy right.
    This post actually made my day. You can not imagine simply how much time I had spent foor
    this info! Thanks!

    Alfonzo MajorChrome 103Windows 10
    10月8日回复

    I do not even know how I ended up here, but I
    thought this post was great. I do not know who you are but
    definitely you are going to a famous blogger if you are not already ;) Cheers!

    https://thedailyschematic.comChrome 103Windows 10
    10月3日回复

    Real instructive and excellent body structure of articles, now
    that's useer genial (:.