![]() ![]() If we have setup any authentication you will be redirected to a browser to authenticate (here we could use an Azure AD application with all the bells and whistles), and then finally you must authenticate to the VM using a username and password as usual. This is to avoid any port clashes, and also an important point: We are setting up an RDP listener on our local machine, next we can connect to localhost:3399 using the rdp client (mstsc). Notice that I am using port 3399 (use any port you like). \cloudflared.exe access rdp -hostname -url rdp://localhost:3399 ![]() The final step is to download the Cloudflare executable which will act as a broker between the public endpoint and trusty old mstsc (Remote Desktop Connection). but maybe something similar can be achieved using a Cloudflare load balancer (a service with no free plan). vm01 would go to vm01, /vm02 to vm02 etc. It would be nice if we could use the same hostname but route to the backend service based on a path, ex. Sadly there is a 1:1 between the public hostname, ex. Once the tunnel is up and running you can add a "public hostname" in the tunnel. To me that was advantageous as I never liked using GoDaddy to manage DNS entries in my personal domain. I should mention a caveat Cloudflare must manage the (root) domain you will be using for this. The documentation is excellent and linked to when needed, so should be easy getting started there. The you get from the Cloudflare dashboard when creating a new tunnel. The exact command to get this working took a bit of time to figure out, so to save everyone's time: az container create -g -n -image cloudflare/cloudflared:latest -command-line "cloudflared tunnel -no-autoupdate run -token " -restart-policy Never -vnet -subnet They do have a Docker image available, so we can run that on the smallest possible Azure Container Instance. Given that one of the enticing aspects of Cloudflare is the free plans, we want to run the Cloudflare "agent" as cheaply as possible. it can act as an Azure Bastion Host.īut first things first. Afterwards there are rich ways of determining who (authorization) is allowed to access the exposed application.īesides the mentioned use-case, which we can also do with various Azure services, something else came to my attention the Cloudflare tunnel can reverse proxy remote connections (RDP and SSH), ie. Conditional Access and enforce strong authentication, compliant devices, etc.Īnd that is just the authentication part. There are tons of ways of controlling access from the default "temporary code sent to email" to an Azure AD application where we can use ex. ![]() It is convenient that I can access them from anywhere in the world over https and I must (optional) authenticate using my Google account (just one of many authentication options). My personal use-case is exposing some of the websites I run on my home network. I'm a big fan of Cloudflare and they do have some amazing open-source and free products.īing AI tells us that " Cloudflare tunnels are outbound connections that allow you to securely expose your resources to the internet without a public IP address or port forwarding." I recently discovered Cloudflare tunnels, which I know is nothing new. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |