使用 Cloudflare Tunnel 将本地服务端口连接到公网域名
前置要求
购买一个域名:(例如 olivaw.space)
See: https://www.name.com
注册 cloudflare:
安装 cloudflared
Windows
下载安装包:
双击 .msi 文件安装。
Linux (Debian)
curl -L --output cloudflared.deb https://githubfast.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared.deb
配置 tunnel
登录
cloudflared tunnel login
如果出现下面的报错:
2025-09-15T10:35:29Z ERR You have an existing certificate at /home/asimov/.cloudflared/cert.pem which login would overwrite.
If this is intentional, please move or delete that file then run this command again.
这时需要先删除旧的证书:
rm ~/.cloudflared/cert.pem
然后重新运行 cloudflared tunnel login
。
点击命令行的链接,选择列出的域名(olivaw.space),然后点击 Authorize。
若创建成功,输出形如:
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
~/.cloudflared/cert.pem
Sometimes connection would be timeout, you might need to use a proxy that is able to access cloudflare.
创建 tunnel
# cloudflared tunnel create <tunnel-name>
cloudflared tunnel create chat
若创建成功,输出形如:
Tunnel credentials written to /home/asimov/.cloudflared/********-****-****-****-************.json.
cloudflared chose this file based on where your origin certificate was found.
Keep this file secret. To revoke these credentials, delete the tunnel.
Created tunnel bili-search with id ********-****-****-****-************
See: Create tunnel locally (CLI):
You might encounter following issue:
failed to create tunnel: Create Tunnel API call failed: REST request failed: Post "https://api.cloudflare.com/client/v4/accounts/0eaac800b72d47966d3858a5a24965d0/cfd_tunnel": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
列出已有 tunnel
cloudflared tunnel list
删除指定 tunnel
# cloudflared tunnel delete <tunnel-name>
cloudflared tunnel delete chat
将 tunnel route 到 DNS 域名
如果域名不在 cloudflare 上托管,需要先将 DNS 解析地址换成 cloudflare 的。(参考:域名解析 - 在阿里云中添加解析记录)
如果域名在 cloudflare 上托管,直接运行:
# cloudflared tunnel route dns <tunnel_name> <subdomain>
cloudflared tunnel route dns chat chat.olivaw.space
若成功,输出形如:
Added CNAME chat.olivaw.space which will route to this tunnel tunnelID=********-****-****-****-************
如果出现如下报错:
Failed to add route: code: 10000, reason: Authentication error
一般是因为要绑定的是新域名,和现有的证书不一样。
解决方法是删除旧的证书,然后重新登录:
rm ~/.cloudflared/cert.pem
cloudflared tunnel login
如果之前已经绑定过一个同名的 tunnel,可以在 cloudflare 中域名的 Dash 界面,DNS > Records
找到对应的 CNAME 记录,Edit > Delete
。
然后重新运行 cloudflared tunnel route dns <tunnel_name> <subdomain>
。
在 tunnel 中 run 本地服务端口
# cloudflared tunnel run --url http://<localhost>:<port> <tunnel_name>
cloudflared tunnel run --url http://127.0.0.1:13333 chat
访问 https://chat.olivaw.space 即可使用本地服务 http://127.0.0.1:13333.
参考
- 使用Cloudflare Argo Tunnel快速免公网IP建站
cloudflared tunnel --help
- Useful commands · Cloudflare Zero Trust docs