Cloudflare's Argo Tunnel service, accessed through the cloudflared command, allows you to securely expose local services to the internet. This guide will walk you through setting up cloudflared as a system service on Ubuntu, ensuring it runs automatically on boot.
Why Use a System Service?
Running cloudflared as a system service offers several advantages:
- Automatic startup on system boot
- Easy management using systemd commands
- Proper logging and error handling
- Running with specific user permissions (in this case, root)
** Setup Cloudflared **
cd /tmp
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb
apt-get install -f
cloudflared tunnel login
Create the Service File
We'll create a new systemd service file:
sudo nano /etc/systemd/system/cloudflared-access.service
Configure the Service
Add the following content to the file:
[Unit]
Description=Cloudflared Access TCP Service
After=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/cloudflared access tcp --hostname pg17.example.com --url localhost:5432
Restart=always
RestartSec=5
StandardOutput=append:/var/log/cloudflared-access.log
StandardError=append:/var/log/cloudflared-access.log
[Install]
WantedBy=multi-user.target
Save and Exit
In nano, save the file and exit by pressing Ctrl+X, then Y, and finally Enter.
Reload Systemd
To make systemd aware of the new service:
sudo systemctl daemon-reload
Enable the Service
To ensure the service starts on boot:
sudo systemctl enable cloudflared-access.service
Start the Service
To start the service immediately:
sudo systemctl start cloudflared-access.service
Managing the Service
You can check the status of the service at any time:
sudo systemctl status cloudflared-access.service
To view the logs
sudo tail -f /var/log/cloudflared-access.log
By following these steps, you've successfully set up cloudflared to run as a system service on Ubuntu. This ensures that your local PostgreSQL server (or whatever service you're exposing) is always accessible through Cloudflare's secure tunnel, even after system reboots.
Remember to keep your cloudflared binary updated and regularly check the logs for any issues or unexpected behavior.
Top comments (0)