Cloudflare Docs
Cloudflare-One
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Deploy cloudflared in Azure

The purpose of this guide is to walk through some best practices for accessing private resources on AWS by deploying Cloudflare’s lightweight connector, cloudflared.

We will walk through how to initialize a service on a Linux VM in Azure, and route to it from another VM running cloudflared. This deployment guide does not take into account routing beyond basic security groups and default VPCs.

Prerequisites

Create your environment

Make sure you sign up for Azure and create a new subscription.

  1. First, create your first resource group.

    Azure group

  2. In addition, create your first keypair as well. You will be using the keypair to SSH into your Virtual Machine.

    Azure keypair

  3. Next, define your inbound and outbound ports to the VM. If these ports are not configured properly, the solution will not function as intended. For testing purposes, we will leave access open.

    Azure keypair

Create two Ubuntu 20.04 LTS VMs, and make sure you record their internal IP addresses. Azure by default uses the 10.0.0.0/8 subnet.

Deploy cloudflared

  1. SSH into your AWS instance using the command line.

    cd Downloads
    
    ssh -i <private key path> azureuser@20.115.124.241
    
  2. Run sudo su to gain full admin rights to the Virtual Machine.

  3. Install cloudflared on your instance. In this example, we are running a Debian-based instance, so download the Debian build of cloudflared:

    wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
    
    dpkg -i cloudflared-linux-amd64.deb
    
  4. Run the following command to authenticate cloudflared with your Cloudflare account. The command will launch a browser window where you will be prompted to log in with your Cloudflare account and pick any zone you have added to Cloudflare.

    $ cloudflared tunnel login
    
  5. Create a tunnel.

    $ cloudflared tunnel create Azure-01
    

Complete tunnel configuration

  1. Make a directory for your configuration file.

    mkdir /etc/cloudflared
    
    cd /etc/cloudflared
    
  2. Build a configuration file. Before moving forward and entering vim, copy your Tunnel ID and credentials path to a notepad.

    vim config.yml
    
  3. Type i to begin editing the file and copy-paste the following settings in it.

    tunnel: <Tunnel ID/name>
    credentials-file: /root/.cloudflared/<Tunnel ID>.json
    protocol: quic
    warp-routing:
       enabled: true
    logfile: /var/log/cloudflared.log
    #cloudflared to the origin debug
    loglevel: debug
    #cloudflared to cloudflare debug
    transport-loglevel: info
    
  4. Press space and then type :x to save and exit.

  5. Run cloudflared as a service.

cloudflared service install
systemctl start cloudflared
systemctl status cloudflared

Next, visit the Zero Trust dashboard and ensure your new tunnel shows as active. Optionally, begin creating Zero Trust policies to secure your private resources.