So far,Very few operators are willing to give you public IP for free anymore.。 CGNAT It has long been the norm,Of course, on the bright side,At least it hides your real IP,Protect your home router/NAS from direct hacker attacks to a certain extent。
But if I want to make some services on the NAS public for easy use when I go out,It became a headache。The easiest way is probably to pay for a static IP from your carrier,However, some operators only provide dynamic public IPs.,Still need to use DDNS。Tunneling with Cloudflare might be another decent option。
note,Based on my own experience and online observations,The speed used in China is not very ideal.,But it’s not to the point where it’s unusable,It may depend on your local network status.。You have to try to know
Briefly introduce
There are already many introductions to Cloudflare’s tunnels online.,To put it simply, it will run a cloudflared process/service,This client will communicate and bind to the Cloudflare server,Then after you set up the parsing in Cloudflare,All requests to access this domain name,It will be automatically forwarded to your home intranet through this client...it's that simple!
Some configuration points
I won’t go into details about the specific configuration here.,There are many tutorials available online,Just a little bit outdated。
- Cloudflare Configuration entry,tunnel no longer shows up in the access category,But in the network category next to it;
- cloudflared Configurations can now be generated with one click,Whether it is used directly on each platform or started by docker,No more editing complex files
- When configuring parsing, select https first,Check Ignore tls certificate verification in advanced settings,Then switch to http,(I believe no one uses https public certificates on the intranet, right?)
- The default communication protocol is quic,But it is said that switching to http2 in China will greatly reduce the packet loss rate.,A try。
fireflyiii + pico step on pit
I mainly use it to run my own daily accounting system.,Encountered a strange bug here,The client pico cannot pass the token to firefly iii for verification anyway.,Obviously, using these two alone can already be accessed through the public network.。Finally, I canceled the domain name resolution of firefly iii,Let pico successfully authenticate through the local 192.168.xxx address。But strangely, it won’t work if you directly use the docker intranet address.,Although I have set them up in docker compose to use the same intranet。
Original article written by LogStudio:R0uter's Blog » No public IP required, use Cloudflare Tunnel for intranet penetration
Reproduced Please keep the source and description link:https://www.logcg.com/archives/3917.html