Cloudflared Tunneling

Cloudflared Tunneling

 You want to expose your laptop’s localhost (like a web app running on http://127.0.0.1:3000 or http://localhost:8000) to the internet using Cloudflare, right?

The easiest and most secure way is using Cloudflare Tunnel (Cloudflared).


🔹 Steps to expose localhost with Cloudflare

  1. Install Cloudflared

    • On Linux/macOS:

      curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o cloudflared.deb sudo dpkg -i cloudflared.deb
    • On Windows:
      Download from Cloudflared GitHub releases and install.

  2. Login to Cloudflare

    cloudflared tunnel login

    This opens a browser, asks you to log in to your Cloudflare account, and select a domain you own.

  3. Create a Tunnel

    cloudflared tunnel create my-tunnel cloudflared tunnel --url http://localhost:8000 cloudflared tunnel --url https://localhost:10000/ --no-tls-verify
  4. Configure Tunnel to expose localhost
  5. Example: expose http://localhost:8000
    Create a config file:

    tunnel: my-tunnel credentials-file: /home/user/.cloudflared/my-tunnel.json ingress: - hostname: app.yourdomain.com service: http://localhost:8000 - service: http_status:404
  6. Route traffic
    Point your Cloudflare DNS hostname (app.yourdomain.com) to the tunnel:

    cloudflared tunnel route dns my-tunnel app.yourdomain.com
  7. Run the Tunnel

    cloudflared tunnel run my-tunnel

Now your localhost app is available on the internet at
👉 https://app.yourdomain.com


🔹 If you don’t own a domain

Cloudflare Tunnel can still give you a random .trycloudflare.com URL:

cloudflared tunnel --url http://localhost:8000

It will output something like:

https://random-subdomain.trycloudflare.com

Share that link and people can access your local app.


If you start with the random .trycloudflare.com URL now, you can later switch to your own domain without problems.

Here’s how it works:

  • Random mode (cloudflared tunnel --url http://localhost:8000)

    • No domain required.

    • You instantly get a temporary link like https://xyz123.trycloudflare.com.

    • Great for testing or quick sharing.

    • The link changes every time you restart.

  • Domain mode (with your Cloudflare-managed domain)

    • Permanent link like https://app.yourdomain.com.

    • Requires creating a named tunnel + DNS record.

    • You can later “upgrade” your setup by creating a tunnel and pointing it to your domain, without changing your app.

Suppose you want:

  • main.sumanadhikary.com.np → your local website on port 80

  • blog.sumanadhikary.com.np → your local app on port 8080

  • test.sumanadhikary.com.np → your local service on port 10000


🔹 Config file (~/.cloudflared/config.yml)

tunnel: my-tunnel credentials-file: /home/your-username/.cloudflared/my-tunnel.json ingress: - hostname: main.sumanadhikary.com.np service: http://localhost:80 - hostname: blog.sumanadhikary.com.np service: http://localhost:8080 - hostname: test.sumanadhikary.com.np service: http://localhost:10000 - service: http_status:404

🔹 Steps

  1. Login once (to get cert.pem):

    cloudflared tunnel login
  2. Create a tunnel:

    cloudflared tunnel create my-tunnel
  3. Add DNS records (in Cloudflare dashboard or via command):

    cloudflared tunnel route dns my-tunnel main.sumanadhikary.com.np cloudflared tunnel route dns my-tunnel blog.sumanadhikary.com.np cloudflared tunnel route dns my-tunnel test.sumanadhikary.com.np

    (This automatically creates CNAME records pointing to your tunnel.)

  4. Run the tunnel:

    cloudflared tunnel run my-tunnel

✅ Now:

  • https://main.sumanadhikary.com.nplocalhost:80

  • https://blog.sumanadhikary.com.nplocalhost:8080

  • https://test.sumanadhikary.com.nplocalhost:10000

 the software just uses the IP 192.168.19.15, and you don’t know which port it’s running on. That’s common with proprietary intranet apps. No problem — here’s how you can find it:


Step 1: Check if it’s a browser-based app

  • On your office laptop, open a browser and type:

    http://192.168.19.15

    or

    https://192.168.19.15
  • If it loads, the port is default:

    • http → port 80

    • https → port 443


Step 2: Scan the server for open ports

If it doesn’t load in a browser:

Option A: On office laptop (Windows)

  1. Open CMD as Administrator

  2. Run:

netstat -a -n | findstr 192.168.19.15
  • This lists all ports the software/server is listening on.

  • Look for LISTENING entries on that IP.

Option B: On office laptop (Linux)

sudo netstat -tulpn | grep 192.168.19.15
  • Shows which ports are active and which program uses them.


Step 3: Test the port

Once you find a port (e.g., 5000):

cloudflared tunnel --url http://192.168.19.15:5000
  • Cloudflare will give you a public URL.

  • Open that URL from home to access the intranet software fast, no AnyDesk lag.

For windows

Here’s a step-by-step guide to install and use it:


🔹 1. Download Cloudflared for Windows

  1. Go to the official release page: Cloudflared GitHub Releases.

  2. Download the latest cloudflared-windows-amd64.exe (if your system is 64-bit).

  3. Rename it to cloudflared.exe for convenience.

  4. Move it to a folder like:

    • C:\Program Files\cloudflared\

    • or add it directly into a folder already in your PATH (like C:\Windows\System32).


🔹 2. Add to PATH (optional but recommended)

  1. Press Win + R → type sysdm.cpl → Enter.

  2. Go to AdvancedEnvironment Variables.

  3. Under System variables, find Path → Edit → Add new entry:

    C:\Program Files\cloudflared\
  4. Click OK → OK.

Now you can run cloudflared from any terminal (PowerShell or Command Prompt).


🔹 3. Basic Commands

  • Check installation:

    cloudflared --version
  • Run a tunnel to a local web server (example on port 80):

    cloudflared tunnel --url http://localhost:80

    → This gives you a temporary Cloudflare URL to access your local server.

  • Login to Cloudflare (for persistent tunnels):

    cloudflared tunnel login

    → This opens your browser to authenticate with your Cloudflare account.

  • Create a named tunnel:

    cloudflared tunnel create my-tunnel
  • Route a domain (requires Cloudflare-managed domain):

    cloudflared tunnel route dns my-tunnel sub.example.com
  • Run tunnel (persistent):

    cloudflared tunnel run my-tunnel

🔹 4. Run as a Service (Windows)

To make the tunnel always run in background:

cloudflared service install

This installs it as a Windows Service.

if you already own your domain (and it’s managed through Cloudflare DNS), then you can make cloudflared serve your site securely under your own domain instead of the temporary trycloudflare.com links.

Here’s how you’d do it:


🔹 1. Prerequisites

  • Your domain must be added to Cloudflare (via their dashboard).

  • DNS must be managed by Cloudflare (nameservers pointing to Cloudflare).

  • cloudflared installed on Windows (as I showed earlier).


🔹 2. Authenticate cloudflared

Run:

cloudflared tunnel login
  • A browser window will open → login with your Cloudflare account.

  • Select the domain you want to use.

  • A certificate will be downloaded to C:\Users\<You>\.cloudflared\.


🔹 3. Create a Tunnel

cloudflared tunnel create my-tunnel
  • This creates a new tunnel ID.

  • Config file and credentials will be stored under
    C:\Users\<You>\.cloudflared\.


🔹 4. Configure Tunnel (config.yml)

Make a file at:

C:\Users\<You>\.cloudflared\config.yml

Example:

tunnel: my-tunnel credentials-file: C:\Users\<You>\.cloudflared\my-tunnel.json ingress: - hostname: app.yourdomain.com service: http://localhost:8080 - service: http_status:404

👉 Replace:

  • app.yourdomain.com with your real subdomain.

  • http://localhost:8080 with whatever service/port you’re running.


🔹 5. Connect Domain to Tunnel

Run:

cloudflared tunnel route dns my-tunnel app.yourdomain.com
  • This automatically creates a CNAME record in Cloudflare DNS that points to the tunnel.


🔹 6. Run the Tunnel

Now start the tunnel:

cloudflared tunnel run my-tunnel

or install it as a service:

cloudflared service install

Install Apache2 for Linux Server

Install Apache2 for Linux Server
TO install LAMP stack (Linux, Apache2, MySQL, PHP) and phpMyAdmin on your Linux system using a Text User Interface (TUI) tool called tasksel. tasksel is a Debian-based tool (used in Ubuntu and other Debian-based distributions) that allows you to install predefined groups of packages like LAMP with just a few simple commands.

Here’s how you can do it using tasksel for the full LAMP stack setup:
Steps to Install LAMP Stack Using tasksel:
1. Update Package List

First, update your package list to ensure you have the latest packages:

sudo apt update

2. Install tasksel

Install tasksel if it’s not already installed:

sudo apt install tasksel

3. Install LAMP Stack Using tasksel

To install the LAMP stack, simply use tasksel:

sudo tasksel install lamp-server

This command will install:

  •     Apache2 (web server)
  •     MySQL (database server)
  •     PHP (for dynamic content)
  •     Additional PHP modules needed to integrate with Apache and MySQL

After the installation, Apache2, MySQL, and PHP will be installed and configured.
4. Install phpMyAdmin Using tasksel

If you also want to install phpMyAdmin, you can use tasksel for that as well:

sudo tasksel install phpmyadmin

This command installs phpMyAdmin, which is a web-based interface to manage MySQL databases.
5. Check the Installation

Once the installation is complete, you can check if everything is set up:

    Apache: Open your web browser and visit http://localhost/. You should see the Apache2 default page.

    phpMyAdmin: Visit http://localhost/phpmyadmin/ in your browser. If everything is set up, you should see the phpMyAdmin login page. Log in with the MySQL root user or any other MySQL user you created during installation.

6. Restart Apache2

In case Apache2 or other services are not running automatically, you can restart Apache2 and MySQL manually:

sudo systemctl restart apache2
sudo systemctl restart mysql

7. Configure Firewall (Optional)

If you have a firewall enabled, allow HTTP and HTTPS traffic:

sudo ufw allow in "Apache Full"

8. Clean Up (Optional)

After confirming everything works, remove any unnecessary files or temporary configurations. For example, remove info.php file (if you created it to test PHP):

sudo rm /var/www/html/info.php
 
10. Now install mysql
To install all mysql file you need to write where * install all required files.
 
sudo apt install libapache2-mod-php php-mysql php-cli php-common php-json php-zip php-gd php-mbstring php-xml php-curl
 
sudo apt install mysql*
 
Now you have mysql installed on your computer and you can login it with your root password and for phpmyadmin you need to create a username and set password so for this operation you need to put following command.
 
sudo mysql -u root -p
 
SET GLOBAL validate_password.policy=0;
 
SET GLOBAL validate_password.length=6;
 
CREATE USER 'ksumanadhikari'@'localhost' IDENTIFIED BY 'welcome';
 
GRANT ALL PRIVILEGES ON *.* TO 'ksumanadhikari'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;


Activate Window

PowerShell is a powerful scripting language and command-line shell developed by Microsoft. One of its most fascinating capabilities is its ability to execute commands and scripts from remote URLs. A frequently used shorthand for downloading and executing a script in PowerShell is:

 $    irm https://get.activated.win | iex

Understanding the Command

  1. irm
    irm is short for Invoke-RestMethod, a cmdlet in PowerShell used to send HTTP or HTTPS requests to a web server and process the response. In this context, it fetches the script or data hosted at the provided URL (https://get.activated.win).

  2. https://get.activated.win
    This URL points to the location of the script or resource to be downloaded. When you run the command, PowerShell fetches the content hosted here.

  3. | iex
    The | symbol is a pipeline operator in PowerShell. It takes the output from the irm command and passes it to iex.
    iex stands for Invoke-Expression, which evaluates or runs the code it receives as input.

    In this case, the script fetched from https://get.activated.win is executed immediately by PowerShell.


Purpose of the Command

This command is commonly used for:

  • Bootstrap Installers: Installing tools or software by fetching and executing an installer script directly from a URL.
  • Custom Scripts: Running automation scripts hosted online.
  • Quick Deployments: Setting up configurations or environments on remote machines with minimal input.

Security Implications

While the command is extremely convenient, it also comes with significant security risks. Downloading and executing code directly from the internet without verifying its contents can lead to:

  • Malware Infections: Malicious actors may host harmful scripts under seemingly legitimate URLs.
  • Unauthorized Access: Scripts could install backdoors or steal sensitive information.
  • System Compromise: A poorly written script might unintentionally break critical system components.

How to Use the Command Safely

  1. Verify the Source
    Ensure that the URL (https://get.activated.win in this case) is legitimate and comes from a trusted source.

  2. Inspect the Script
    Instead of executing the command directly, download the script first and inspect its contents. You can do this by running:

    irm https://get.activated.win > script.ps1
    notepad script.ps1
  3. Run with Limited Permissions
    Execute scripts in a controlled environment, such as a virtual machine or a sandbox, to mitigate risks.

  4. Avoid as a Habit
    Use this approach sparingly. Prefer fetching scripts, inspecting them, and executing only those you trust.


Conclusion

The $irm https://get.activated.win | iex command showcases the power of PowerShell to interact with web resources seamlessly. However, this convenience demands responsibility. Always be cautious about where your scripts come from and what they do. By following best practices, you can leverage this command safely and efficiently.

Do you often use this command or similar ones? Share your experiences or tips in the comments below!

Architecture identifiers

While Choosing the distro you need to select some architecture then. You need to know about it. These are architecture identifiers that specify the type of CPU architecture and instruction set used by a system. Each corresponds to a different hardware or processor family. Here's a brief explanation of each:

1. amd64

  • Architecture: 64-bit x86
  • Description: Designed for 64-bit processors, initially developed by AMD, but also used by Intel.
  • Usage: Most modern PCs and servers.

2. arm64

  • Architecture: 64-bit ARM
  • Description: Refers to 64-bit ARM processors (also known as AArch64).
  • Usage: Modern ARM-based devices like smartphones, tablets, and some servers (e.g., Apple M1/M2 chips).

3. armel

  • Architecture: ARM (32-bit, little-endian, soft float)
  • Description: Used for older or embedded ARM systems, supporting software floating-point operations.
  • Usage: Embedded devices or legacy ARM platforms.

4. armhf

  • Architecture: ARM (32-bit, hard float)
  • Description: Supports hardware floating-point operations.
  • Usage: Raspberry Pi and other ARM-based systems.

5. i386

  • Architecture: 32-bit x86
  • Description: Refers to 32-bit Intel processors starting with the 80386 (introduced in 1985).
  • Usage: Older PCs and systems still running 32-bit operating systems.

6. mips64el

  • Architecture: 64-bit MIPS, little-endian
  • Description: A 64-bit version of the MIPS architecture in little-endian byte order.
  • Usage: Network devices, embedded systems, or specialized hardware.

7. mipsel

  • Architecture: 32-bit MIPS, little-endian
  • Description: A 32-bit version of the MIPS architecture in little-endian byte order.
  • Usage: Older embedded systems and routers.

8. ppc64el

  • Architecture: 64-bit PowerPC, little-endian
  • Description: A version of the PowerPC architecture for 64-bit systems in little-endian byte order.
  • Usage: IBM POWER servers.

9. s390x

  • Architecture: IBM z/Architecture (64-bit)
  • Description: A 64-bit architecture used by IBM mainframes.
  • Usage: Enterprise and high-performance computing environments.

Summary Table:

IdentifierArchitectureKey Use Case
amd6464-bit x86Most PCs and servers
arm6464-bit ARMModern ARM-based devices
armel32-bit ARMOlder/embedded ARM systems (soft float)
armhf32-bit ARMRaspberry Pi and newer ARM systems (hard float)
i38632-bit x86Older PCs and systems
mips64el64-bit MIPSSpecialized network/embedded devices (little-endian)
mipsel32-bit MIPSEmbedded systems (little-endian)
ppc64el64-bit PowerPCIBM POWER servers
s390x64-bit IBMMainframe computing