Protect Grafana with cloudflared tunnel | EllaWho’s Repo

Protect Grafana with cloudflared tunnel

Table of contents

Install cloudflared daemon
Permission change
Login Cloudflare dashboard
Configure cloudflared and run it as service
Get started with Clickhouse on Grafana

Install `cloudflared` daemon

wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
dpkg -i cloudflared-linux-amd64.deb

Once installed, cloudflared is a binary file under the default path: /usr/local/bin/cloudflared

Permission change

useradd -s /usr/sbin/nologin -r -M cloudflared
chown cloudflared:cloudflared /usr/local/bin/cloudflared
ls -la /usr/local/bin/cloudflared 
chmod +x /usr/local/bin/cloudflared
cloudflared -v 

cloudflared tunnel login

In the browser, open the URL output in the terminal
Authorize the zone
Upon successful login, a cert.pem will be added to the default path: /root/.cloudflared/cert.pem

Configure `cloudflared` and run it as service

Create a new tunnel: cloudflared tunnel create grafana
Once tunnel created, there will be 1 uuid.json file under the directory ~/.cloudflared/
Go to cd ~/.cloudflared/

Create config.yml file by running vim config.yml

 tunnel: UUID
 credentials-file: /root/.cloudflared/UUID.json
 logfile: /var/log/cloudflared.log
 loglevel: debug
 transport-loglevel: debug

 ingress:
   - hostname: grafana.example.com
     service: http://localhost:3000
   - service: http_status:404

Update DNS for grafana.example.com => CNAME => UUID.cfargotunnel.com
Then run the tunnel cloudflared tunnel run grafana
Once all connected, run cloudflared service install
To start the daemon: systemctl start cloudflared
To reload: systemctl daemon-reload
Check status: systemctl status cloudflared

Get started with Clickhouse on Grafana

Running Clickhouse data source on Grafana