fscarmen

fscarmen

HomeArchives

【New Scientific Approach】👏 Reverse Source Recovery of Gost + Cloudflare Tunnel

#cdn#cloudflared#gost#cfd#翻墙#反向100
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The document provides resources and background information on a tool that utilizes Cloudflare Tunnel for reverse proxying, enabling local services to connect to Cloudflare's CDN without requiring a public IP. Key resources include links to the project repository, video tutorials, and downloads for Cloudflared and Gost applications. Cloudflare Tunnel is a secure service that allows local services to be exposed to the internet without opening public ports. It supports various operating systems and offers low-latency, high-bandwidth access. Gost v3 is a secure tunnel implemented in Go, supporting multiple protocols and proxy methods. The advantages of this tool include bypassing public IP requirements, automatic selection of optimal Cloudflared IPs, broad application scenarios, and minimal dependencies for installation and usage. The document also includes command examples for setting up the service, an interactive installation script, and instructions for both server and client installations. Users can easily obtain Cloudflare Tunnel JSON or Token for authentication. Additional resources and deployment screenshots are provided for reference.

Related Resources#

Project address: https://www.github.com/fscarmen/cfd_return

Video tutorial: https://youtu.be/X032LZkVZSs

Cloudflared application download: https://github.com/cloudflare/cloudflared/releases

Cloudflare Tunnel Json acquisition site: http://fscarmen.cloudflare.now.cc

gost v3 application download: https://github.com/go-gost/gost/releases

cfd preferred tool download: https://github.com/fscarmen/cfd_return/tree/main/cfd

Background and Introduction to the Solution#

In the process of building network services, we often use CDN (Content Delivery Network) to accelerate user access. Traditional CDN services are usually "forward," meaning users access CDN nodes, which then forward requests to remote VPS (Virtual Private Server). However, this method requires the VPS to have a public IP and may be affected by network latency and bandwidth limitations.

Today, we will introduce a "reverse origin" tool based on Cloudflare Tunnel, which allows your local services to connect to Cloudflare's CDN network through internal network penetration, achieving global acceleration access. This tool supports various operating systems, including CentOS, Debian, Ubuntu, Alpine, and OpenWRT, and is very easy to install and use.

image

What is Cloudflare Tunnel?#

Cloudflare Tunnel is a secure and reliable internal network penetration service provided by Cloudflare. It allows you to expose local services to the internet without opening any public ports or configuring complex firewall rules. Through Cloudflare Tunnel, your local services can connect to Cloudflare's global network, enjoying low-latency and high-bandwidth access experiences.

What is Gost?#

Gost (GO Simple Tunnel) v3 is a secure tunnel implemented in GO language, supporting various network protocols and proxy methods. Its design goal is to provide a simple, flexible, and efficient network proxy solution. Gost can be used to build various network topologies, such as forward proxy, reverse proxy, tunnel proxy, etc.
Project address: https://github.com/go-gost/gost
Project documentation: https://gost.run/

Advantages of Reverse Origin#

  • Break through public entry restrictions: Traditional CDNs require VPS to have a public IP, while this tool leverages Cloudflare Tunnel to achieve internal network penetration without needing a public IP to connect to the CDN.
  • Automatic selection of cloudflared access IP: Using the toy cfd provided by the enthusiastic netizen cf relay IP group owner, from multiple candidate endpoints (including region1.v2.argotunnel.com, region2.v2.argotunnel.com, us-region1.v2.argotunnel.com, us-region2.v2.argotunnel.com, etc.), these endpoints may contain multiple IPv4 and IPv6 addresses, and the tool selects the access IP with the lowest latency.
  • Wide application scenarios: In addition to traditional VPS, you can also deploy this tool in various containers, gaming platforms, or even home networks to achieve global acceleration access to services.
  • No additional optimization required: Since Cloudflare's line quality is usually very good, there is no need for additional network optimization when using this tool, allowing you to enjoy stable access speeds.
  • Lightweight operation: This tool has almost 0 dependencies, does not require handling complex certificates and configuration issues, and is very simple to install and use.

Implementation Principle Example#

By creating a Cloudflare Tunnel through json or token (the respective creation methods will be discussed later), for example, the tunnel name is gost.argo.com, and the origin port is 20000.

Local OpenWRT Operation#

gost -D -L "relay+ws://:10000?path=/3b451552-e776-45c5-9b98-bde3ab99bf75&bind=true"

cloudflared tunnel --logfile /tmp/cloudflared.log --edge-ip-version auto --config /etc/cfd_return_server/tunnel.yml run

cfd -file /etc/cfd_return_server/ip

Note: The above three commands will occupy the foreground terminal when executed, causing the terminal to be blocked and unable to perform other operations. Therefore, if you plan to execute them manually, it is recommended to use screen or similar terminal multiplexing tools. This way, you can allocate an independent screen session for each process, allowing these processes to run continuously in the background while you can still freely access and control them without affecting other terminal sessions.

Command explanation
gost:

  • -D: This flag enables debug mode, providing detailed logs for troubleshooting.

  • -L "relay+ws://:10000?path=/3b451552-e776-45c5-9b98-bde3ab99bf75&bind=true": This specifies the local listening address and port, using the WebSocket protocol. The path parameter is used to specify the WebSocket path, and the Relay service is enabled with the BIND function, using UDP-over-TCP.

cloudflared:

  • --logfile /tmp/cloudflared.log: This option specifies the file path to save the output log.

  • --edge-ip-version auto: This option automatically selects the IP version (IPv4 or IPv6) for the connection.

  • --config /etc/cfd_return_server/tunnel.yml: This specifies the path to the tunnel configuration file.

  • run: This command starts the tunnel.

cfd:

  • -file: IP address file name

Remote VPS Operation#

gost -D -L socks5://[::1]:20000

gost -D -L rtcp://:30000/[::1]:20000 -F "relay+ws://gost.argo.com:80?path=/3b451552-e776-45c5-9b98-bde3ab99bf7&host=gost.argo.com"

Command explanation
gost:

  • -D: This flag enables debug mode, providing detailed logs for troubleshooting.

  • -L socks5://[::1]:20000: This specifies the local listening address and port, using the SOCKS5 protocol. [::1] is the loopback address, and 20000 is the port number.

  • -L relay+rtcp://:30000/[::1]:20000: This specifies the local listening address and port, using the RTCP protocol. 30000 is the local port (such as a soft router used at home or in the office), and [::1]:20000 is the remote address and port (VPS side).

  • -F "ws://gost.argo.com:80?path=/3b451552-e776-45c5-9b98-bde3ab99bf7&host=gost.argo.com": This specifies the forwarding address, using the WebSocket protocol. The path and host parameters are used to specify the WebSocket path and host.

One-Click Script Deployment for the Project#

Interactive Installation#

Both server and client use

bash <(wget -qO- https://raw.githubusercontent.com/fscarmen/cfd_return/main/cfd_return.sh)

Quick Parameter Installation#

Install server

bash <(wget -qO- https://raw.githubusercontent.com/fscarmen/cfd_return/main/cfd_return.sh) \
  -s \                      # Install server
  -p server-origin-port \   # Specify the local service port
  -d your-domain.com \      # Specify the domain name for Cloudflare Tunnel
  -w your-ws-path \         # Specify the WebSocket path (for communication with Cloudflare Tunnel)
  -t 4 \                    # Only prefer IPv4 endpoint
  -a 'your-cloudflare-auth' # Specify Cloudflare Json or Token authentication information, note that single quotes are required

Client installation

bash <(wget -qO- https://raw.githubusercontent.com/fscarmen/cfd_return/main/cfd_return.sh) \
  -c \                    # Install client
  -r remote-socks5-port \ # Specify the SOCKS5 port mapped to the server
  -d your-domain.com \    # Specify the domain name for Cloudflare Tunnel
  -w your-ws-path         # Specify the WebSocket path (for communication with Cloudflare Tunnel)

Uninstallation method

bash <(wget -qO- https://raw.githubusercontent.com/fscarmen/cfd_return/main/cfd_return.sh) -u

For more parameters, please refer to the project README.md: https://www.github.com/fscarmen/cfd_return

Obtaining Cloudflare Tunnel Json#

Users can easily obtain it through the Cloudflare Json generation site: https://fscarmen.cloudflare.now.cc

image

Obtaining Cloudflare Tunnel Token#

image
image
image
image
image

Deployment Operation Screenshots#

Server: Json Method#

  • Deployed on soft router
    image

Server: Token Method#

  • Deployed on soft router
    image

Client (VPS)#

  • Deployed on VPS
    image

Application Settings#

  • image

Reference Content#

Gost v3 forwarding chain: https://gost.run/tutorials/port-forwarding/#_5

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.