cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard

Published 20 hours ago • verified publisher icon cloudflare

💡restricted cloudflared for remotely managed tunnels

Open brucealthompson opened this issue 2 years ago • 2 comments

Cloudflared currently allows display and management of remotely managed tunnels that are not hosted on the local machine. This includes the ability to delete remotely managed tunnels that are hosted on different machines.

I would like to have the ability to restrict remotely managed tunnels be managed only remotely, not locally. Is there a way to do with cloudflare tunnels?

brucealthompson avatar Jan 23 '23 12:01 brucealthompson

I would like to have the ability to restrict remotely managed tunnels be managed only remotely, not locally. Is there a way to do with cloudflare tunnels?

Hey @brucealthompson ! I don't entirely understand this question. Do you want to not be able to delete/revoke tunnels from the Dash?

sudarshan-reddy avatar Feb 04 '23 09:02 sudarshan-reddy

I want the ability to modify / delete tunnels ONLY from the dashboard and not from cloudflared. I thought that was the definition of a remotely managed tunnel. That seems to not be the case.

I found a work around to this issue. I have restricted the tokens I issue for the tunnels to be read only. Then cloudflared cannot modify tunnels with the restricted tokens.

brucealthompson avatar Feb 04 '23 15:02 brucealthompson

Simply deploy cloudflared using the token supplied from the dashboard. cloudflared can only manage tunnels if it has been authenticated and picks up a credential file from [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]. Delete these files and it will not be able to manage tunnels.

obezuk avatar Apr 13 '23 23:04 obezuk