Photo from Wikimedia Commons
Today we’re introducing Argo Tunnel, a private connection between your web server and Cloudflare. Tunnel makes it so that only traffic that routes through Cloudflare can reach your server.
You can think of Argo Tunnel as a virtual P.O. box. It lets someone send you packets without knowing your real address. In other words, it’s a private link. Only Cloudflare can see the server and communicate with it, and for the rest of the internet, it’s unroutable, as if the server is not even there.
How this used to be done
This type of private deployment used to be accomplished with GRE tunnels. But GRE tunnels are expensive and slow, they don’t really make sense in a 2018 internet.
GRE is a tunneling protocol for sending data between two servers by simulating a physical link. Configuring a GRE tunnel requires coordination between network administrators from both sides of the connection. It is an expensive service that is usually only available for large corporations with dedicated budgets. The GRE protocol encapsulates packets inside other packets, which means that you will have to either lower the MTU of your origin servers, or have your router do packet fragmentation, leading to slower responses.
We wanted to find a way to emulate the same security of a GRE tunnel but without the expense or hassle. And at the same time maybe it could speed up connections instead of slowing them down. And with that direction, the team started to build Tunnel.
Want to see a demo?
If you want to see it in action, you can watch this demo. Colin Murray recorded it – for the full experience, put on some headphones, there’s audio:
Deploy Quickly, Safely
Argo Tunnel is fast to install and run – it’s just three commands to expose a locally running web application:
$ install cloudflared // binaries available for Linux, Mac and Windows https://developers.cloudflare.com/argo-tunnel/downloads/ $ cloudflared login $ cloudflared --hostname example.com http://localhost:8080
This can be run on any device from a Raspberry Pi, to a DigitalOcean droplet, to a hardware load balancer in your data center.
Netwrk is one of the companies using Argo Tunnel. Their Co-Founder and CTO Johan Bergström told us: “I’ve been able to reduce the administrative overhead of firewalls, reduce the attack surface and get the added benefit of higher performance through the tunnel.”
Argo Tunnel is Powered by Argo
One reason why traffic through Argo Tunnel gets a performance boost is that Tunnel is built on top of Argo, Cloudflare’s optimized smart routing (think Waze for the internet).
Tunnel is included for free for anyone that has Argo enabled.
In order for Tunnel to work we needed to get visitor traffic to reach one of the data centers closest to the origin. The right way to do this is by taking advantage of Argo. We decided it made sense to bundle Tunnel with Argo and include it at no additional cost. That way you get the best of both worlds: a secure, protected origin and the fastest path across the Internet to get to it.
Of course, we want you to one day be able to test out Tunnel without having to buy Argo, so we’re considering offering a free version of Tunnel on a Cloudflare domain. If you’re interested in testing out an early version in the future, sign up here.
What Happened to Warp
During the beta period, Argo Tunnel went under a different name: Warp. While we liked Warp as a name, as soon as we realized that it made sense to bundle Warp with Argo, we wanted it to be under the Argo product name. Plus, a tunnel is what the product is so it’s more descriptive.