Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions products/cloudflare-one/src/content/analytics/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,7 @@ order: 7

# Analytics

Cloudflare for Teams gives you comprehensive and in-depth visibility into your network. Whether you need data on network usage, on security threats blocked by Teams, or on how many users have logged into your applications this month, the Teams dashboard provides you with the right tools for the job.


<DirectoryListing path="/analytics"/>
13 changes: 1 addition & 12 deletions products/cloudflare-one/src/content/analytics/logs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,4 @@ order: 1

The Logs section of the [Teams dashboard](https://dash.teams.cloudflare.com/) allows you to take a look at analytics on your network traffic.

<TableWrap>

| Page | Description |
| ---- | ----------- |
| **User** | This page shows the number of users who have logged into an application secured by Cloudflare Access in the current calendar month. |
| **Admin** | This page
| **[Access requests](/logs/activity-log)** |
| **[Audit logs](/logs/audit-logs)** |

<DirectoryListing path="/logs"/>

</TableWrap>
<DirectoryListing path="/analytics/logs"/>
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
order: 0
type: overview
hideChildren: true
---

<ContentColumn>
Expand All @@ -9,9 +10,9 @@ type: overview

With Cloudflare for Teams, you can protect two types of applications: SaaS and self-hosted.

SaaS applications include applications your team relies on that are not hosted by your organization, such as Slack or Airtable.
**SaaS applications** include applications your team relies on that are not hosted by your organization, such as Slack or Airtable.

Self-hosted applications include your internal tools and applications, such as Jira or Grafana. You must secure self-hosted applications with Cloudflare's authoritative DNS to use Cloudflare Access.
**Self-hosted applications** include your internal tools and applications, such as Jira or Grafana. You must secure self-hosted applications with Cloudflare's authoritative DNS to use Cloudflare Access.

<ButtonGroup>
<Button type="primary" href="/applications/configure-apps/saas-apps/">SaaS applications</Button>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
order: 1
---

# SaaS applications
# Add applications

With Cloudflare for Teams, you can protect two types of applications: SaaS and self-hosted.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
order: 1
---

# Self-hosted applications
# Add applications

With Cloudflare for Teams, you can protect two types of applications: SaaS and self-hosted.

Expand Down
4 changes: 4 additions & 0 deletions products/cloudflare-one/src/content/applications/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,8 @@ order: 5

# Applications

Cloudflare for Teams brings a consistent login experience to your internal and SaaS applications, and evaluates every request for user identity and device context.

Learn how to secure your applications, and how to configure one dashboard for your users to reach all the applications you've secured behind Teams:

<DirectoryListing path="/applications"/>
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ If you are working on a machine that does not have a browser, or a browser windo

### 3. Secure the subdomain with Cloudflare Access

Next, protect the subdomain you plan to register with a Cloudflare Access policy. Follow [these instructions](/getting-started/policies) to build a new policy to control who can connect to the resource.
Next, protect the subdomain you plan to register with a Cloudflare Access policy. Follow [these instructions](/policies/zero-trust/policy-management) to build a new policy to control who can connect to the resource.

For example, if you share the resource at `tcp.site.com`, build a policy to only allow your team members to connect to that subdomain.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ You can use Cloudflare Access, in combination with Cloudflare Argo Tunnel, to co

### 1. Install The Cloudflare Daemon On The Host Machine

The Cloudflare daemon, `cloudflared`, will maintain a secure, persistent, outbound-only connection from the machine to Cloudflare. Arbitrary TCP traffic will be proxied over this connection using [Cloudflare Argo Tunnel](https://developers.cloudflare.com/argo-tunnel/).
The Cloudflare daemon, `cloudflared`, will maintain a secure, persistent, outbound-only connection from the machine to Cloudflare. Arbitrary TCP traffic will be proxied over this connection using **Argo Tunnel**.

Follow these instructions to download and install cloudflared in a location that can address the Kubernetes cluster's API server.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ order: 20
You can configure ingress rules to proxy traffic from multiple hostnames to multiple services using a single instance of `cloudflared` and a single Argo Tunnel.

Each incoming request received by `cloudflared` causes `cloudflared` to send a request to a local service.
By configuring **ingress rules** in the [configuration file](/configuration/config), you can specify which local services a request should be proxied to.
By configuring **ingress rules** in the [configuration file](/connections/connect-apps/configuration/config), you can specify which local services a request should be proxied to.

You can define ingress rules inside of the configuration file.

Expand Down Expand Up @@ -90,7 +90,7 @@ With the catch-all rule, you can set `cloudflared` to respond to traffic with an
|--|--|--|--|
| HTTP/S | Incoming HTTP requests are proxied directly to your local service | `https://localhost:8000` |
| HTTP/S over unix socket | Just like HTTP/S, but using a unix socket instead | `unix:/home/production/echo.sock` |
| TCP, RDP, SSH, SMB, kubectl to a single address | TCP requests are proxied to your local service. [Learn more](https://developers.cloudflare.com/access/protocols-and-connections). | `ssh://localhost:2222` |
| TCP, RDP, SSH, SMB, kubectl to a single address | TCP requests are proxied to your local service. [Learn more](/applications/non-HTTP). | `ssh://localhost:2222` |
| TCP, RDP, SSH, SMB, kubectl bastion mode | `cloudflared` will act like a jumphost, allowing access to any local address. | `bastion` |
| Hello World | Test server for validating your Argo Tunnel setup | `hello_world` |
| HTTP status | Responds to all requests with the given HTTP status | `http_status:404` |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Replace `<NAME>` with the name you want to give to the Tunnel. The name assigned

This command will create a Tunnel with the name provided and associate it with a UUID. The relationship between the UUID and the name is persistent. The command will not create a connection at this point.

![Create a tunnel](../static/img/create-tunnel/ct1.png)
![Create a tunnel](../../../static/documentation/connections/ct1.png)

Creating a Tunnel generates a credentials file for that specific Tunnel. This file is distinct from the cert.pem file. To run the Tunnel without managing DNS from `cloudflared`, you only need the credentials file.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ order: 50

| Before you start |
|---|
| 1. [Create an Argo Tunnel](/create-tunnel) |
| 2. [Configure the Tunnel](/configuration) |
| 1. [Create an Argo Tunnel](/connections/connect-apps/create-tunnel) |
| 2. [Configure the Tunnel](/connections/connect-apps/configuration) |

## Route traffic from the Cloudflare dashboard

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ order: 4

# Route to a Tunnel

Cloudflare can route traffic to your Argo Tunnel connection using a [DNS record](/routing-to-tunnel/dns) or Cloudflare’s [Load Balancer](/routing-to-tunnel/lb) product.
Cloudflare can route traffic to your Argo Tunnel connection using a [DNS record](/connections/connect-apps/routing-to-tunnel/dns) or Cloudflare’s [Load Balancer](/connections/connect-apps/routing-to-tunnel/lb) product.

You can configure either option from the Cloudflare dashboard by pointing a DNS CNAME record or a Load Balancer pool to the Argo Tunnel subdomain for your connection. You can also associate these records with your Tunnel from `cloudflared` directly.

Argo Tunnel can also [be configured](/configuration/ingress) to route traffic to multiple hostnames to multiple services in your environment.
Argo Tunnel can also [be configured](/connections/connect-apps/configuration/ingress) to route traffic to multiple hostnames to multiple services in your environment.
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Both options rely on Cloudflare's Load Balancer to send traffic for a single hos

4. Create two deployments wth one replica each using `cloudflared`. Configure `cloudflared` to point to the service IP of the upstream service. Mount the secrets created in Step 1 and point `cloudflared` to the right path.

5. In the Cloudflare dashboard, create a Load Balancer pool and [point the pool](/routing-to-tunnel/lb) to the two or more Argo Tunnel connections.
5. In the Cloudflare dashboard, create a Load Balancer pool and [point the pool](/connections/connect-apps/routing-to-tunnel/lb) to the two or more Argo Tunnel connections.

Once configured, you can update `cloudflared` by updating one deployment and then proceeding to the next one once you've verified the newly updated cloudflared pod is running and connected.

Expand All @@ -35,4 +35,4 @@ Once configured, you can update `cloudflared` by updating one deployment and the

3. Create two deployments wth one replica each using `cloudflared`. Configure `cloudflared` to point to an ingress controller. Mount the secrets created in Step 1 and point `cloudflared` to the right path.

4. In the Cloudflare dashboard, create a Load Balancer pool and [point the pool](/routing-to-tunnel/lb) to the two or more Argo Tunnel connections.
4. In the Cloudflare dashboard, create a Load Balancer pool and [point the pool](/connections/connect-apps/routing-to-tunnel/lb) to the two or more Argo Tunnel connections.
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ order: 50

| Before you start |
|---|
| 1. [Create an Argo Tunnel](/create-tunnel) |
| 2. [Configure the Tunnel](/configuration) |
| 1. [Create an Argo Tunnel](/connections/connect-apps/create-tunnel) |
| 2. [Configure the Tunnel](/connections/connect-apps/configuration) |
| 3. [Create a Load Balancer pool in Cloudflare](https://developers.cloudflare.com/load-balancing/create-load-balancer-ui) |

## Route traffic from the dashboard
Expand All @@ -20,7 +20,7 @@ To add an Argo Tunnel connection to a Cloudflare Load Balancer pool:

1. Navigate to the Load Balancer page in the Cloudflare dashboard.
2. Create or edit an existing Origin Pool. Add the Argo Tunnel subdomain as an Origin Address.
3. Click `Save`.
3. Click **Save**.

## Route traffic from the command line

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ order: 5

| Before you start |
|---|
| 1. [Create a Tunnel](/create-tunnel) |
| 2. [Configure the Tunnel](/configuration) |
| 3. [Configure routing to the Tunnel](/routing-to-tunnel) |
| 1. [Create a Tunnel](/connections/connect-apps/create-tunnel) |
| 2. [Configure the Tunnel](/connections/connect-apps/configuration) |
| 3. [Configure routing to the Tunnel](/connections/connect-apps/routing-to-tunnel) |

Once you have created a Tunnel and decided how to route traffic to that Tunnel, you can run the Tunnel to proxy incoming traffic from the Tunnel to any number of services running locally on your origin. To begin, run the Tunnel with the following command. The command will connect `cloudflared` to Cloudflare's edge, using the configuration supplied. Traffic will route to the Tunnel based on the DNS or Load Balancer settings.

Expand All @@ -24,15 +24,15 @@ You can also specify the Tunnel name or UUID inside of the configuration file, i

If you do not specify a configuration file location, `cloudflared` will attempt to read a configuration file in `~/.cloudflared/config.yml`.

When `cloudflared` receives a HTTP request from the internet it matches the incoming request to an ingress rule from the config file. The ingress rules specify which traffic should go to which local services. See the section on [Ingress Rules](/configuration/ingress).
When `cloudflared` receives a HTTP request from the internet it matches the incoming request to an ingress rule from the config file. The ingress rules specify which traffic should go to which local services. See the section on [ingress rules](/connections/connect-apps/configuration/ingress).

You can also run the Tunnel without a configuration file by appending the flags after the `run` command and before the name or UUID. Running your tunnel this way will route _all_ traffic to the given URL.

`cloudflared tunnel run --url localhost:3000 <NAME or UUID>`

![Run tunnels](../static/img/create-tunnel/rt1.png../../../static/documentation/connections/connect-apps/create-tunnel/rt1.png)
![Run tunnels](../../../static/documentation/connections/connect-apps/create-tunnel/rt1.png)

Once run, this command will establish an outbound-only connection to Cloudflare’s edge. That connection will not yet serve traffic. Any requests made to the Tunnel directly will fail. To route traffic from a hostname or load balancer pool, follow the routing instructions.

You can also:
* [Run a tunnel as a service](/run-tunnel/run-as-service)
* [Run a tunnel as a service](/connections/connect-apps/run-tunnel/run-as-service)
Original file line number Diff line number Diff line change
Expand Up @@ -6,21 +6,21 @@ order: 30

| Before you start |
|---|
| 1. [Create a Tunnel](/create-tunnel) |
| 2. [Configure the Tunnel](/configuration) |
| 3. [Configure routing to the Tunnel](/routing-to-tunnel) |
| 1. [Create a Tunnel](/connections/connect-apps/create-tunnel) |
| 2. [Configure the Tunnel](/connections/connect-apps/configuration) |
| 3. [Configure routing to the Tunnel](/connections/connect-apps/routing-to-tunnel) |

Argo Tunnel can install itself as a system service on Linux and Windows and as a launch agent on macOS.

By default, Argo Tunnel expects all of the configuration to exist in the `cloudflared/config.yml` configuration file. The available options are documented on the [configuration file reference](/configuration/config/), but at a minimum you must specify the following arguments to run as a service:
By default, Argo Tunnel expects all of the configuration to exist in the `cloudflared/config.yml` configuration file. The available options are documented on the [configuration file reference](/connections/connect-apps/configuration/config/), but at a minimum you must specify the following arguments to run as a service:

|Argument|Description|
|---|---|
|`url`|The destination for proxied traffic in your environment if your origin is not listening on localhost:8080|
|`tunnel`|The UUID of your Tunnel
|`credentials-file`|The location of the credentials file for your Tunnel|

You must [create the Tunnel](/create-tunnel), and its credentials file, prior to installing it as a service. Creating the Tunnel in advance will generate the `credentials` file.
You must [create the Tunnel](/connections/connect-apps/create-tunnel), and its credentials file, prior to installing it as a service. Creating the Tunnel in advance will generate the `credentials` file.

If you do not want to create the tunnel in advance, you must install `cloudflared` with the `--legacy` flag.

Expand Down Expand Up @@ -151,7 +151,7 @@ copy C:\Users\%USERNAME%\.cloudflared\cert.pem C:\Windows\System32\config\system

### Create, route, and configure the Tunnel

You can now [create](/create-tunnel) an Argo Tunnel and edit the configuration file to [configure](/configuration) `cloudflared`. We recommend setting the [routing](/routing-to-tunnel) before running the service in the next step.
You can now [create](/connections/connect-apps/create-tunnel) an Argo Tunnel and edit the configuration file to [configure](/connections/connect-apps/configuration) `cloudflared`. We recommend setting the [routing](/connections/connect-apps/routing-to-tunnel) before running the service in the next step.

<Aside>

Expand Down Expand Up @@ -183,7 +183,7 @@ credentials-file: C:/UUID.json

To start the service, open the Service Manager, select `Argo Tunnel agent` and open the `General` tab. In the `Start parameters` field, specify the location of the configuration file and place the `tunnel run` command after the path. For example:

![DNS tab](../static/img/windows/start-param.png)
![DNS tab](../../../static/documentation/connections/start-param-1.png)

Once applied, you can click `Start` to run the Tunnel.

Expand Down
Loading