Raspberry Pi
If you are setting up something like Pi-hole on the system, then you will need to set another port, example: 8053
Install cloudflared:
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
tar -xvzf cloudflared-stable-linux-arm.tgz
cp ./cloudflared /usr/local/bin
rm ./cloudflared cloudflared-stable-linux-arm.tgz
chmod +x /usr/local/bin/cloudflared
cloudflared -v
Create cloudflared user to run the daemon
useradd -s /usr/sbin/nologin -r -M cloudflared
Create file, and write the following to /etc/default/cloudflared:
CLOUDFLARED_OPTS=--port 53 --upstream https://cloudflare-dns.com/dns-query --address 127.0.0.1
Update permissions to allow access for the cloudflare user:
chown cloudflared:cloudflared /etc/default/cloudflared
chown cloudflared:cloudflared /usr/local/bin/cloudflared
Add the following to /etc/hosts:
1.1.1.1 cloudflare-dns.com
1.0.0.1 cloudflare-dns.com
2606:4700:4700::1111 cloudflare-dns.com
2606:4700:4700::1001 cloudflare-dns.com
Install cloudflared:
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
tar -xvzf cloudflared-stable-linux-arm.tgz
cp ./cloudflared /usr/local/bin
rm ./cloudflared cloudflared-stable-linux-arm.tgz
chmod +x /usr/local/bin/cloudflared
cloudflared -v
Create cloudflared user to run the daemon
useradd -s /usr/sbin/nologin -r -M cloudflared
Create file, and write the following to /etc/default/cloudflared:
CLOUDFLARED_OPTS=--port 53 --upstream https://security.cloudflare-dns.com/dns-query --address 127.0.0.1
Update permissions to allow access for the cloudflare user:
chown cloudflared:cloudflared /etc/default/cloudflared
chown cloudflared:cloudflared /usr/local/bin/cloudflared
Add the following to /etc/hosts:
1.1.1.2 security.cloudflare-dns.com
1.0.0.2 security.cloudflare-dns.com
2606:4700:4700::1112 security.cloudflare-dns.com
2606:4700:4700::1002 security.cloudflare-dns.com
Install cloudflared:
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
tar -xvzf cloudflared-stable-linux-arm.tgz
cp ./cloudflared /usr/local/bin
rm ./cloudflared cloudflared-stable-linux-arm.tgz
chmod +x /usr/local/bin/cloudflared
cloudflared -v
Create cloudflared user to run the daemon
useradd -s /usr/sbin/nologin -r -M cloudflared
Create file, and write the following to /etc/default/cloudflared:
CLOUDFLARED_OPTS=--port 53 --upstream https://family.cloudflare-dns.com/dns-query --address 127.0.0.1
Update permissions to allow access for the cloudflare user:
chown cloudflared:cloudflared /etc/default/cloudflared
chown cloudflared:cloudflared /usr/local/bin/cloudflared
Add the following to /etc/hosts:
1.1.1.3 family.cloudflare-dns.com
1.0.0.3 family.cloudflare-dns.com
2606:4700:4700::1113 family.cloudflare-dns.com
2606:4700:4700::1003 family.cloudflare-dns.com
Create file /etc/systemd/system/cloudflared.service:
[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target
[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target
Enable and start service:
systemctl enable cloudflared
systemctl start cloudflared
sleep 1
systemctl status cloudflared
Test if cloudflared is able to resolve hostname:
host -t AAAA cloudflare.com 127.0.0.1
If you are running on another port than 53 and you want to verify resvolving, you can install dnsutils:
apt-get install dnsutils
dig +short @127.0.0.1 -p 53 cloudflare.com AAAA
Add autoupdate by adding the following to cron with command crontab -e:
0 2 * * * cloudflared update; systemctl restart cloudflared