Cloud/Shahed/AL: Difference between revisions
Jump to navigation
Jump to search
| (12 intermediate revisions by the same user not shown) | |||
| Line 31: | Line 31: | ||
Type=oneshot | Type=oneshot | ||
ExecStart=/sbin/ip link add warp0 type dummy | ExecStart=/sbin/ip link add warp0 type dummy | ||
ExecStartPost=/sbin/ip addr add 10.20. | ExecStartPost=/sbin/ip addr add 10.20.40.12/32 dev warp0 | ||
ExecStartPost=/sbin/ip link set warp0 up | ExecStartPost=/sbin/ip link set warp0 up | ||
ExecStop=/sbin/ip link delete warp0 | ExecStop=/sbin/ip link delete warp0 | ||
| Line 56: | Line 56: | ||
rm -rf ${HOME}/Downloads/cloudflared-linux-armhf.deb | rm -rf ${HOME}/Downloads/cloudflared-linux-armhf.deb | ||
qemu-arm-static -cpu cortex- | qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared --version | ||
</syntaxhighlight> | </syntaxhighlight> | ||
---- | ---- | ||
| Line 118: | Line 118: | ||
LOGGER_FILE=${LOGGER_BASE}/argo.log | LOGGER_FILE=${LOGGER_BASE}/argo.log | ||
AUTHNZ_FILE=${AUTHNZ_BASE}/argo.json | AUTHNZ_FILE=${AUTHNZ_BASE}/argo.json | ||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
# armv6l based pi01w is a single core cpu, less powerful | |||
# qemu-arm-static emulator take more time to run armhf binary | |||
# for this case it would best to use another pc to generate the json token | |||
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel login && cd ~/.cloudflared/ | |||
curl -fsSL https://login.cloudflareaccess.org/aHK9jfkm_uvN9PW6-RGWote9FwyCv5VKqBfPjUZ7RCk= | tee ~/.cloudflared/cert.pem >/dev/null | |||
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel create shahed-al-${USER} | |||
ln -s ${CONFIG_BASE}/3d1105e6-e8f4-403e-9b2d-3367947e0a9e.json ${AUTHNZ_FILE} | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
# use another pc | |||
cd ~/.cloudflared/ | |||
cloudflared tunnel login | |||
mv cert.pem cert.pem.bkp | |||
mkdir -p ~/.cloudflared/tokens | |||
cloudflared tunnel create shahed-al-${USER} | |||
mv aa6db449-f14f-4e79-be14-44b49174d17f.json tokens/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json | |||
rsync -avz tokens/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json pi@shahed-al.local:~/.config/ | |||
ssh -qt pi@shahed-al.local bash | |||
# on demand update needed | |||
cat << EXE | sudo bash | |||
mv ~/.config/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json /home/system/chorke-com-argo/.cloudflared/aa6db449-f14f-4e79-be14-44b49174d17f.json | |||
chown chorke-com-argo:chorke-com-argo /home/system/chorke-com-argo/.cloudflared/aa6db449-f14f-4e79-be14-44b49174d17f.json | |||
ls -alh /home/system/chorke-com-argo/.cloudflared/ | |||
EXE | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 168: | Line 193: | ||
source ~/.profile | source ~/.profile | ||
cat ~/.cloudflared/argo.yml | cat ~/.cloudflared/argo.yml | ||
qemu-arm-static -cpu cortex- | qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel run shahed-al-${USER} | ||
exit | exit | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 192: | Line 217: | ||
TimeoutStartSec=0 | TimeoutStartSec=0 | ||
Type=notify | Type=notify | ||
ExecStart=qemu-arm-static -cpu cortex- | ExecStart=qemu-arm-static -cpu cortex-a7 \ | ||
/usr/local/bin/cloudflared --no-autoupdate \ | /usr/local/bin/cloudflared --no-autoupdate \ | ||
--config /home/system/chorke-com-argo/\ | --config /home/system/chorke-com-argo/\ | ||
| Line 220: | Line 245: | ||
TimeoutStartSec=0 | TimeoutStartSec=0 | ||
Type=notify | Type=notify | ||
ExecStart=qemu-arm-static -cpu cortex- | ExecStart=qemu-arm-static -cpu cortex-a7 \ | ||
/usr/local/bin/cloudflared --no-autoupdate \ | /usr/local/bin/cloudflared --no-autoupdate \ | ||
--config /home/system/chorke-org-argo/\ | --config /home/system/chorke-org-argo/\ | ||
| Line 248: | Line 273: | ||
TimeoutStartSec=0 | TimeoutStartSec=0 | ||
Type=notify | Type=notify | ||
ExecStart=qemu-arm-static -cpu cortex- | ExecStart=qemu-arm-static -cpu cortex-a7 \ | ||
/usr/local/bin/cloudflared --no-autoupdate \ | /usr/local/bin/cloudflared --no-autoupdate \ | ||
--config /home/system/shahed-biz-argo/\ | --config /home/system/shahed-biz-argo/\ | ||
| Line 358: | Line 383: | ||
{| | {| | ||
|valign="top"| | |valign="top"| | ||
* [[ | * [[Cloud/Hetzner/AA|Cloud » Hetzner » AA]] | ||
* [[ | * [[Cloud/Hetzner/AB|Cloud » Hetzner » AB]] | ||
* [[ | * [[Cloud/Shahed/AA|Cloud » Shahed » AA]] | ||
* [[ | * [[Cloud/Shahed/AB|Cloud » Shahed » AB]] | ||
* [[ | * [[Cloud/Shahed/AC|Cloud » Shahed » AC]] | ||
* [[ | * [[Cloud/Shahed/AD|Cloud » Shahed » AD]] | ||
* [[ | * [[Cloud/Shahed/AE|Cloud » Shahed » AE]] | ||
* [[ | * [[Cloud/Shahed/AF|Cloud » Shahed » AF]] | ||
* [[ | * [[Cloud/Shahed/AG|Cloud » Shahed » AG]] | ||
* [[ | * [[Cloud/Shahed/AH|Cloud » Shahed » AH]] | ||
|valign="top"| | |||
* [[Cloud/Shahed/AI|Cloud » Shahed » AI]] | |||
* [[Cloud/Shahed/AJ|Cloud » Shahed » AJ]] | |||
* [[Cloud/Shahed/AK|Cloud » Shahed » AK]] | |||
* [[Cloud/Shahed/AM|Cloud » Shahed » AM]] | |||
* [[Cloud/Shahed/AN|Cloud » Shahed » AN]] | |||
* [[Cloud/Shahed/VA|Cloud » Shahed » VA]] | |||
|valign="top"| | |valign="top"| | ||
|valign="top"| | |valign="top"| | ||
|- | |- | ||
| colspan=" | |colspan="4"| | ||
---- | ---- | ||
|- | |- | ||
| valign="top" | | |valign="top"| | ||
* [[ | * [[Minikube Ingress DNS| Minikube » Ingress » DNS]] | ||
* [[ | * [[Minikube Systemd|Minikube » Systemd]] | ||
* [[ | * [[Minikube MetalLB|Minikube » MetalLB]] | ||
* [[ | * [[Minikube Registry|Minikube » Registry]] | ||
* [[Minikube Tunnel|Minikube » Tunnel]] | |||
* [[Minikube]] | |||
* [[CIDR]] | |||
* [[UFW]] | |||
* [[YQ Tool|YQ]] | |||
* [[JQ Tool|JQ]] | |||
|valign="top"| | |||
* [[K8s/Academia/Ingress|K8s » Academia » Ingress]] | |||
* [[K8s/HAProxy/Ingress|K8s » HAProxy » Ingress]] | |||
* [[K8s/Apache/Ingress|K8s » Apache » Ingress]] | |||
* [[K8s/Nginx/Ingress|K8s » Nginx » Ingress]] | |||
* [[K8s/Swiss Knife|K8s » Swiss Knife]] | |||
* [[K8s/Storage|K8s » Storage]] | |||
* [[K8s/Ingress|K8s » Ingress]] | |||
* [[K8s/Service|K8s » Service]] | |||
* [[K8s/Run|K8s » Run]] | |||
* [[K8s]] | |||
| valign="top" | | |valign="top"| | ||
* [[ | * [[Helm/Prometheus Stack|Helm » Prometheus Stack]] | ||
* [[ | * [[Helm/Cert Manager|Helm » Cert Manager]] | ||
* [[Helm/Elasticsearch|Helm » Elasticsearch]] | |||
* [[Minikube MetalLB|Helm » MetalLB]] | |||
* [[Helm/Jenkins|Helm » Jenkins]] | |||
* [[Helm/GitLab|Helm » GitLab]] | |||
* [[Helm/Nexus|Helm » Nexus]] | |||
* [[Helm/MinIO|Helm » MinIO]] | |||
* [[Helm/Kafka|Helm » Kafka]] | |||
* [[Helm/Redis|Helm » Redis]] | |||
| valign="top" | | |valign="top"| | ||
* [[Security/Container/Snyk|Security » Container » Snyk]] | |||
* [[Security/Container/Trivy|Security » Container » Trivy]] | |||
* [[Security/Certificate/TLS|Security » Certificate » TLS]] | |||
* [[Java Key Store|Security » Java » Key Store]] | |||
* [[Java Mail API|Security » Java » Mail API]] | |||
* [[Security/Password|Security » Password]] | |||
* [[ZA Proxy|Security » ZA Proxy]] | |||
* [[Security/Domain|Security » Domain]] | |||
* [[Jasypt|Security » Jasypt]] | |||
* [[HTTP Security|Security » HTTP]] | |||
|- | |- | ||
| colspan=" | |colspan="4"| | ||
---- | ---- | ||
|- | |- | ||
| valign="top" | | |valign="top"| | ||
* [[ | * [[Benchmarks]] | ||
* [[ | * [[IPTables]] | ||
* [[ | * [[Kubectl]] | ||
* [[PyEnv]] | * [[PyEnv]] | ||
* [[CURL]] | |||
* [[TMux]] | * [[TMux]] | ||
* [[7Zip]] | * [[7Zip]] | ||
* [[Linux Containers|LXC]] | |||
* [[Zip]] | * [[Zip]] | ||
* [[Tar]] | * [[Tar]] | ||
| valign="top" | | |valign="top"| | ||
* [[Linux Service Creation]] | * [[Ubuntu Upgrade|Linux » Ubuntu Upgrade]] | ||
* [[ | * [[Linux Service Creation|Linux » Service Creation]] | ||
* [[Linux Mount Drive]] | * [[Linux User Creation|Linux » User Creation]] | ||
* [[ | * [[Linux Mount Drive|Linux » Mount Drive]] | ||
* [[ | * [[Swap Space|Linux » Swap Space]] | ||
* [[ | * [[EKSctl|CLI » AWS » EKS]] | ||
* [[ | * [[AWS CLI|CLI » AWS]] | ||
* [[ | * [[Google Cloud CLI|CLI » GCP]] | ||
* [[CLI App|CLI]] | |||
* [[K9s]] | |||
|valign="top"| | |||
* [[Cloudflare/WARP Host|Cloudflare » Host]] | |||
* [[Cloudflare]] | |||
* [[Terraform]] | |||
* [[ActiveMQ]] | |||
* [[Keycloak]] | |||
* [[Hadoop]] | |||
* [[Jenkins]] | |||
* [[Spark]] | |||
* [[Bash]] | * [[Bash]] | ||
* [[Port]] | * [[Port]] | ||
|valign="top"| | |||
* [[Private Enterprise Number]] | |||
* [[Chorke Academia Backup]] | |||
* [[Cloud Computing Cost|Cost » Cloud » Computing]] | |||
* [[Cloud/Cost/Chorke|Cost » Cloud » Chorke]] | |||
* [[YouTube/Channel]] | |||
|- | |- | ||
|colspan=" | |colspan="4"| | ||
---- | ---- | ||
|- | |- | ||
|valign="top"| | |valign="top"| | ||
|valign="top"| | |valign="top"| | ||
|valign="top"| | |||
|valign="top"| | |valign="top"| | ||
|} | |} | ||
Latest revision as of 02:15, 17 June 2025
SSH
ssh pi@shahed-al.local
cat <<'EXE' | sudo bash
free -th && echo && systemd-analyze && echo
df -h && echo && lsblk && echo
swapon --show
EXE
APT Update
cat << EXE | sudo bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y qemu-user-static
ls -lah /usr/bin/qemu-*
apt-get clean cache
EXE
Cloudflare » VIRT
cat << INI | sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/ip link add warp0 type dummy
ExecStartPost=/sbin/ip addr add 10.20.40.12/32 dev warp0
ExecStartPost=/sbin/ip link set warp0 up
ExecStop=/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status warp0.service
EXE
ip a
Cloudflare » Argo » Tunnel
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-armhf.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-armhf.deb; sudo apt install -f
rm -rf ${HOME}/Downloads/cloudflared-linux-armhf.deb
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared --version
cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null
###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000
# 208 KiB Default RX Buffer
net.core.rmem_default=212992
# 208 KiB Default TX Buffer
net.core.wmem_default=212992
# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608
# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608
SYS
sudo sysctl -p
Cloudflare » Argo » Tunnel » Qemu
sudo -i -u chorke-com-argo
LOGGER_BASE=/var/log/cloudflared/chorke.com
|
sudo -i -u chorke-org-argo
LOGGER_BASE=/var/log/cloudflared/chorke.org
|
sudo -i -u shahed-biz-argo
LOGGER_BASE=/var/log/cloudflared/shahed.biz
|
|
| ||
CONFIG_BASE=${HOME}/.cloudflared
AUTHNZ_BASE=${HOME}/.cloudflared
CONFIG_FILE=${CONFIG_BASE}/argo.yml
LOGGER_FILE=${LOGGER_BASE}/argo.log
AUTHNZ_FILE=${AUTHNZ_BASE}/argo.json
# armv6l based pi01w is a single core cpu, less powerful
# qemu-arm-static emulator take more time to run armhf binary
# for this case it would best to use another pc to generate the json token
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel login && cd ~/.cloudflared/
curl -fsSL https://login.cloudflareaccess.org/aHK9jfkm_uvN9PW6-RGWote9FwyCv5VKqBfPjUZ7RCk= | tee ~/.cloudflared/cert.pem >/dev/null
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel create shahed-al-${USER}
ln -s ${CONFIG_BASE}/3d1105e6-e8f4-403e-9b2d-3367947e0a9e.json ${AUTHNZ_FILE}
# use another pc
cd ~/.cloudflared/
cloudflared tunnel login
mv cert.pem cert.pem.bkp
mkdir -p ~/.cloudflared/tokens
cloudflared tunnel create shahed-al-${USER}
mv aa6db449-f14f-4e79-be14-44b49174d17f.json tokens/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json
rsync -avz tokens/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json pi@shahed-al.local:~/.config/
ssh -qt pi@shahed-al.local bash
# on demand update needed
cat << EXE | sudo bash
mv ~/.config/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json /home/system/chorke-com-argo/.cloudflared/aa6db449-f14f-4e79-be14-44b49174d17f.json
chown chorke-com-argo:chorke-com-argo /home/system/chorke-com-argo/.cloudflared/aa6db449-f14f-4e79-be14-44b49174d17f.json
ls -alh /home/system/chorke-com-argo/.cloudflared/
EXE
| ||
|
| ||
cat << YML | tee ${CONFIG_FILE} >/dev/null
---
tunnel: shahed-al-${USER}
credentials-file: ${AUTHNZ_FILE}
warp-routing:
enabled: true
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
| ||
|
| ||
cat <<'ENV'|tee -a ${HOME}/.bashrc >/dev/null
# cloudflare tunnel config
export CLOUDFLARED_CONFIG=${HOME}/.cloudflared/argo.yml
ENV
cat <<'ENV'|tee -a ${HOME}/.profile >/dev/null
if [ -f ${HOME}/.bashrc ]; then
. ${HOME}/.bashrc
fi
ENV
source ~/.profile
cat ~/.cloudflared/argo.yml
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel run shahed-al-${USER}
exit
| ||
|
| ||
SYSTEM_FILE=cloudflared@chorke.com.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
Group=chorke-com-argo
User=chorke-com-argo
TimeoutStartSec=0
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/chorke-com-argo/\
.cloudflared/argo.yml tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
SYSTEM_FILE=cloudflared@chorke.org.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
Group=chorke-org-argo
User=chorke-org-argo
TimeoutStartSec=0
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/chorke-org-argo/\
.cloudflared/argo.yml tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
SYSTEM_FILE=cloudflared@shahed.biz.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
Group=shahed-biz-argo
User=shahed-biz-argo
TimeoutStartSec=0
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/shahed-biz-argo/\
.cloudflared/argo.yml tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
|
| ||
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke.com.service
systemctl start cloudflared@chorke.com.service
systemctl status cloudflared@chorke.com.service
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke.org.service
systemctl start cloudflared@chorke.org.service
systemctl status cloudflared@chorke.org.service
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@shahed.biz.service
systemctl start cloudflared@shahed.biz.service
systemctl status cloudflared@shahed.biz.service
EXE
|
|
| ||
tail -n100 \
-f /var/log/cloudflared/chorke.com/argo.log
journalctl -xeu cloudflared@chorke.com.service
|
tail -n100 \
-f /var/log/cloudflared/chorke.org/argo.log
journalctl -xeu cloudflared@chorke.org.service
|
tail -n100 \
-f /var/log/cloudflared/shahed.biz/argo.log
journalctl -xeu cloudflared@shahed.biz.service
|
|
| ||
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@chorke.com.service
systemctl stop cloudflared@chorke.com.service
systemctl status cloudflared@chorke.com.service
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@chorke.org.service
systemctl stop cloudflared@chorke.org.service
systemctl status cloudflared@chorke.org.service
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@shahed.biz.service
systemctl stop cloudflared@shahed.biz.service
systemctl status cloudflared@shahed.biz.service
EXE
|
References
|
| |||
|
| |||
|
| |||