Cloudflare: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
 
(21 intermediate revisions by the same user not shown)
Line 1: Line 1:
==WARP Client==
{|class='wikitable'
The Cloudflare WARP Client allows individuals or organizations to have a faster, more secure and private experience online.
|valign='top' style='width:50%'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
cat << EXE | sudo bash
cat << EXE | sudo bash
apt-get purge -y cloudflare-warp
apt-get purge -y cloudflare-warp
Line 7: Line 7:
EXE
EXE
</syntaxhighlight>
</syntaxhighlight>
|valign='top' style='width:50%'|
The '''Cloudflare WARP Client''' allows individuals or organizations to have a faster, more secure and private experience online.
|}


===WARP Client » Ubuntu===
==WARP Client » Ubuntu==
----
{|class='wikitable mw-collapsible'
<syntaxhighlight lang="bash">
!scope='col' style='text-align:left' colspan='2'|
WARP Client » Ubuntu
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
  | sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null
  | sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null
Line 35: Line 42:
</syntaxhighlight>
</syntaxhighlight>


===WARP Client » NAT Route===
|valign='top' style='width:50%'|
----
|}
 
==WARP Client » NAT Route==
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left' colspan='2'|
WARP Client » NAT Route
|-
|valign='top' style='width:50%'|
  vim /etc/sysctl.conf
  vim /etc/sysctl.conf
<syntaxhighlight lang="ini" line start="27" highlight="2">
<syntaxhighlight lang="ini" line start="27" highlight="2">
# Uncomment the next line to enable packet forwarding for IPv4
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
net.ipv4.ip_forward=1
</syntaxhighlight>
</syntaxhighlight>
----
 
  sudo sysctl -p
  sudo sysctl -p
  '''net.ipv4.ip_forward = 1'''
  '''net.ipv4.ip_forward = 1'''
Line 48: Line 63:
  ip route | grep default
  ip route | grep default
  default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 20600
  default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 20600
|valign='top' style='width:50%'|
|}


==Cloudflared==
==Cloudflared==
cloudflared is a lightweight daemon that runs in your infrastructure and lets you securely expose internal resources to the Cloudflare edge.
{|class='wikitable mw-collapsible'
 
!scope='col' style='text-align:left' colspan='2'|
<syntaxhighlight lang="bash">
Cloudflared
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
cat << EXE | sudo bash
cat << EXE | sudo bash
apt-get purge -y cloudflared
apt-get purge -y cloudflared
Line 59: Line 80:
</syntaxhighlight>
</syntaxhighlight>


===Cloudflared » Ubuntu » AMD===
|valign='top' style='width:50%'|
----
'''Cloudflared''' is a lightweight daemon that runs in your infrastructure and lets you securely expose internal resources to the Cloudflare edge.
<syntaxhighlight lang="bash">
|}
 
==Cloudflared » Ubuntu » AMD==
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left'|
Cloudflared » Ubuntu » AMD
|-
|valign='top'|
<syntaxhighlight lang='bash'>
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
          rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb
      rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb
</syntaxhighlight>
</syntaxhighlight>
|}


===Cloudflared » Ubuntu » ARM===
==Cloudflared » Ubuntu » ARM==
----
{|class='wikitable mw-collapsible'
<syntaxhighlight lang="bash">
!scope='col' style='text-align:left'|
Cloudflared » Ubuntu » ARM
|-
|valign='top'|
<syntaxhighlight lang='bash'>
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
          rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb
      rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb
</syntaxhighlight>
|-
|valign='top'|
<syntaxhighlight lang='bash'>
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-armhf.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-armhf.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-armhf.deb
</syntaxhighlight>
</syntaxhighlight>
|}


===Cloudflared » Service===
==Cloudflared » Service==
----
{|class='wikitable mw-collapsible'
<syntaxhighlight lang="bash">
!scope='col' style='text-align:left' colspan='2'|
Cloudflared » Service
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
cloudflared --help
cloudflared --help
cloudflared version
cloudflared version
Line 85: Line 131:
systemctl status cloudflared
systemctl status cloudflared
</syntaxhighlight>
</syntaxhighlight>
==Argo Tunnel==
{|
| valign="top" |
<syntaxhighlight lang="bash">
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-com.pem
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-org.pem
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed-biz.pem
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel create aa-chorke-com
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel create aa-chorke-org
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel create aa-shahed-biz
</syntaxhighlight>
|-
| colspan="3" |
----
----
|-
<syntaxhighlight lang='bash'>
| valign="top" |
echo 'id  -g'|sudo -i -u ${USER} bash
<syntaxhighlight lang="bash">
echo 'id -ng'|sudo -i -u ${USER} bash
mv certs/ccc2684a-*.json \
./auths/chorke-com.json
</syntaxhighlight>


| valign="top" |
echo '0 10000'|sudo \
<syntaxhighlight lang="bash">
tee /proc/sys/net/ipv4/ping_group_range
mv certs/621edb67-*.json \
sysctl        net.ipv4.ping_group_range
./auths/chorke-org.json
cat /proc/sys/net/ipv4/ping_group_range
</syntaxhighlight>


| valign="top" |
sysctl net.ipv4.ping_group_range  # 1    0
<syntaxhighlight lang="bash">
sysctl net.ipv4.ip_forward        # 1
mv certs/249a5a7c-*.json \
sysctl net.core.wmem_max          # 212992
./auths/shahed-biz.json
sysctl net.core.rmem_max          # 212992
cat /etc/sysctl.conf
sudo sysctl -p
</syntaxhighlight>
</syntaxhighlight>


|-
|valign='top' style='width:50%'|
| colspan="3" |
|}
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel list --output=json|jq -r '.[].name'
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel list --output=json|jq -r '.[].name'
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel list --output=json|jq -r '.[].name'
</syntaxhighlight>
 
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel route dns aa-chorke-com aa
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel route dns aa-chorke-org aa
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel route dns aa-shahed-biz aa
</syntaxhighlight>


==Cloudflared » System==
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left' colspan='2'|
Cloudflared » System
|-
|-
| colspan="3" |
|valign='top' style='width:50%'|
----
<syntaxhighlight lang="properties">
|-
cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null
| colspan="3" |
<syntaxhighlight lang="bash">
CONFIG_BASE=/etc/cloudflared
LOGGER_BASE=/var/log/cloudflared
AUTHNZ_BASE=/root/.cloudflared/auths


cat << EXE | sudo bash
###################################################################
mkdir -p ${CONFIG_BASE}/
# Cloudflared Tunnel Private Network Config
mkdir -p ${LOGGER_BASE}/
# This config added by Chorke Academia, Inc
mkdir -p /root/.cloudflared/{cert,auth}s/
# ICMP Group ID Range 0 to 10,000 Users
EXE
net.ipv4.ping_group_range = 0 10000
</syntaxhighlight>


|-
# 208 KiB Default RX Buffer
| colspan="3" |
net.core.rmem_default=212992
----
|-
| valign="top" |
<syntaxhighlight lang="yaml">
LOGGER_FILE=${LOGGER_BASE}/chorke-com.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-com.json
CONFIG_FILE=${CONFIG_BASE}/chorke-com-config.yml
 
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-chorke-com
credentials-file: ${AUTHNZ_FILE}


ingress:
# 208 KiB Default TX Buffer
  - service: http://localhost
net.core.wmem_default=212992
    hostname: aa.chorke.com
    path: /*
  - service: ssh://localhost:22
    hostname: aa.chorke.com
  - service: tcp://localhost:3306
    hostname: aa.chorke.com
  - service: tcp://localhost:5432
    hostname: aa.chorke.com
  - service: http_status:404


warp-routing:
# 8 MB Maximum RX Buffer
  enabled: true
net.core.rmem_max=8388608


private_network:
# 8 MB Maximum TX Buffer
  - 10.19.83.0/24
net.core.wmem_max=8388608


dns:
SYS
  - 1.1.1.1
  - 8.8.8.8
  - 10.19.83.100


loglevel: info
sudo sysctl -p
logfile: ${LOGGER_FILE}
 
heartbeat:
  interval: 10s
  max_retries: 3
 
restart: true
YML
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:50%'|
<syntaxhighlight lang="yaml">
LOGGER_FILE=${LOGGER_BASE}/chorke-org.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-org.json
CONFIG_FILE=${CONFIG_BASE}/chorke-org-config.yml
 
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-chorke-org
credentials-file: ${AUTHNZ_FILE}
 
ingress:
  - service: http://localhost
    hostname: aa.chorke.org
    path: /*
  - service: ssh://localhost:22
    hostname: aa.chorke.org
  - service: tcp://localhost:3306
    hostname: aa.chorke.org
  - service: tcp://localhost:5432
    hostname: aa.chorke.org
  - service: http_status:404
 
warp-routing:
  enabled: true
 
private_network:
  - 10.19.83.0/24
 
dns:
  - 1.1.1.1
  - 8.8.8.8
  - 10.19.83.100
 
loglevel: info
logfile: ${LOGGER_FILE}
 
heartbeat:
  interval: 10s
  max_retries: 3
 
restart: true
YML
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="yaml">
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed-biz.json
CONFIG_FILE=${CONFIG_BASE}/shahed-biz-config.yml
 
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-shahed-biz
credentials-file: ${AUTHNZ_FILE}
 
ingress:
  - service: http://localhost
    hostname: aa.shahed.biz
    path: /*
  - service: ssh://localhost:22
    hostname: aa.shahed.biz
  - service: tcp://localhost:3306
    hostname: aa.shahed.biz
  - service: tcp://localhost:5432
    hostname: aa.shahed.biz
  - service: http_status:404
 
warp-routing:
  enabled: true
 
private_network:
  - 10.19.83.0/24
 
dns:
  - 1.1.1.1
  - 8.8.8.8
  - 10.19.83.100
 
loglevel: info
logfile: ${LOGGER_FILE}
 
heartbeat:
  interval: 10s
  max_retries: 3
 
restart: true
YML
</syntaxhighlight>
 
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke-com-config.yml \
run aa-chorke-com
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke-org-config.yml \
run aa-chorke-org
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
sudo cloudflared tunnel \
--config /etc/cloudflared/shahed-biz-config.yml \
run aa-shahed-biz
</syntaxhighlight>
 
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="ini">
SYSTEM_FILE=cloudflared@chorke-com.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
 
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
 
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke-com-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
 
[Install]
WantedBy=multi-user.target
INI
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="ini">
SYSTEM_FILE=cloudflared@chorke-org.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
 
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
 
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke-org-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
 
[Install]
WantedBy=multi-user.target
INI
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="ini">
SYSTEM_FILE=cloudflared@shahed-biz.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
 
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
 
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/shahed-biz-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
 
[Install]
WantedBy=multi-user.target
INI
</syntaxhighlight>
 
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke-com.service
systemctl start  cloudflared@chorke-com.service
systemctl status cloudflared@chorke-com.service
EXE
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke-org.service
systemctl start  cloudflared@chorke-org.service
systemctl status cloudflared@chorke-org.service
EXE
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@shahed-biz.service
systemctl start  cloudflared@shahed-biz.service
systemctl status cloudflared@shahed-biz.service
EXE
</syntaxhighlight>
 
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
tail -n100 \
-f /var/log/cloudflared/chorke-com.log
journalctl -xeu cloudflared@chorke-com.service
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
tail -n100 \
-f /var/log/cloudflared/chorke-org.log
journalctl -xeu cloudflared@chorke-org.service
</syntaxhighlight>
 
| valign="top" |
<syntaxhighlight lang="bash">
tail -n100 \
-f /var/log/cloudflared/shahed-biz.log
journalctl -xeu cloudflared@shahed-biz.service
</syntaxhighlight>
 
|-
| colspan="3" |
----
|-
| valign="top" |
 
| valign="top" |
 
| valign="top" |
 
|}
|}


==Playground==
==Playground==
{|
{|class='wikitable mw-collapsible mw-collapsed'
| valign="top" |
!scope='col' style='text-align:left' colspan='3'|
<syntaxhighlight lang="bash">
Playground
|-
|valign='top'|
<syntaxhighlight lang='bash'>
lxc image list images:ubuntu/noble/desktop
lxc image list images:ubuntu/noble/desktop
lxc launch --vm images:ffa5fc9dfb84 cloudflare
lxc launch --vm images:ffa5fc9dfb84 cloudflare
Line 546: Line 199:
</syntaxhighlight>
</syntaxhighlight>


| colspan="2" |
|valign='top' colspan='2'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
lxc list status=running name=cloudflare --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=cloudflare --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=cloudflare --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc list status=running name=cloudflare --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc info cloudflare|yq '.Resources.["Network usage"][]["IP addresses"].inet'
lxc info cloudflare|yq '.Resources.["Network usage"][]["IP addresses"].inet'
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| colspan="3" |
|valign='top'|
----
<syntaxhighlight lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
ls -lah /usr/local/etc/cloudflared/
ls -lah /usr/local/etc/cloudflared/
           ls -lah /etc/cloudflared/
           ls -lah /etc/cloudflared/
Line 564: Line 213:
</syntaxhighlight>
</syntaxhighlight>


| colspan="2" |
|valign='top' colspan='2'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
lxc snapshot cloudflare warp:24.04
lxc snapshot cloudflare warp:24.04
lxc publish  cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc publish  cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc rm cloudflare -f
lxc restore  cloudflare warp:24.04
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| colspan="3" |
|valign='top' style='width:33%'|
----
<syntaxhighlight lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
cat /usr/local/etc/cloudflared/config.yml
cat /usr/local/etc/cloudflared/config.yml
ls -lah ~/.cloudflare-warp
ls -lah ~/.cloudflare-warp
Line 582: Line 227:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:34%'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
sudo cloudflared service uninstall
sudo cloudflared service uninstall
systemctl  status cloudflared
systemctl  status cloudflared
Line 589: Line 234:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:33%'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
tail -n100 -f /var/log/cloudflared.log  
tail -n100 -f /var/log/cloudflared.log  
sudo systemctl daemon-reload
sudo systemctl daemon-reload
ps aux|grep cloudflared
ps aux|grep cloudflared
</syntaxhighlight>
</syntaxhighlight>
|-
| colspan="3" |
----
|-
|-
| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
sudo su
sudo su
cd /root/.cloudflared/
cd /root/.cloudflared/
Line 608: Line 249:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
sudo su
sudo su
cd /root/.cloudflared/
cd /root/.cloudflared/
Line 616: Line 257:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
sudo su
sudo su
cd /root/.cloudflared/
cd /root/.cloudflared/
Line 623: Line 264:
mv cert.pem ./certs/shahed-biz.pem  
mv cert.pem ./certs/shahed-biz.pem  
</syntaxhighlight>
</syntaxhighlight>
|-
| colspan="3" |
----
|-
|-
| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight lang='bash'>
ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep minikube
ls -alh /etc/systemd/system|grep minio
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
 
| valign="top" |


|valign='top'|
|}
|}


== References==
==References==
{|
{|class='wikitable mw-collapsible'
|valign="top"|
!scope='col' style='text-align:left' colspan='3'|
References
|-
|valign='top' style='width:33%'|
* [https://developers.cloudflare.com/dns/dnssec/multi-signer-dnssec/setup/ Cloudflare » DNS » DNSSEC » Multi-signer Setup]
* [https://developers.cloudflare.com/dns/dnssec/multi-signer-dnssec/setup/ Cloudflare » DNS » DNSSEC » Multi-signer Setup]
* [https://developers.cloudflare.com/dns/dnssec/dnssec-states/ Cloudflare » DNS » DNSSEC » States]
* [https://developers.cloudflare.com/dns/dnssec/dnssec-states/ Cloudflare » DNS » DNSSEC » States]
Line 653: Line 294:
* [https://www.cloudflare.com/ Cloudflare]
* [https://www.cloudflare.com/ Cloudflare]


|valign="top"|
|valign='top' style='width:34%'|
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/ Cloudflare » Zero Trust » Devices » Agentless]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/ Cloudflare » Zero Trust » Devices » Agentless]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/ Cloudflare » Zero Trust » Devices » WARP]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/ Cloudflare » Zero Trust » Devices » WARP]
Line 665: Line 306:
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ Cloudflare » Zero Trust » SSH]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ Cloudflare » Zero Trust » SSH]


|valign="top"|
|valign='top' style='width:33%'|
* [https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/ssl-only-origin-pull/ Cloudflare » SSL » Modes » Strict (SSL-Only)]
* [https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/ssl-only-origin-pull/ Cloudflare » SSL » Modes » Strict (SSL-Only)]
* [https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/full-strict/ Cloudflare » SSL » Modes » Full (strict)]
* [https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/full-strict/ Cloudflare » SSL » Modes » Full (strict)]
Line 675: Line 316:
* [https://developers.cloudflare.com/rules/url-forwarding/ Cloudflare » Rules » Redirects]
* [https://developers.cloudflare.com/rules/url-forwarding/ Cloudflare » Rules » Redirects]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel]
|-
|valign='top'|
* [https://dash.cloudflare.com/profile/api-tokens Cloudflare » Profile » API Tokens]
* [[Cloudflare/WARP Connector|Cloudflare » WARP Connector]]
* [https://chorke.cloudflareaccess.com Cloudflare » Access » Chorke]
* [[Cloudflare/Argo Tunnel|Cloudflare » Argo Tunnel]]
* [[Cloudflare/WARP Host|Cloudflare » WARP Host]]


|valign='top'|
* [https://tailscale.com/ Cloudflare » Alt » Tailscale]
* [https://www.zerotier.com/ Cloudflare » Alt » ZeroTier]
|valign='top'|
|-
|-
|colspan="3"|
|valign='top'|
----
|-
|valign="top"|
* [[Linux Containers]]
* [[Linux Containers]]
* [[PostgreSQL]]
* [[PostgreSQL]]
Line 692: Line 342:
* [[Port]]
* [[Port]]


|valign="top"|
|valign='top'|
* [[Cloud Computing Cost]]
* [[Cloud Computing Cost]]
* [https://www.cloudflare.com/products/tunnel/ Tunnel » Cloudflare]
* [https://www.cloudflare.com/products/tunnel/ Tunnel » Cloudflare]
Line 704: Line 354:
* [[K8s]]
* [[K8s]]


|valign="top"|
|valign='top'|
* [https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs Journalctl » View & Manipulate Systemd Logs]
* [https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs Journalctl » View & Manipulate Systemd Logs]
* [https://serverfault.com/questions/901364/ CIDR » Restrict access to single IP]
* [https://serverfault.com/questions/901364/ CIDR » Restrict access to single IP]
* [[SSH/Public Key Authentication|SSH » Public Key Authentication]]
* [https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes Sysctl » UDP Buffer Sizes]
* [[SSH Port Forwarding|SSH » Port Forwarding]]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/32]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/32]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/24]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/24]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/32]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/32]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/24]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/24]
* [[Linux User Creation]]


|}
|}

Latest revision as of 23:41, 23 January 2026

cat << EXE | sudo bash
apt-get purge -y cloudflare-warp
apt-get autoremove -y
EXE

The Cloudflare WARP Client allows individuals or organizations to have a faster, more secure and private experience online.

WARP Client » Ubuntu

WARP Client » Ubuntu 

curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
 | sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null

DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}");\
cat << SRC | sudo tee /etc/apt/sources.list.d/cloudflare.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/cloudflare.asc]\
 https://pkg.cloudflareclient.com/ ${DISTRIBUTION} main
SRC

cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y cloudflare-warp
sysctl -w net.ipv4.ip_forward=1
EXE

systemctl status warp-svc.service 
warp-cli registration delete

warp-cli connector new eyJhIjoiNW…
warp-cli connect

WARP Client » NAT Route

WARP Client » NAT Route 

vim /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

sudo sysctl -p
net.ipv4.ip_forward = 1

ip route | grep default
default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 20600

Cloudflared

Cloudflared 

cat << EXE | sudo bash
apt-get purge -y cloudflared
apt-get autoremove -y
EXE

Cloudflared is a lightweight daemon that runs in your infrastructure and lets you securely expose internal resources to the Cloudflare edge.

Cloudflared » Ubuntu » AMD

Cloudflared » Ubuntu » AMD 

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb

Cloudflared » Ubuntu » ARM

Cloudflared » Ubuntu » ARM 

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-armhf.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-armhf.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-armhf.deb

Cloudflared » Service

Cloudflared » Service 

cloudflared --help
cloudflared version
apt info cloudflared

sudo cloudflared service install eyJhIjoiNW…
systemctl status cloudflared

echo 'id  -g'|sudo -i -u ${USER} bash
echo 'id -ng'|sudo -i -u ${USER} bash

echo '0 10000'|sudo \
tee /proc/sys/net/ipv4/ping_group_range
sysctl        net.ipv4.ping_group_range
cat /proc/sys/net/ipv4/ping_group_range

sysctl net.ipv4.ping_group_range  # 1     0
sysctl net.ipv4.ip_forward        # 1
sysctl net.core.wmem_max          # 212992
sysctl net.core.rmem_max          # 212992
cat /etc/sysctl.conf
sudo sysctl -p

Cloudflared » System

Cloudflared » System 

cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null

###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000

# 208 KiB Default RX Buffer
net.core.rmem_default=212992

# 208 KiB Default TX Buffer
net.core.wmem_default=212992

# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608

# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608

SYS

sudo sysctl -p

Playground

Playground 

lxc image list images:ubuntu/noble/desktop
lxc launch --vm images:ffa5fc9dfb84 cloudflare
lxc launch --vm images:ubuntu/noble/desktop cloudflare

lxc list status=running name=cloudflare --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=cloudflare --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc info cloudflare|yq '.Resources.["Network usage"][]["IP addresses"].inet'

ls -lah /usr/local/etc/cloudflared/
          ls -lah /etc/cloudflared/
            ls -lah ~/.cloudflared/

lxc snapshot cloudflare warp:24.04
lxc publish  cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc restore  cloudflare warp:24.04

cat /usr/local/etc/cloudflared/config.yml
ls -lah ~/.cloudflare-warp
ls -lah  ~/cloudflare-warp

sudo cloudflared service uninstall
systemctl  status cloudflared
journalctl -xeu   cloudflared

tail -n100 -f /var/log/cloudflared.log 
sudo systemctl daemon-reload
ps aux|grep cloudflared

sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-com.pem

sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-org.pem

sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed-biz.pem

ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep minikube
ls -alh /etc/systemd/system|grep minio

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Cloudflare&oldid=16386"