Cloudflare: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
No edit summary
Line 85: Line 85:
systemctl status cloudflared
systemctl status cloudflared
</syntaxhighlight>
</syntaxhighlight>
==Argo Tunnel==
{|
| valign="top" |
<syntaxhighlight lang="bash">
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-com.pem
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-org.pem
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed-biz.pem
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel create aa-chorke-com
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel create aa-chorke-org
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel create aa-shahed-biz
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
mv certs/ccc2684a-*.json \
./auths/chorke-com.json
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
mv certs/621edb67-*.json \
./auths/chorke-org.json
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
mv certs/249a5a7c-*.json \
./auths/shahed-biz.json
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel list --output=json|jq -r '.[].name'
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel list --output=json|jq -r '.[].name'
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel list --output=json|jq -r '.[].name'
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel route dns aa-chorke-com aa
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel route dns aa-chorke-org aa
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel route dns aa-shahed-biz aa
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| colspan="3" |
<syntaxhighlight lang="bash">
CONFIG_BASE=/etc/cloudflared
LOGGER_BASE=/var/log/cloudflared
AUTHNZ_BASE=/root/.cloudflared/auths
cat << EXE | sudo bash
mkdir -p ${CONFIG_BASE}/
mkdir -p ${LOGGER_BASE}/
mkdir -p /root/.cloudflared/{cert,auth}s/
EXE
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="yaml">
LOGGER_FILE=${LOGGER_BASE}/chorke-com.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-com.json
CONFIG_FILE=${CONFIG_BASE}/chorke-com-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-chorke-com
credentials-file: ${AUTHNZ_FILE}
ingress:
  - service: http://localhost
    hostname: aa.chorke.com
    path: /*
  - service: ssh://localhost:22
    hostname: aa.chorke.com
  - service: tcp://localhost:3306
    hostname: aa.chorke.com
  - service: tcp://localhost:5432
    hostname: aa.chorke.com
  - service: http_status:404
warp-routing:
  enabled: true
private_network:
  - 10.19.83.0/24
dns:
  - 1.1.1.1
  - 8.8.8.8
  - 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
  interval: 10s
  max_retries: 3
restart: true
YML
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="yaml">
LOGGER_FILE=${LOGGER_BASE}/chorke-org.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-org.json
CONFIG_FILE=${CONFIG_BASE}/chorke-org-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-chorke-org
credentials-file: ${AUTHNZ_FILE}
ingress:
  - service: http://localhost
    hostname: aa.chorke.org
    path: /*
  - service: ssh://localhost:22
    hostname: aa.chorke.org
  - service: tcp://localhost:3306
    hostname: aa.chorke.org
  - service: tcp://localhost:5432
    hostname: aa.chorke.org
  - service: http_status:404
warp-routing:
  enabled: true
private_network:
  - 10.19.83.0/24
dns:
  - 1.1.1.1
  - 8.8.8.8
  - 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
  interval: 10s
  max_retries: 3
restart: true
YML
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="yaml">
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed-biz.json
CONFIG_FILE=${CONFIG_BASE}/shahed-biz-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-shahed-biz
credentials-file: ${AUTHNZ_FILE}
ingress:
  - service: http://localhost
    hostname: aa.shahed.biz
    path: /*
  - service: ssh://localhost:22
    hostname: aa.shahed.biz
  - service: tcp://localhost:3306
    hostname: aa.shahed.biz
  - service: tcp://localhost:5432
    hostname: aa.shahed.biz
  - service: http_status:404
warp-routing:
  enabled: true
private_network:
  - 10.19.83.0/24
dns:
  - 1.1.1.1
  - 8.8.8.8
  - 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
  interval: 10s
  max_retries: 3
restart: true
YML
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke-com-config.yml \
run aa-chorke-com
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke-org-config.yml \
run aa-chorke-org
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
sudo cloudflared tunnel \
--config /etc/cloudflared/shahed-biz-config.yml \
run aa-shahed-biz
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="ini">
SYSTEM_FILE=cloudflared@chorke-com.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke-com-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="ini">
SYSTEM_FILE=cloudflared@chorke-org.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke-org-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="ini">
SYSTEM_FILE=cloudflared@shahed-biz.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/shahed-biz-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke-com.service
systemctl start  cloudflared@chorke-com.service
systemctl status cloudflared@chorke-com.service
EXE
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke-org.service
systemctl start  cloudflared@chorke-org.service
systemctl status cloudflared@chorke-org.service
EXE
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@shahed-biz.service
systemctl start  cloudflared@shahed-biz.service
systemctl status cloudflared@shahed-biz.service
EXE
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
tail -n100 \
-f /var/log/cloudflared/chorke-com.log
journalctl -xeu cloudflared@chorke-com.service
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
tail -n100 \
-f /var/log/cloudflared/chorke-org.log
journalctl -xeu cloudflared@chorke-org.service
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
tail -n100 \
-f /var/log/cloudflared/shahed-biz.log
journalctl -xeu cloudflared@shahed-biz.service
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
| valign="top" |
| valign="top" |
|}


==Playground==
==Playground==
Line 652: Line 201:
* [https://developers.cloudflare.com/email-routing/ Cloudflare » Email Routing]
* [https://developers.cloudflare.com/email-routing/ Cloudflare » Email Routing]
* [https://developers.cloudflare.com/support/account-management-billing/billing-cloudflare-plans/ Cloudflare » Billing Plans]
* [https://developers.cloudflare.com/support/account-management-billing/billing-cloudflare-plans/ Cloudflare » Billing Plans]
* [https://www.cloudflare.com/learning/access-management/what-is-ssh/ Cloudflare » SSH]
* [[Cloudflare/Argo Tunnel|Cloudflare » Argo Tunnel]]
* [https://www.cloudflare.com/ Cloudflare]
* [https://www.cloudflare.com/ Cloudflare]


Line 677: Line 226:
* [https://developers.cloudflare.com/rules/url-forwarding/ Cloudflare » Rules » Redirects]
* [https://developers.cloudflare.com/rules/url-forwarding/ Cloudflare » Rules » Redirects]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel]
* [https://www.cloudflare.com/learning/access-management/what-is-ssh/ Cloudflare » SSH]


|-
|-

Revision as of 14:59, 9 December 2024

WARP Client

The Cloudflare WARP Client allows individuals or organizations to have a faster, more secure and private experience online. 

cat << EXE | sudo bash
apt-get purge -y cloudflare-warp
apt-get autoremove -y
EXE

WARP Client » Ubuntu

curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
 | sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null

DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}");\
cat << SRC | sudo tee /etc/apt/sources.list.d/cloudflare.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/cloudflare.asc]\
 https://pkg.cloudflareclient.com/ ${DISTRIBUTION} main
SRC

cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y cloudflare-warp
sysctl -w net.ipv4.ip_forward=1
EXE

systemctl status warp-svc.service 
warp-cli registration delete

warp-cli connector new eyJhIjoiNW…
warp-cli connect

WARP Client » NAT Route

vim /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

sudo sysctl -p
net.ipv4.ip_forward = 1

ip route | grep default
default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 20600

Cloudflared

cloudflared is a lightweight daemon that runs in your infrastructure and lets you securely expose internal resources to the Cloudflare edge. 

cat << EXE | sudo bash
apt-get purge -y cloudflared
apt-get autoremove -y
EXE

Cloudflared » Ubuntu » AMD

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
          rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb

Cloudflared » Ubuntu » ARM

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
          rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb

Cloudflared » Service

cloudflared --help
cloudflared version
apt info cloudflared

sudo cloudflared service install eyJhIjoiNW…
systemctl status cloudflared

Playground

lxc image list images:ubuntu/noble/desktop
lxc launch --vm images:ffa5fc9dfb84 cloudflare
lxc launch --vm images:ubuntu/noble/desktop cloudflare

lxc list status=running name=cloudflare --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=cloudflare --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc info cloudflare|yq '.Resources.["Network usage"][]["IP addresses"].inet'

ls -lah /usr/local/etc/cloudflared/
          ls -lah /etc/cloudflared/
            ls -lah ~/.cloudflared/

lxc snapshot cloudflare warp:24.04
lxc publish  cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc rm cloudflare -f

cat /usr/local/etc/cloudflared/config.yml
ls -lah ~/.cloudflare-warp
ls -lah  ~/cloudflare-warp

sudo cloudflared service uninstall
systemctl  status cloudflared
journalctl -xeu   cloudflared

tail -n100 -f /var/log/cloudflared.log 
sudo systemctl daemon-reload
ps aux|grep cloudflared

sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-com.pem

sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-org.pem

sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed-biz.pem

ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep minikube
ls -alh /etc/systemd/system|grep minio

References

Retrieved from "https://wiki.chorke.org/index.php?title=Cloudflare&oldid=13592"