Cloudflare/Argo Tunnel: Difference between revisions
Jump to navigation
Jump to search
| Line 731: | Line 731: | ||
ls -lah /etc/cloudflared/ | ls -lah /etc/cloudflared/ | ||
</syntaxhighlight> | </syntaxhighlight> | ||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
cloudflared access \ | |||
ssh-config --hostname aa.chorke.com | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
ssh-keygen -t ed25519 -C "argo@chorke.org" \ | |||
-f ~/.ssh/argo.chorke.org_ed25519 | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
</syntaxhighlight> | |||
|} | |} | ||
Revision as of 05:45, 25 December 2024
Argo Tunnel
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke.com.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke.org.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed.biz.pem
|
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel create aa-chorke-com-argo
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel create aa-chorke-org-argo
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel create aa-shahed-biz-argo
|
|
| ||
mv certs/ccc2684a-*.json \
./auths/chorke.com.json
|
mv certs/621edb67-*.json \
./auths/chorke.org.json
|
mv certs/249a5a7c-*.json \
./auths/shahed.biz.json
|
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel list --output=json|jq -r '.[].name'
|
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel route dns aa-chorke-com-argo aa
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel route dns aa-chorke-org-argo aa
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel route dns aa-shahed-biz-argo aa
|
|
| ||
CONFIG_BASE=/etc/cloudflared
LOGGER_BASE=/var/log/cloudflared
AUTHNZ_BASE=/root/.cloudflared/auths
cat << EXE | sudo bash
mkdir -p ${CONFIG_BASE}/
mkdir -p ${LOGGER_BASE}/
mkdir -p /root/.cloudflared/{cert,auth}s/
EXE
| ||
|
| ||
LOGGER_FILE=${LOGGER_BASE}/chorke.com.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.com.json
CONFIG_FILE=${CONFIG_BASE}/chorke.com-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: aa-chorke-com-argo
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.chorke.com
path: /*
- service: ssh://localhost:22
hostname: aa.chorke.com
- service: tcp://localhost:3306
hostname: aa.chorke.com
- service: tcp://localhost:5432
hostname: aa.chorke.com
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/chorke.org.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.org.json
CONFIG_FILE=${CONFIG_BASE}/chorke.org-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: aa-chorke-org-argo
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.chorke.org
path: /*
- service: ssh://localhost:22
hostname: aa.chorke.org
- service: tcp://localhost:3306
hostname: aa.chorke.org
- service: tcp://localhost:5432
hostname: aa.chorke.org
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed.biz.json
CONFIG_FILE=${CONFIG_BASE}/shahed.biz-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: aa-shahed-biz-argo
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.shahed.biz
path: /*
- service: ssh://localhost:22
hostname: aa.shahed.biz
- service: tcp://localhost:3306
hostname: aa.shahed.biz
- service: tcp://localhost:5432
hostname: aa.shahed.biz
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
|
| ||
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke.com-config.yml \
run aa-chorke-com-argo
|
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke.org-config.yml \
run aa-chorke-org-argo
|
sudo cloudflared tunnel \
--config /etc/cloudflared/shahed.biz-config.yml \
run aa-shahed-biz-argo
|
|
| ||
SYSTEM_FILE=cloudflared@chorke.com.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke.com-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
SYSTEM_FILE=cloudflared@chorke.org.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke.org-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
SYSTEM_FILE=cloudflared@shahed.biz.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/shahed.biz-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
|
| ||
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke.com.service
systemctl start cloudflared@chorke.com.service
systemctl status cloudflared@chorke.com.service
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke.org.service
systemctl start cloudflared@chorke.org.service
systemctl status cloudflared@chorke.org.service
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@shahed.biz.service
systemctl start cloudflared@shahed.biz.service
systemctl status cloudflared@shahed.biz.service
EXE
|
|
| ||
tail -n100 \
-f /var/log/cloudflared/chorke.com.log
journalctl -xeu cloudflared@chorke.com.service
|
tail -n100 \
-f /var/log/cloudflared/chorke.org.log
journalctl -xeu cloudflared@chorke.org.service
|
tail -n100 \
-f /var/log/cloudflared/shahed-biz.log
journalctl -xeu cloudflared@shahed.biz.service
|
|
| ||
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@chorke.com.service
systemctl stop cloudflared@chorke.com.service
systemctl status cloudflared@chorke.com.service
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@chorke.org.service
systemctl stop cloudflared@chorke.org.service
systemctl status cloudflared@chorke.org.service
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@shahed.biz.service
systemctl stop cloudflared@shahed.biz.service
systemctl status cloudflared@shahed.biz.service
EXE
|
WARP Routing
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel create ab-chorke-com-argo
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel create ab-chorke-org-argo
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel create ab-shahed-biz-argo
|
|
| ||
mv certs/56f034e2-*.json \
./auths/chorke.com.json
|
mv certs/472fe18e-*.json \
./auths/chorke.org.json
|
mv certs/030320f3-*.json \
./auths/shahed.biz.json
|
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel list --output=json|jq -r '.[].name'
|
|
| ||
CONFIG_BASE=/etc/cloudflared
LOGGER_BASE=/var/log/cloudflared
AUTHNZ_BASE=/root/.cloudflared/auths
cat << EXE | sudo bash
mkdir -p ${CONFIG_BASE}/
mkdir -p ${LOGGER_BASE}/
mkdir -p /root/.cloudflared/{cert,auth}s/
EXE
| ||
|
| ||
LOGGER_FILE=${LOGGER_BASE}/chorke.com.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.com.json
CONFIG_FILE=${CONFIG_BASE}/chorke.com-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: ab-chorke-com-argo
credentials-file: ${AUTHNZ_FILE}
warp-routing:
enabled: true
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/chorke.org.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.org.json
CONFIG_FILE=${CONFIG_BASE}/chorke.org-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: ab-chorke-org-argo
credentials-file: ${AUTHNZ_FILE}
warp-routing:
enabled: true
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed.biz.json
CONFIG_FILE=${CONFIG_BASE}/shahed.biz-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: ab-shahed-biz-argo
credentials-file: ${AUTHNZ_FILE}
warp-routing:
enabled: true
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
|
| ||
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke.com-config.yml \
run ab-chorke-com-argo
|
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke.org-config.yml \
run ab-chorke-org-argo
|
sudo cloudflared tunnel \
--config /etc/cloudflared/shahed.biz-config.yml \
run ab-shahed-biz-argo
|
|
| ||
Playground
cat /usr/local/etc/cloudflared/config.yml
ls -lah ~/.cloudflare-warp
ls -lah ~/cloudflare-warp
|
sudo cloudflared service uninstall
systemctl status cloudflared
journalctl -xeu cloudflared
|
tail -n100 -f /var/log/cloudflared.log
sudo systemctl daemon-reload
ps aux|grep cloudflared
|
|
| ||
ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep minikube
ls -alh /etc/systemd/system|grep minio
|
ls -lah /usr/local/etc/cloudflared/
ls -lah /etc/cloudflared/
ls -lah ~/.cloudflared/
|
sudo ln -s /etc/cloudflared/chorke.com-config.yml \
/etc/cloudflared/config.yml
ls -lah /etc/cloudflared/
|
|
| ||
cloudflared access \
ssh-config --hostname aa.chorke.com
|
ssh-keygen -t ed25519 -C "argo@chorke.org" \
-f ~/.ssh/argo.chorke.org_ed25519
|
|
References
|
| ||
|
| ||