Cloudflare/Argo Tunnel

Argo Tunnel

cat << EXE \| sudo bash mkdir -p /home/system/ SYS_USERS='chorke-com-argo chorke-org-argo shahed-biz-argo' for SYS_USER in \${SYS_USERS};do SYS_GROUP="\${SYS_USER}" if ! id -g \${SYS_USER} &>/dev/null;then addgroup --quiet --system \${SYS_GROUP};fi if ! id -u \${SYS_USER} &>/dev/null;then adduser --quiet --system --ingroup \${SYS_GROUP} --home /home/system/\${SYS_USER} --shell /bin/bash --disabled-password \${SYS_USER} chage -m 99999 -M 99999 -E -1 -I -1 \${SYS_USER} mkdir /home/system/\${SYS_USER}/.ssh touch /home/system/\${SYS_USER}/.ssh/config touch /home/system/\${SYS_USER}/.ssh/authorized_keys chown -R \${SYS_USER}:\${SYS_GROUP} /home/system/\${SYS_USER}/ chmod 600 /home/system/\${SYS_USER}/.ssh/authorized_keys chmod 600 /home/system/\${SYS_USER}/.ssh/config chmod 700 /home/system/\${SYS_USER}/.ssh fi done echo && ls -alh /home/system//.ssh/ echo && cat /etc/passwd\|awk -F : '\$3 >= 120 && \$3 < 900 {printf("%-6s » %s\n", \$3, \$1)}'\|sort -h echo && cat /etc/group \|awk -F : '\$3 >= 120 && \$3 < 900 {printf("%-6s » %s\n", \$3, \$1)}'\|sort -h && echo EXE

cat << EXE \| sudo bash mkdir -p /var/log/cloudflared/chorke.com chown chorke-com-argo:chorke-com-argo \ -R /var/log/cloudflared/chorke.com EXE	cat << EXE \| sudo bash mkdir -p /var/log/cloudflared/chorke.org chown chorke-org-argo:chorke-org-argo \ -R /var/log/cloudflared/chorke.org EXE	cat << EXE \| sudo bash mkdir -p /var/log/cloudflared/shahed.biz chown shahed-biz-argo:shahed-biz-argo \ -R /var/log/cloudflared/shahed.biz EXE

sudo -i -u chorke-com-argo LOGGER_BASE=/var/log/cloudflared/chorke.com	sudo -i -u chorke-org-argo LOGGER_BASE=/var/log/cloudflared/chorke.org	sudo -i -u shahed-biz-argo LOGGER_BASE=/var/log/cloudflared/shahed.biz

CONFIG_BASE=${HOME}/.cloudflared AUTHNZ_BASE=${HOME}/.cloudflared CONFIG_FILE=${CONFIG_BASE}/argo.yml LOGGER_FILE=${LOGGER_BASE}/argo.log AUTHNZ_FILE=${AUTHNZ_BASE}/argo.json

cloudflared tunnel login cd ~/.cloudflared/

cloudflared \ tunnel create aa-chorke-com-argo	cloudflared \ tunnel create aa-chorke-org-argo	cloudflared \ tunnel create aa-shahed-biz-argo

cloudflared \ tunnel list --output=json\|jq -r '.[].name'

ln -s ${CONFIG_BASE}/\ 3d1105e6-e8f4-403e-9b2d-3367947e0a9e.json \ ${AUTHNZ_FILE}	ln -s ${CONFIG_BASE}/\ 621edb67-2a90-46f1-b53d-9154453753e5.json \ ${AUTHNZ_FILE}	ln -s ${CONFIG_BASE}/\ 249a5a7c-532a-44d3-8b53-c9fa68b9cc42.json \ ${AUTHNZ_FILE}

cloudflared \ tunnel route dns aa-chorke-com-argo aa	cloudflared \ tunnel route dns aa-chorke-org-argo aa	cloudflared \ tunnel route dns aa-shahed-biz-argo aa

cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: aa-chorke-com-argo credentials-file: ${AUTHNZ_FILE} ingress: - service: http://localhost hostname: aa.chorke.com path: /* - service: ssh://localhost:22 hostname: ssh.aa.chorke.com - service: tcp://localhost:3306 hostname: mysql.aa.chorke.com - service: tcp://localhost:5432 hostname: psql.aa.chorke.com - service: http_status:404 warp-routing: enabled: true private_network: - 10.19.83.0/24 dns: - 1.1.1.1 - 8.8.8.8 - 10.19.83.100 loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML	cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: aa-chorke-org-argo credentials-file: ${AUTHNZ_FILE} ingress: - service: http://localhost hostname: aa.chorke.org path: /* - service: ssh://localhost:22 hostname: ssh.aa.chorke.org - service: tcp://localhost:3306 hostname: mysql.aa.chorke.org - service: tcp://localhost:5432 hostname: psql.aa.chorke.org - service: http_status:404 warp-routing: enabled: true private_network: - 10.19.83.0/24 dns: - 1.1.1.1 - 8.8.8.8 - 10.19.83.100 loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML	cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: aa-shahed-biz-argo credentials-file: ${AUTHNZ_FILE} ingress: - service: http://localhost hostname: aa.shahed.biz path: /* - service: ssh://localhost:22 hostname: ssh.aa.shahed.biz - service: tcp://localhost:3306 hostname: mysql.aa.shahed.biz - service: tcp://localhost:5432 hostname: psql.aa.shahed.biz - service: http_status:404 warp-routing: enabled: true private_network: - 10.19.83.0/24 dns: - 1.1.1.1 - 8.8.8.8 - 10.19.83.100 loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML

cat <<'ENV'\|tee -a ${HOME}/.bashrc >/dev/null # cloudflare tunnel config export CLOUDFLARED_CONFIG=${HOME}/.cloudflared/argo.yml ENV cat <<'ENV'\|tee -a ${HOME}/.profile >/dev/null if [ -f ${HOME}/.bashrc ]; then . ${HOME}/.bashrc fi ENV source ~/.profile

cloudflared tunnel run aa-chorke-com-argo exit	cloudflared tunnel run aa-chorke-org-argo exit	cloudflared tunnel run aa-shahed-biz-argo exit

SYSTEM_FILE=cloudflared@chorke.com.service SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} cat << INI \| sudo tee ${SYSTEM_PATH} >/dev/null [Unit] Description=cloudflared After=network-online.target Wants=network-online.target [Service] Group=chorke-com-argo User=chorke-com-argo TimeoutStartSec=0 Type=notify ExecStart=/usr/bin/cloudflared --no-autoupdate \ --config /home/system/chorke-com-argo/\ .cloudflared/argo.yml \ tunnel run Restart=on-failure RestartSec=5s [Install] WantedBy=multi-user.target INI	SYSTEM_FILE=cloudflared@chorke.org.service SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} cat << INI \| sudo tee ${SYSTEM_PATH} >/dev/null [Unit] Description=cloudflared After=network-online.target Wants=network-online.target [Service] Group=chorke-org-argo User=chorke-org-argo TimeoutStartSec=0 Type=notify ExecStart=/usr/bin/cloudflared --no-autoupdate \ --config /home/system/chorke-org-argo/\ .cloudflared/argo.yml \ tunnel run Restart=on-failure RestartSec=5s [Install] WantedBy=multi-user.target INI	SYSTEM_FILE=cloudflared@shahed.biz.service SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} cat << INI \| sudo tee ${SYSTEM_PATH} >/dev/null [Unit] Description=cloudflared After=network-online.target Wants=network-online.target [Service] Group=shahed-biz-argo User=shahed-biz-argo TimeoutStartSec=0 Type=notify ExecStart=/usr/bin/cloudflared --no-autoupdate \ --config /home/system/shahed-biz-argo/\ .cloudflared/argo.yml \ tunnel run Restart=on-failure RestartSec=5s [Install] WantedBy=multi-user.target INI

cat << EXE \| sudo bash systemctl daemon-reload systemctl enable cloudflared@chorke.com.service systemctl start cloudflared@chorke.com.service systemctl status cloudflared@chorke.com.service EXE	cat << EXE \| sudo bash systemctl daemon-reload systemctl enable cloudflared@chorke.org.service systemctl start cloudflared@chorke.org.service systemctl status cloudflared@chorke.org.service EXE	cat << EXE \| sudo bash systemctl daemon-reload systemctl enable cloudflared@shahed.biz.service systemctl start cloudflared@shahed.biz.service systemctl status cloudflared@shahed.biz.service EXE

tail -n100 \ -f /var/log/cloudflared/chorke.com/argo.log journalctl -xeu cloudflared@chorke.com.service	tail -n100 \ -f /var/log/cloudflared/chorke.org/argo.log journalctl -xeu cloudflared@chorke.org.service	tail -n100 \ -f /var/log/cloudflared/shahed.biz/argo.log journalctl -xeu cloudflared@shahed.biz.service

cat << EXE \| sudo bash systemctl daemon-reload systemctl disable cloudflared@chorke.com.service systemctl stop cloudflared@chorke.com.service systemctl status cloudflared@chorke.com.service EXE	cat << EXE \| sudo bash systemctl daemon-reload systemctl disable cloudflared@chorke.org.service systemctl stop cloudflared@chorke.org.service systemctl status cloudflared@chorke.org.service EXE	cat << EXE \| sudo bash systemctl daemon-reload systemctl disable cloudflared@shahed.biz.service systemctl stop cloudflared@shahed.biz.service systemctl status cloudflared@shahed.biz.service EXE

WARP Routing

Skipped » Find More » 👆

cloudflared \ tunnel create ab-chorke-com-argo	cloudflared \ tunnel create ab-chorke-org-argo	cloudflared \ tunnel create ab-shahed-biz-argo

cloudflared \ tunnel list --output=json\|jq -r '.[].name'

ln -s ${CONFIG_BASE}/\ 56f034e2-7fc7-4423-8db3-1e9db8a24ca3.json \ ${AUTHNZ_FILE}	ln -s ${CONFIG_BASE}/\ 472fe18e-f903-478e-8e8e-2fbe70a4d72f.json \ ${AUTHNZ_FILE}	ln -s ${CONFIG_BASE}/\ 030320f3-d897-432d-8e6f-0e7aca572910.json \ ${AUTHNZ_FILE}

cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: ab-chorke-com-argo credentials-file: ${AUTHNZ_FILE} warp-routing: enabled: true loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML	cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: ab-chorke-org-argo credentials-file: ${AUTHNZ_FILE} warp-routing: enabled: true loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML	cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: ab-shahed-biz-argo credentials-file: ${AUTHNZ_FILE} warp-routing: enabled: true loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML

cat <<'ENV'\|tee -a ${HOME}/.bashrc >/dev/null # cloudflare tunnel config export CLOUDFLARED_CONFIG=${HOME}/.cloudflared/argo.yml ENV cat <<'ENV'\|tee -a ${HOME}/.profile >/dev/null if [ -f ${HOME}/.bashrc ]; then . ${HOME}/.bashrc fi ENV source ~/.profile

cloudflared tunnel run ab-chorke-com-argo exit	cloudflared tunnel run ab-chorke-org-argo exit	cloudflared tunnel run ab-shahed-biz-argo exit

Skipped » Find More » 👆

Playground

cat /usr/local/etc/cloudflared/config.yml ls -lah ~/.cloudflare-warp ls -lah ~/cloudflare-warp	sudo cloudflared service uninstall systemctl status cloudflared journalctl -xeu cloudflared	tail -n100 -f /var/log/cloudflared.log sudo systemctl daemon-reload ps aux\|grep cloudflared

ls -alh /etc/systemd/system\|grep cloudflared ls -alh /etc/systemd/system\|grep minikube ls -alh /etc/systemd/system\|grep minio	ls -lah /usr/local/etc/cloudflared/ ls -lah /etc/cloudflared/ ls -lah ~/.cloudflared/	sudo ln -s /etc/cloudflared/chorke.com-config.yml \ /etc/cloudflared/config.yml ls -lah /etc/cloudflared/

cloudflared access \ ssh-config --hostname aa.chorke.com	ssh-keygen -t ed25519 -C "argo@chorke.org" \ -f ~/.ssh/argo.chorke.org_ed25519

References

Cloudflare » Zero Trust » Connections Cloudflare » Zero Trust » Services Cloudflare » Zero Trust » Devices Cloudflare » Zero Trust » Tunnel Cloudflare » Zero Trust » gRPC Cloudflare » Zero Trust » RDP Cloudflare » Zero Trust » SMB Cloudflare » Zero Trust » SSH Cloudflare » Tunnel Cloudflare » SSH	Cloudflare » Zero Trust » Connect private networks Cloudflare » Zero Trust » Devices » Agentless Cloudflare » Zero Trust » Devices » WARP Cloudflare » Zero Trust » SSH » Connect

Cloudflare » WARP Connector Cloudflare » Access » Chorke Cloudflare

Linux Containers PostgreSQL OpenLDAP OpenVPN HAProxy MySQL Helm CIDR UFW Port	Cloud Computing Cost Tunnel » Cloudflare Google Cloud CLI Tunnel » Ngrok Tunnel » Local Terraform AWS CLI Ansible AWS K8s	CIDR » Restrict access to single IP SSH » Public Key Authentication SSH » Port Forwarding CIDR » 10.20.40.1/32 CIDR » 10.20.40.1/24 CIDR » 10.19.83.1/32 CIDR » 10.19.83.1/24 Linux User Creation

Cloudflare/Argo Tunnel

Contents

Argo Tunnel

WARP Routing

Playground

References

Navigation menu

Cloudflare/Argo Tunnel

Argo Tunnel

WARP Routing

Playground

References

Navigation menu

Search