Cloud/Hetzner/AA: Difference between revisions

Latest revision as of 09:27, 21 February 2025

SSH

ssh -i ~/.ssh/cid.chorke.org_ed25519 [email protected]

cat <<'EXE' | sudo bash
free -th && echo && systemd-analyze && echo
df -h    && echo && lsblk && echo
swapon --show
EXE

Add User

# root
passwd

adduser chorke
passwd  chorke

adduser shahed
passwd  shahed

APT Update

cat << EXE | sudo bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential snap jq traceroute
apt-get clean cache && find /tmp -type f -atime +10 -delete && find /tmp -type s -atime +10 -delete
EXE

Swap Space

echo 'swapon --show'|sudo bash
cat <<'EXE' | sudo bash
swapoff /swap.img
fallocate -l 20G /swap.img
ls -lh /swap.img && mkswap /swap.img
chmod 0600 /swap.img && swapon /swap.img && swapon --show && free -th
EXE

cat << FST | sudo tee -a /etc/fstab >/dev/null
# loop based swap storage » 16GB + 4GB 
/swap.img              none            swap    sw              0       0
FST

free -th
cat /etc/fstab 
echo 'swapon --show'|sudo bash

Utility » Tool

cat << EXE|sudo bash
PLATFORM=\$(uname -s)_\$(dpkg --print-architecture)
YQ_BINARY=\$(echo "yq_\${PLATFORM}"|tr '[:upper:]' '[:lower:]')
wget https://github.com/mikefarah/yq/releases/latest/download/\${YQ_BINARY} -O /usr/bin/yq && chmod +x /usr/bin/yq
EXE

Containerize » LXD

cat << EXE | sudo bash
snap install lxd --channel=6/stable
usermod -aG lxd chorke
usermod -aG lxd shahed
EXE

echo 'id -nG'|sudo -i -u chorke bash
echo 'id -nG'|sudo -i -u shahed bash

cat <<YML | sudo lxd init --preseed
---
config: {}
networks:
- config:
    ipv4.address: 10.20.0.1/24
    ipv4.nat: "true"
    ipv6.address: auto
  description: ""
  name: lxdbr0
  type: ""
  project: default
storage_pools:
- config:
    size: 30GiB
  description: ""
  name: lxd-zfs-pool-aa
  driver: zfs
storage_volumes: []
profiles:
- config: {}
  description: ""
  devices:
    eth0:
      name: eth0
      network: lxdbr0
      type: nic
    root:
      path: /
      pool: lxd-zfs-pool-aa
      type: disk
  name: default
projects: []
cluster: null
YML

sudo ufw enable
sudo iptables -S

cat << EXE | sudo bash
ufw       allow OpenSSH
ufw       allow in  on lxdbr0
ufw route allow in  on lxdbr0
ufw route allow out on lxdbr0
EXE

sudo ufw status numbered
sudo iptables -S

cat << EXE | sudo bash
snap restart  lxd
snap services lxd
EXE

Containerize » Docker

curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| sudo tee /etc/apt/keyrings/docker.asc >/dev/null

DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}")
cat << SRC | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${DISTRIBUTION}  stable
SRC

cat << EXE | sudo bash
apt-get update;echo
apt-cache policy docker-ce
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
apt-get clean cache && find /tmp -type f,s -atime +10 -delete
EXE

cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null
{
    "bip"  : "10.20.13.1/24",
    "mtu"  : 1500,
    "dns"  : [
        "8.8.8.8",
        "8.8.4.4"
    ],
    "debug": true
}
EOF

cat << EXE | sudo bash
systemctl stop  docker.socket
systemctl stop  docker.service
systemctl start docker.service

usermod -aG docker chorke
usermod -aG docker shahed
EXE

ip a
docker image ls
docker network ls

echo 'id -nG'|sudo -i -u shahed bash
echo 'id -nG'|sudo -i -u chorke bash

docker run --rm alpine cat /etc/hosts
docker run --rm alpine cat /etc/resolv.conf

Cloudflare » VIRT

cat << INI | sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link add warp0 type dummy
ExecStartPost=/usr/sbin/ip addr add 10.20.41.1/32 dev warp0
ExecStartPost=/usr/sbin/ip link set warp0 up
ExecStop=/usr/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI

cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status       warp0.service
EXE

ip a

Cloudflare » Argo » Tunnel

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb

cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null

###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000

# 208 KiB Default RX Buffer
net.core.rmem_default=212992

# 208 KiB Default TX Buffer
net.core.wmem_default=212992

# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608

# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608

SYS

sudo sysctl -p

Skipped » Find More » 👈

Cloudflare » WARP » Tunnel

lxc launch ubuntu:24.04 cloudflare
lxc list -c=n -f=json|jq -r '.[]|select(.name=="cloudflare")|.status'

cat <<'EXE' | lxc exec cloudflare -- bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg jq && apt-get clean
EXE

cat <<'EXE' | lxc exec cloudflare -- bash
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
 | sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null

DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}");\
cat << SRC | sudo tee /etc/apt/sources.list.d/cloudflare.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/cloudflare.asc]\
 https://pkg.cloudflareclient.com/ ${DISTRIBUTION} main
SRC

cat /etc/apt/sources.list.d/cloudflare.list
cat /etc/apt/keyrings/cloudflare.asc
EXE

cat <<'EXE' | lxc exec cloudflare -- bash
apt-get update;echo
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y cloudflare-warp && apt-get clean
EXE

lxc exec cloudflare -- bash
sudo vim /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

sudo sysctl -p
net.ipv4.ip_forward = 1

ip route | grep default
default via 10.20.0.1 dev eth0 proto dhcp src 10.20.0.161 metric 100

lxc snapshot cloudflare base:2024.12.554.0
lxc publish  cloudflare/base:2024.12.554.0 --alias cloudflare/base:2024.12.554.0
lxc restore  cloudflare base:2024.12.554.0

lxc exec cloudflare -- bash
sudo warp-cli status

cat <<'EXE' | lxc exec cloudflare -- bash
warp-cli connector new eyJhIjoiNW…
warp-cli connect
EXE

cat << EXE | lxc exec cloudflare -- bash
warp-cli status
systemctl daemon-reload
systemctl enable --now warp-svc.service
systemctl status       warp-svc.service
EXE

cat << EXE | lxc exec cloudflare -- bash
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get -y install iptables-persistent && apt-get clean cache
EXE

cat << EXE | lxc exec cloudflare -- bash
# allow forwarding traffic from host
iptables -A FORWARD -i eth0 -o CloudflareWARP -j ACCEPT
iptables -A FORWARD -i CloudflareWARP -o eth0 -j ACCEPT

# cloudflarewarp nat gateway setup for host
iptables -t nat -A POSTROUTING -o CloudflareWARP -j MASQUERADE

# persist across reboots, save the rules
        mkdir -p /etc/iptables/
iptables-save  > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
EXE

lxc snapshot cloudflare init:2025.02.16
lxc publish  cloudflare/init:2025.02.16 --alias cloudflare/init:2025.02.16
lxc restore  cloudflare init:2025.02.16

Skipped » Find More » 👈

Cloudflare » WARP » Exclude

Name	Network	Exclude
`Settings » 0Trust » WARP Client » Device settings » Profile settings » Default » Configure »`
`Split Tunnels » Exclude IPs and domains » Manage » Manage Split Tunnels`
Network » OpenVPN	`10.20.30.0/24`	✅
Network » Hetzner	`10.20.31.0/24`	✅
Network » Docker	`10.20.13.0/24`	✅
Network » Home	`10.19.83.0/24`	✅
Network » LXD	`10.20.0.0/24`	✅

Cloudflare » WARP » Forward

Implement Forward Routing
Name	Network	Subnets	Forward
Network » Cloudflare	`10.20.40.0/21`	`10.20.40 … 47.0/24 = 8`	✅
Network » Cloudflare	`10.20.48.0/21`	`10.20.48 … 55.0/24 = 8`	⚪️
Network » Cloudflare	`10.20.56.0/21`	`10.20.56 … 63.0/24 = 8`	⚪️
Network » Cloudflare	`10.20.46.0/23`	`10.20.46 … 47.0/24 = 2`	⚪️
Network » Cloudflare	`10.20.48.0/23`	`10.20.48 … 49.0/24 = 2`	✅
Network » Cloudflare	`10.20.50.0/23`	`10.20.50 … 51.0/24 = 2`	⚪️

Cloudflare » WARP » Route » Host

vim /etc/sysctl.conf

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

sudo sysctl -p
net.ipv4.ip_forward = 1

ip route | grep default
default via 172.31.1.1 dev eth0 proto dhcp src 65.21.251.38 metric 100

cat << EXE | sudo bash
cat << ENV | tee /etc/default/warp-route >/dev/null
LXC_WARP_CLI_NAME=cloudflare
LXC_WARP_CLI_HOST=$(lxc list -f=json cloudflare | jq -r '.[]|.state.network.eth0.addresses[]|select(.family=="inet")|.address')
ENV
echo
cat /etc/default/warp-route
EXE

cat <<'INI' | sudo tee /etc/systemd/system/warp-route.service >/dev/null
[Unit]
Description=WARP Routes Over Clodflare LXC
Wants=network-online.target docker.service snap.lxd.daemon.service containerd.service
After=network-online.target docker.service snap.lxd.daemon.service containerd.service

[Service]
Type=oneshot
EnvironmentFile=-/etc/default/warp-route

ExecStartPre=/bin/sleep 60
ExecStartPre=/bin/bash -c "if [ -z \"${LXC_WARP_CLI_HOST}\" ]; then echo \"Variable LXC_WARP_CLI_HOST not set in /etc/default/warp-route\"; errors_exit; fi"
ExecStart=/usr/sbin/ip route add 10.20.40.0/21 via $LXC_WARP_CLI_HOST
ExecStart=/usr/sbin/ip route add 10.20.48.0/23 via $LXC_WARP_CLI_HOST
ExecStop=/usr/sbin/ip  route del 10.20.40.0/21
ExecStop=/usr/sbin/ip  route del 10.20.48.0/23
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
INI

cat << EXE | sudo bash
systemctl daemon-reload
cat /etc/systemd/system/warp-route.service
systemctl enable  --now warp-route.service
systemctl status        warp-route.service
echo && ip route show
echo && sysctl -p
EXE

cat << EXE | bash
traceroute 10.20.40.1
traceroute 10.20.41.1
EXE

cat << EXE | sudo bash
systemctl daemon-reload
cat /etc/systemd/system/warp-route.service
systemctl disable --now warp-route.service
systemctl status        warp-route.service
echo && ip route show
echo && sysctl -p
EXE

References

OpenLDAP » BackSQL Google Cloud CLI AWS » EKS » CLI Swap Space Online App OpenLDAP Terraform AWS CLI CLI App Kubectl	HAProxy Jasypt CURL K8s K9s

Cloudflare » WARP Connector Cloudflare » Argo Tunnel Cloudflare » WARP Host Cloud » Shahed » AF Cloud » Shahed » AL Cloudflare	10.20.40.0/21 🟢 10.20.48.0/21 ⚪️ 10.20.56.0/21 ⚪️	10.20.46.0/23 ⚪️ 10.20.48.0/23 🟢 10.20.50.0/23 ⚪️

Ubuntu/Raspberry Pi Ubuntu Upgrade ActiveMQ Minikube Keycloak Hadoop Jenkins WildFly Spark MinIO	Alpine/Morefine Ruby on Rails TensorFlow Homebrew Linuxbrew PyEnv TMux 7Zip Zip Tar	Linux Service Creation Bash/Port/Forward Linux Mount Drive YouTube/Channel Bash/Network Bash/RAM Bash/CPU Bash/Port Bash Port

Private Enterprise Number Linux User Creation Linux Containers PostgreSQL IPTables MySQL CIDR UFW YQ JQ	Chorke Academia Backup Cloud Computing Cost Helm » PostgreSQL Helm » MariaDB Benchmarks Helm

Cloud/Hetzner/AA: Difference between revisions

Latest revision as of 09:27, 21 February 2025

Contents

SSH

Add User

APT Update

Swap Space

Utility » Tool

Containerize » LXD

Containerize » Docker

Cloudflare » VIRT

Cloudflare » Argo » Tunnel

Cloudflare » WARP » Tunnel

Cloudflare » WARP » Exclude

Cloudflare » WARP » Forward

Cloudflare » WARP » Route » Host

References

Navigation menu

Cloud/Hetzner/AA: Difference between revisions

Latest revision as of 09:27, 21 February 2025

SSH

Add User

APT Update

Swap Space

Utility » Tool

Containerize » LXD

Containerize » Docker

Cloudflare » VIRT

Cloudflare » Argo » Tunnel

Cloudflare » WARP » Tunnel

Cloudflare » WARP » Exclude

Cloudflare » WARP » Forward

Cloudflare » WARP » Route » Host

References

Navigation menu

Search