Cloudflare: Difference between revisions
Jump to navigation
Jump to search
(32 intermediate revisions by the same user not shown) | |||
Line 64: | Line 64: | ||
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads | wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads | ||
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f | sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f | ||
rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 72: | Line 72: | ||
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads | wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads | ||
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f | sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f | ||
rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 84: | Line 84: | ||
sudo cloudflared service install eyJhIjoiNW… | sudo cloudflared service install eyJhIjoiNW… | ||
systemctl status cloudflared | systemctl status cloudflared | ||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
echo 'id -g'|sudo -i -u ${USER} bash | |||
echo 'id -ng'|sudo -i -u ${USER} bash | |||
echo '0 10000'|sudo \ | |||
tee /proc/sys/net/ipv4/ping_group_range | |||
sysctl net.ipv4.ping_group_range | |||
cat /proc/sys/net/ipv4/ping_group_range | |||
sysctl net.ipv4.ping_group_range # 1 0 | |||
sysctl net.ipv4.ip_forward # 1 | |||
sysctl net.core.wmem_max # 212992 | |||
sysctl net.core.rmem_max # 212992 | |||
cat /etc/sysctl.conf | |||
sudo sysctl -p | |||
</syntaxhighlight> | |||
===Cloudflared » System=== | |||
---- | |||
<syntaxhighlight lang="properties"> | |||
cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null | |||
################################################################### | |||
# Cloudflared Tunnel Private Network Config | |||
# This config added by Chorke Academia, Inc | |||
# ICMP Group ID Range 0 to 10,000 Users | |||
net.ipv4.ping_group_range = 0 10000 | |||
# 208 KiB Default RX Buffer | |||
net.core.rmem_default=212992 | |||
# 208 KiB Default TX Buffer | |||
net.core.wmem_default=212992 | |||
# 8 MB Maximum RX Buffer | |||
net.core.rmem_max=8388608 | |||
# 8 MB Maximum TX Buffer | |||
net.core.wmem_max=8388608 | |||
SYS | |||
sudo sysctl -p | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 117: | Line 162: | ||
lxc snapshot cloudflare warp:24.04 | lxc snapshot cloudflare warp:24.04 | ||
lxc publish cloudflare/warp:24.04 --alias cloudflare/warp:24.04 | lxc publish cloudflare/warp:24.04 --alias cloudflare/warp:24.04 | ||
lxc | lxc restore cloudflare warp:24.04 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 137: | Line 182: | ||
journalctl -xeu cloudflared | journalctl -xeu cloudflared | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
tail -n100 -f /var/log/cloudflared.log | |||
sudo systemctl daemon-reload | |||
ps aux|grep cloudflared | |||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
sudo su | |||
cd /root/.cloudflared/ | |||
cloudflared tunnel login | |||
mv cert.pem ./certs/chorke-com.pem | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
sudo su | |||
cd /root/.cloudflared/ | |||
cloudflared tunnel login | |||
mv cert.pem ./certs/chorke-org.pem | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
sudo su | |||
cd /root/.cloudflared/ | |||
cloudflared tunnel login | |||
mv cert.pem ./certs/shahed-biz.pem | |||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
ls -alh /etc/systemd/system|grep cloudflared | |||
ls -alh /etc/systemd/system|grep minikube | |||
ls -alh /etc/systemd/system|grep minio | |||
</syntaxhighlight> | |||
| valign="top" | | |||
| valign="top" | | | valign="top" | | ||
Line 178: | Line 271: | ||
* [https://developers.cloudflare.com/rules/url-forwarding/ Cloudflare » Rules » Redirects] | * [https://developers.cloudflare.com/rules/url-forwarding/ Cloudflare » Rules » Redirects] | ||
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel] | * [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel] | ||
|- | |||
|colspan="3"| | |||
---- | |||
|- | |||
|valign="top"| | |||
* [[Cloudflare/WARP Connector|Cloudflare » WARP Connector]] | |||
* [https://chorke.cloudflareaccess.com Cloudflare » Access » Chorke] | |||
* [[Cloudflare/Argo Tunnel|Cloudflare » Argo Tunnel]] | |||
|valign="top"| | |||
|valign="top"| | |||
|- | |- | ||
Line 210: | Line 316: | ||
* [https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs Journalctl » View & Manipulate Systemd Logs] | * [https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs Journalctl » View & Manipulate Systemd Logs] | ||
* [https://serverfault.com/questions/901364/ CIDR » Restrict access to single IP] | * [https://serverfault.com/questions/901364/ CIDR » Restrict access to single IP] | ||
* [[SSH/Public Key Authentication|SSH » Public Key Authentication]] | |||
* [https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes Sysctl » UDP Buffer Sizes] | |||
* [[SSH Port Forwarding|SSH » Port Forwarding]] | |||
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/32] | * [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/32] | ||
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/24] | * [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/24] | ||
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/32] | |||
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/24] | |||
* [[Linux User Creation]] | |||
|} | |} |
Latest revision as of 12:44, 27 December 2024
WARP Client
The Cloudflare WARP Client allows individuals or organizations to have a faster, more secure and private experience online.
cat << EXE | sudo bash
apt-get purge -y cloudflare-warp
apt-get autoremove -y
EXE
WARP Client » Ubuntu
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
| sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null
DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}");\
cat << SRC | sudo tee /etc/apt/sources.list.d/cloudflare.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/cloudflare.asc]\
https://pkg.cloudflareclient.com/ ${DISTRIBUTION} main
SRC
cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y cloudflare-warp
sysctl -w net.ipv4.ip_forward=1
EXE
systemctl status warp-svc.service
warp-cli registration delete
warp-cli connector new eyJhIjoiNW…
warp-cli connect
WARP Client » NAT Route
vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
sudo sysctl -p net.ipv4.ip_forward = 1 ip route | grep default default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 20600
Cloudflared
cloudflared is a lightweight daemon that runs in your infrastructure and lets you securely expose internal resources to the Cloudflare edge.
cat << EXE | sudo bash
apt-get purge -y cloudflared
apt-get autoremove -y
EXE
Cloudflared » Ubuntu » AMD
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb
Cloudflared » Ubuntu » ARM
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb
Cloudflared » Service
cloudflared --help
cloudflared version
apt info cloudflared
sudo cloudflared service install eyJhIjoiNW…
systemctl status cloudflared
echo 'id -g'|sudo -i -u ${USER} bash
echo 'id -ng'|sudo -i -u ${USER} bash
echo '0 10000'|sudo \
tee /proc/sys/net/ipv4/ping_group_range
sysctl net.ipv4.ping_group_range
cat /proc/sys/net/ipv4/ping_group_range
sysctl net.ipv4.ping_group_range # 1 0
sysctl net.ipv4.ip_forward # 1
sysctl net.core.wmem_max # 212992
sysctl net.core.rmem_max # 212992
cat /etc/sysctl.conf
sudo sysctl -p
Cloudflared » System
cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null
###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000
# 208 KiB Default RX Buffer
net.core.rmem_default=212992
# 208 KiB Default TX Buffer
net.core.wmem_default=212992
# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608
# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608
SYS
sudo sysctl -p
Playground
lxc image list images:ubuntu/noble/desktop
lxc launch --vm images:ffa5fc9dfb84 cloudflare
lxc launch --vm images:ubuntu/noble/desktop cloudflare
|
lxc list status=running name=cloudflare --format=json |jq -r '.[].state.network.[].addresses'
lxc list status=running name=cloudflare --format=yaml |yq -r '.[].state.network.[].addresses'
lxc info cloudflare|yq '.Resources.["Network usage"][]["IP addresses"].inet'
| |
| ||
ls -lah /usr/local/etc/cloudflared/
ls -lah /etc/cloudflared/
ls -lah ~/.cloudflared/
|
lxc snapshot cloudflare warp:24.04
lxc publish cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc restore cloudflare warp:24.04
| |
| ||
cat /usr/local/etc/cloudflared/config.yml
ls -lah ~/.cloudflare-warp
ls -lah ~/cloudflare-warp
|
sudo cloudflared service uninstall
systemctl status cloudflared
journalctl -xeu cloudflared
|
tail -n100 -f /var/log/cloudflared.log
sudo systemctl daemon-reload
ps aux|grep cloudflared
|
| ||
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-com.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-org.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed-biz.pem
|
| ||
ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep minikube
ls -alh /etc/systemd/system|grep minio
|