Cloudflare: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(29 intermediate revisions by the same user not shown)
Line 64: Line 64:
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
          rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb
      rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb
</syntaxhighlight>
</syntaxhighlight>


Line 72: Line 72:
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
          rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb
      rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb
</syntaxhighlight>
</syntaxhighlight>


Line 84: Line 84:
sudo cloudflared service install eyJhIjoiNW…
sudo cloudflared service install eyJhIjoiNW…
systemctl status cloudflared
systemctl status cloudflared
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
echo 'id  -g'|sudo -i -u ${USER} bash
echo 'id -ng'|sudo -i -u ${USER} bash
echo '0 10000'|sudo \
tee /proc/sys/net/ipv4/ping_group_range
sysctl        net.ipv4.ping_group_range
cat /proc/sys/net/ipv4/ping_group_range
sysctl net.ipv4.ping_group_range  # 1 0
sysctl net.ipv4.ip_forward        # 1
sysctl net.core.wmem_max          # 212992
sysctl net.core.rmem_max          # 212992
cat /etc/sysctl.conf
sudo sysctl -p
</syntaxhighlight>
===Cloudflared » System===
----
<syntaxhighlight lang="properties">
cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null
###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000
# 208 KiB Default RX Buffer
net.core.rmem_default=212992
# 208 KiB Default TX Buffer
net.core.wmem_default=212992
# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608
# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608
SYS
sudo sysctl -p
</syntaxhighlight>
</syntaxhighlight>


Line 117: Line 162:
lxc snapshot cloudflare warp:24.04
lxc snapshot cloudflare warp:24.04
lxc publish  cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc publish  cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc rm cloudflare -f
lxc restore  cloudflare warp:24.04
</syntaxhighlight>
</syntaxhighlight>


Line 142: Line 187:
tail -n100 -f /var/log/cloudflared.log  
tail -n100 -f /var/log/cloudflared.log  
sudo systemctl daemon-reload
sudo systemctl daemon-reload
ls -lah /root/.cloudflared/
ps aux|grep cloudflared
</syntaxhighlight>
</syntaxhighlight>


Line 154: Line 199:
cd /root/.cloudflared/
cd /root/.cloudflared/
cloudflared tunnel login
cloudflared tunnel login
mv cert.pem cert-chorke-com.pem  
mv cert.pem ./certs/chorke-com.pem  
</syntaxhighlight>
</syntaxhighlight>


Line 162: Line 207:
cd /root/.cloudflared/
cd /root/.cloudflared/
cloudflared tunnel login
cloudflared tunnel login
mv cert.pem cert-chorke-org.pem  
mv cert.pem ./certs/chorke-org.pem  
</syntaxhighlight>
</syntaxhighlight>


Line 170: Line 215:
cd /root/.cloudflared/
cd /root/.cloudflared/
cloudflared tunnel login
cloudflared tunnel login
mv cert.pem cert-shahed-biz.pem  
mv cert.pem ./certs/shahed-biz.pem  
</syntaxhighlight>
</syntaxhighlight>
|-
| colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep minikube
ls -alh /etc/systemd/system|grep minio
</syntaxhighlight>
| valign="top" |
| valign="top" |


|}
|}
Line 211: Line 271:
* [https://developers.cloudflare.com/rules/url-forwarding/ Cloudflare » Rules » Redirects]
* [https://developers.cloudflare.com/rules/url-forwarding/ Cloudflare » Rules » Redirects]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel]
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel]
|-
|colspan="3"|
----
|-
|valign="top"|
* [[Cloudflare/WARP Connector|Cloudflare » WARP Connector]]
* [https://chorke.cloudflareaccess.com Cloudflare » Access » Chorke]
* [[Cloudflare/Argo Tunnel|Cloudflare » Argo Tunnel]]
|valign="top"|
|valign="top"|


|-
|-
Line 243: Line 316:
* [https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs Journalctl » View & Manipulate Systemd Logs]
* [https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs Journalctl » View & Manipulate Systemd Logs]
* [https://serverfault.com/questions/901364/ CIDR » Restrict access to single IP]
* [https://serverfault.com/questions/901364/ CIDR » Restrict access to single IP]
* [[SSH/Public Key Authentication|SSH » Public Key Authentication]]
* [https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes Sysctl » UDP Buffer Sizes]
* [[SSH Port Forwarding|SSH » Port Forwarding]]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/32]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/32]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/24]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.20.40.1&ctype=ipv4&x=Calculate CIDR » 10.20.40.1/24]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/32]
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/24]
* [[Linux User Creation]]


|}
|}

Latest revision as of 12:44, 27 December 2024

WARP Client

The Cloudflare WARP Client allows individuals or organizations to have a faster, more secure and private experience online.

cat << EXE | sudo bash
apt-get purge -y cloudflare-warp
apt-get autoremove -y
EXE

WARP Client » Ubuntu


curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
 | sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null

DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}");\
cat << SRC | sudo tee /etc/apt/sources.list.d/cloudflare.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/cloudflare.asc]\
 https://pkg.cloudflareclient.com/ ${DISTRIBUTION} main
SRC

cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y cloudflare-warp
sysctl -w net.ipv4.ip_forward=1
EXE

systemctl status warp-svc.service 
warp-cli registration delete

warp-cli connector new eyJhIjoiNW…
warp-cli connect

WARP Client » NAT Route


vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

sudo sysctl -p
net.ipv4.ip_forward = 1

ip route | grep default
default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 20600

Cloudflared

cloudflared is a lightweight daemon that runs in your infrastructure and lets you securely expose internal resources to the Cloudflare edge.

cat << EXE | sudo bash
apt-get purge -y cloudflared
apt-get autoremove -y
EXE

Cloudflared » Ubuntu » AMD


wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb

Cloudflared » Ubuntu » ARM


wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb

Cloudflared » Service


cloudflared --help
cloudflared version
apt info cloudflared

sudo cloudflared service install eyJhIjoiNW…
systemctl status cloudflared

echo 'id  -g'|sudo -i -u ${USER} bash
echo 'id -ng'|sudo -i -u ${USER} bash

echo '0 10000'|sudo \
tee /proc/sys/net/ipv4/ping_group_range
sysctl        net.ipv4.ping_group_range
cat /proc/sys/net/ipv4/ping_group_range

sysctl net.ipv4.ping_group_range  # 1	0
sysctl net.ipv4.ip_forward        # 1
sysctl net.core.wmem_max          # 212992
sysctl net.core.rmem_max          # 212992
cat /etc/sysctl.conf
sudo sysctl -p

Cloudflared » System


cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null

###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000

# 208 KiB Default RX Buffer
net.core.rmem_default=212992

# 208 KiB Default TX Buffer
net.core.wmem_default=212992

# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608

# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608

SYS

sudo sysctl -p

Playground

lxc image list images:ubuntu/noble/desktop
lxc launch --vm images:ffa5fc9dfb84 cloudflare
lxc launch --vm images:ubuntu/noble/desktop cloudflare
lxc list status=running name=cloudflare --format=json |jq  -r '.[].state.network.[].addresses'
lxc list status=running name=cloudflare --format=yaml |yq  -r '.[].state.network.[].addresses'
lxc info cloudflare|yq '.Resources.["Network usage"][]["IP addresses"].inet'

ls -lah /usr/local/etc/cloudflared/
          ls -lah /etc/cloudflared/
            ls -lah ~/.cloudflared/
lxc snapshot cloudflare warp:24.04
lxc publish  cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc restore  cloudflare warp:24.04

cat /usr/local/etc/cloudflared/config.yml
ls -lah ~/.cloudflare-warp
ls -lah  ~/cloudflare-warp
sudo cloudflared service uninstall
systemctl  status cloudflared
journalctl -xeu   cloudflared
tail -n100 -f /var/log/cloudflared.log 
sudo systemctl daemon-reload
ps aux|grep cloudflared

sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-com.pem
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-org.pem
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed-biz.pem

ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep minikube
ls -alh /etc/systemd/system|grep minio

References