Cloudflare/Argo Tunnel: Difference between revisions
Jump to navigation
Jump to search
| (7 intermediate revisions by the same user not shown) | |||
| Line 6: | Line 6: | ||
cd /root/.cloudflared/ | cd /root/.cloudflared/ | ||
cloudflared tunnel login | cloudflared tunnel login | ||
mv cert.pem ./certs/chorke | mv cert.pem ./certs/chorke.com.pem | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 14: | Line 14: | ||
cd /root/.cloudflared/ | cd /root/.cloudflared/ | ||
cloudflared tunnel login | cloudflared tunnel login | ||
mv cert.pem ./certs/chorke | mv cert.pem ./certs/chorke.org.pem | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 22: | Line 22: | ||
cd /root/.cloudflared/ | cd /root/.cloudflared/ | ||
cloudflared tunnel login | cloudflared tunnel login | ||
mv cert.pem ./certs/shahed | mv cert.pem ./certs/shahed.biz.pem | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 32: | Line 32: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/chorke | /root/.cloudflared/certs/chorke.com.pem \ | ||
tunnel create aa-chorke-com | tunnel create aa-chorke-com | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 39: | Line 39: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/chorke | /root/.cloudflared/certs/chorke.org.pem \ | ||
tunnel create aa-chorke-org | tunnel create aa-chorke-org | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 46: | Line 46: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/shahed | /root/.cloudflared/certs/shahed.biz.pem \ | ||
tunnel create aa-shahed-biz | tunnel create aa-shahed-biz | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 57: | Line 57: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
mv certs/ccc2684a-*.json \ | mv certs/ccc2684a-*.json \ | ||
./auths/chorke | ./auths/chorke.com.json | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 63: | Line 63: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
mv certs/621edb67-*.json \ | mv certs/621edb67-*.json \ | ||
./auths/chorke | ./auths/chorke.org.json | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 69: | Line 69: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
mv certs/249a5a7c-*.json \ | mv certs/249a5a7c-*.json \ | ||
./auths/shahed | ./auths/shahed.biz.json | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 79: | Line 79: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/chorke | /root/.cloudflared/certs/chorke.com.pem \ | ||
tunnel list --output=json|jq -r '.[].name' | tunnel list --output=json|jq -r '.[].name' | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 86: | Line 86: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/chorke | /root/.cloudflared/certs/chorke.org.pem \ | ||
tunnel list --output=json|jq -r '.[].name' | tunnel list --output=json|jq -r '.[].name' | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 93: | Line 93: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/shahed | /root/.cloudflared/certs/shahed.biz.pem \ | ||
tunnel list --output=json|jq -r '.[].name' | tunnel list --output=json|jq -r '.[].name' | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 104: | Line 104: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/chorke | /root/.cloudflared/certs/chorke.com.pem \ | ||
tunnel route dns aa-chorke-com aa | tunnel route dns aa-chorke-com aa | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 111: | Line 111: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/chorke | /root/.cloudflared/certs/chorke.org.pem \ | ||
tunnel route dns aa-chorke-org aa | tunnel route dns aa-chorke-org aa | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 118: | Line 118: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | cloudflared --origincert=\ | ||
/root/.cloudflared/certs/shahed | /root/.cloudflared/certs/shahed.biz.pem \ | ||
tunnel route dns aa-shahed-biz aa | tunnel route dns aa-shahed-biz aa | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 145: | Line 145: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="yaml"> | <syntaxhighlight lang="yaml"> | ||
LOGGER_FILE=${LOGGER_BASE}/chorke | LOGGER_FILE=${LOGGER_BASE}/chorke.com.log | ||
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke | AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.com.json | ||
CONFIG_FILE=${CONFIG_BASE}/chorke | CONFIG_FILE=${CONFIG_BASE}/chorke.com-config.yml | ||
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | ||
| Line 190: | Line 190: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="yaml"> | <syntaxhighlight lang="yaml"> | ||
LOGGER_FILE=${LOGGER_BASE}/chorke | LOGGER_FILE=${LOGGER_BASE}/chorke.org.log | ||
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke | AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.org.json | ||
CONFIG_FILE=${CONFIG_BASE}/chorke | CONFIG_FILE=${CONFIG_BASE}/chorke.org-config.yml | ||
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | ||
| Line 236: | Line 236: | ||
<syntaxhighlight lang="yaml"> | <syntaxhighlight lang="yaml"> | ||
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log | LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log | ||
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed | AUTHNZ_FILE=${AUTHNZ_BASE}/shahed.biz.json | ||
CONFIG_FILE=${CONFIG_BASE}/shahed | CONFIG_FILE=${CONFIG_BASE}/shahed.biz-config.yml | ||
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | ||
| Line 285: | Line 285: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo cloudflared tunnel \ | sudo cloudflared tunnel \ | ||
--config /etc/cloudflared/chorke | --config /etc/cloudflared/chorke.com-config.yml \ | ||
run aa-chorke-com | run aa-chorke-com | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 292: | Line 292: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo cloudflared tunnel \ | sudo cloudflared tunnel \ | ||
--config /etc/cloudflared/chorke | --config /etc/cloudflared/chorke.org-config.yml \ | ||
run aa-chorke-org | run aa-chorke-org | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 299: | Line 299: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
sudo cloudflared tunnel \ | sudo cloudflared tunnel \ | ||
--config /etc/cloudflared/shahed | --config /etc/cloudflared/shahed.biz-config.yml \ | ||
run aa-shahed-biz | run aa-shahed-biz | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 309: | Line 309: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="ini"> | <syntaxhighlight lang="ini"> | ||
SYSTEM_FILE=cloudflared@chorke | SYSTEM_FILE=cloudflared@chorke.com.service | ||
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | ||
| Line 322: | Line 322: | ||
Type=notify | Type=notify | ||
ExecStart=/usr/bin/cloudflared --no-autoupdate \ | ExecStart=/usr/bin/cloudflared --no-autoupdate \ | ||
--config /etc/cloudflared/chorke | --config /etc/cloudflared/chorke.com-config.yml \ | ||
tunnel run | tunnel run | ||
Restart=on-failure | Restart=on-failure | ||
| Line 334: | Line 334: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="ini"> | <syntaxhighlight lang="ini"> | ||
SYSTEM_FILE=cloudflared@chorke | SYSTEM_FILE=cloudflared@chorke.org.service | ||
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | ||
| Line 347: | Line 347: | ||
Type=notify | Type=notify | ||
ExecStart=/usr/bin/cloudflared --no-autoupdate \ | ExecStart=/usr/bin/cloudflared --no-autoupdate \ | ||
--config /etc/cloudflared/chorke | --config /etc/cloudflared/chorke.org-config.yml \ | ||
tunnel run | tunnel run | ||
Restart=on-failure | Restart=on-failure | ||
| Line 359: | Line 359: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="ini"> | <syntaxhighlight lang="ini"> | ||
SYSTEM_FILE=cloudflared@shahed | SYSTEM_FILE=cloudflared@shahed.biz.service | ||
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | ||
| Line 372: | Line 372: | ||
Type=notify | Type=notify | ||
ExecStart=/usr/bin/cloudflared --no-autoupdate \ | ExecStart=/usr/bin/cloudflared --no-autoupdate \ | ||
--config /etc/cloudflared/shahed | --config /etc/cloudflared/shahed.biz-config.yml \ | ||
tunnel run | tunnel run | ||
Restart=on-failure | Restart=on-failure | ||
| Line 390: | Line 390: | ||
cat << EXE | sudo bash | cat << EXE | sudo bash | ||
systemctl daemon-reload | systemctl daemon-reload | ||
systemctl enable cloudflared@chorke | systemctl enable cloudflared@chorke.com.service | ||
systemctl start cloudflared@chorke | systemctl start cloudflared@chorke.com.service | ||
systemctl status cloudflared@chorke | systemctl status cloudflared@chorke.com.service | ||
EXE | EXE | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 400: | Line 400: | ||
cat << EXE | sudo bash | cat << EXE | sudo bash | ||
systemctl daemon-reload | systemctl daemon-reload | ||
systemctl enable cloudflared@chorke | systemctl enable cloudflared@chorke.org.service | ||
systemctl start cloudflared@chorke | systemctl start cloudflared@chorke.org.service | ||
systemctl status cloudflared@chorke | systemctl status cloudflared@chorke.org.service | ||
EXE | EXE | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 410: | Line 410: | ||
cat << EXE | sudo bash | cat << EXE | sudo bash | ||
systemctl daemon-reload | systemctl daemon-reload | ||
systemctl enable cloudflared@shahed | systemctl enable cloudflared@shahed.biz.service | ||
systemctl start cloudflared@shahed | systemctl start cloudflared@shahed.biz.service | ||
systemctl status cloudflared@shahed | systemctl status cloudflared@shahed.biz.service | ||
EXE | EXE | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 423: | Line 423: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
tail -n100 \ | tail -n100 \ | ||
-f /var/log/cloudflared/chorke | -f /var/log/cloudflared/chorke.com.log | ||
journalctl -xeu cloudflared@chorke | journalctl -xeu cloudflared@chorke.com.service | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 430: | Line 430: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
tail -n100 \ | tail -n100 \ | ||
-f /var/log/cloudflared/chorke | -f /var/log/cloudflared/chorke.org.log | ||
journalctl -xeu cloudflared@chorke | journalctl -xeu cloudflared@chorke.org.service | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 438: | Line 438: | ||
tail -n100 \ | tail -n100 \ | ||
-f /var/log/cloudflared/shahed-biz.log | -f /var/log/cloudflared/shahed-biz.log | ||
journalctl -xeu [email protected] | journalctl -xeu cloudflared@shahed.biz.service | ||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
cat << EXE | sudo bash | |||
systemctl daemon-reload | |||
systemctl disable [email protected] | |||
systemctl stop [email protected] | |||
systemctl status [email protected] | |||
EXE | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
cat << EXE | sudo bash | |||
systemctl daemon-reload | |||
systemctl disable [email protected] | |||
systemctl stop [email protected] | |||
systemctl status [email protected] | |||
EXE | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
cat << EXE | sudo bash | |||
systemctl daemon-reload | |||
systemctl disable [email protected] | |||
systemctl stop [email protected] | |||
systemctl status cloudflared@shahed.biz.service | |||
EXE | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 445: | Line 479: | ||
==WARP Routing== | ==WARP Routing== | ||
{| | {| | ||
| colspan="3" | | |||
[[Cloudflare/Argo_Tunnel#Argo Tunnel|Skipped » Find More » 👆]] | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | |||
/root/.cloudflared/certs/chorke.com.pem \ | |||
tunnel create ab-chorke-com | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
cloudflared --origincert=\ | |||
/root/.cloudflared/certs/chorke.org.pem \ | |||
tunnel create ab-chorke-org | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cloudflared --origincert=\ | |||
/root/.cloudflared/certs/shahed.biz.pem \ | |||
tunnel create ab-shahed-biz | |||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
mv certs/56f034e2-*.json \ | |||
./auths/chorke.com.json | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
mv certs/472fe18e-*.json \ | |||
./auths/chorke.org.json | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
mv certs/030320f3-*.json \ | |||
./auths/shahed.biz.json | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 465: | Line 534: | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | |||
cloudflared --origincert=\ | |||
/root/.cloudflared/certs/chorke.com.pem \ | |||
tunnel list --output=json|jq -r '.[].name' | |||
</syntaxhighlight> | |||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | |||
cloudflared --origincert=\ | |||
/root/.cloudflared/certs/chorke.org.pem \ | |||
tunnel list --output=json|jq -r '.[].name' | |||
</syntaxhighlight> | |||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | |||
cloudflared --origincert=\ | |||
/root/.cloudflared/certs/shahed.biz.pem \ | |||
tunnel list --output=json|jq -r '.[].name' | |||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| colspan="3" | | |||
<syntaxhighlight lang="bash"> | |||
CONFIG_BASE=/etc/cloudflared | |||
LOGGER_BASE=/var/log/cloudflared | |||
AUTHNZ_BASE=/root/.cloudflared/auths | |||
cat << EXE | sudo bash | |||
mkdir -p ${CONFIG_BASE}/ | |||
mkdir -p ${LOGGER_BASE}/ | |||
mkdir -p /root/.cloudflared/{cert,auth}s/ | |||
EXE | |||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
<syntaxhighlight lang="yaml"> | |||
LOGGER_FILE=${LOGGER_BASE}/chorke.com.log | |||
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.com.json | |||
CONFIG_FILE=${CONFIG_BASE}/chorke.com-config.yml | |||
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | |||
--- | |||
tunnel: ab-chorke-com | |||
credentials-file: ${AUTHNZ_FILE} | |||
warp-routing: | |||
enabled: true | |||
loglevel: info | |||
logfile: ${LOGGER_FILE} | |||
heartbeat: | |||
interval: 10s | |||
max_retries: 3 | |||
restart: true | |||
YML | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="yaml"> | |||
LOGGER_FILE=${LOGGER_BASE}/chorke.org.log | |||
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.org.json | |||
CONFIG_FILE=${CONFIG_BASE}/chorke.org-config.yml | |||
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | |||
--- | |||
tunnel: ab-chorke-org | |||
credentials-file: ${AUTHNZ_FILE} | |||
warp-routing: | |||
enabled: true | |||
loglevel: info | |||
logfile: ${LOGGER_FILE} | |||
heartbeat: | |||
interval: 10s | |||
max_retries: 3 | |||
restart: true | |||
YML | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="yaml"> | |||
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log | |||
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed.biz.json | |||
CONFIG_FILE=${CONFIG_BASE}/shahed.biz-config.yml | |||
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null | |||
--- | |||
tunnel: ab-shahed-biz | |||
credentials-file: ${AUTHNZ_FILE} | |||
warp-routing: | |||
enabled: true | |||
loglevel: info | |||
logfile: ${LOGGER_FILE} | |||
heartbeat: | |||
interval: 10s | |||
max_retries: 3 | |||
restart: true | |||
YML | |||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
sudo cloudflared tunnel \ | |||
--config /etc/cloudflared/chorke.com-config.yml \ | |||
run ab-chorke-com | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
sudo cloudflared tunnel \ | |||
--config /etc/cloudflared/chorke.org-config.yml \ | |||
run ab-chorke-org | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
sudo cloudflared tunnel \ | |||
--config /etc/cloudflared/shahed.biz-config.yml \ | |||
run ab-shahed-biz | |||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| colspan="3" | | |||
[[Cloudflare/Argo_Tunnel#Argo Tunnel|Skipped » Find More » 👆]] | |||
|} | |} | ||
| Line 514: | Line 726: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang="bash"> | |||
sudo ln -s /etc/cloudflared/chorke.com-config.yml \ | |||
/etc/cloudflared/config.yml | |||
ls -lah /etc/cloudflared/ | |||
</syntaxhighlight> | |||
|} | |} | ||
| Line 528: | Line 745: | ||
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/smb/ Cloudflare » Zero Trust » SMB] | * [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/smb/ Cloudflare » Zero Trust » SMB] | ||
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ Cloudflare » Zero Trust » SSH] | * [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ Cloudflare » Zero Trust » SSH] | ||
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/ Cloudflare » Tunnel] | |||
* [https://www.cloudflare.com/learning/access-management/what-is-ssh/ Cloudflare » SSH] | |||
|valign="top"| | |||
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/ Cloudflare » Zero Trust » Devices » Agentless] | |||
* [https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/ Cloudflare » Zero Trust » Devices » WARP] | |||
|valign="top"| | |||
|- | |||
|colspan="3"| | |||
---- | |||
|- | |||
|valign="top"| | |||
* [[Cloudflare/WARP Connector|Cloudflare » WARP Connector]] | * [[Cloudflare/WARP Connector|Cloudflare » WARP Connector]] | ||
* [https://chorke.cloudflareaccess.com Cloudflare » Access » Chorke] | |||
* [[Cloudflare]] | * [[Cloudflare]] | ||
|valign="top"| | |valign="top"| | ||
|valign="top"| | |valign="top"| | ||
| Line 573: | Line 801: | ||
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/32] | * [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=32&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/32] | ||
* [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/24] | * [https://www.calculator.net/ip-subnet-calculator.html?cclass=any&csubnet=24&cip=10.19.83.1&ctype=ipv4&x=Calculate CIDR » 10.19.83.1/24] | ||
* [[Linux User Creation]] | |||
|} | |} | ||
Latest revision as of 21:14, 14 December 2024
Argo Tunnel
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke.com.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke.org.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed.biz.pem
|
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel create aa-chorke-com
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel create aa-chorke-org
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel create aa-shahed-biz
|
|
| ||
mv certs/ccc2684a-*.json \
./auths/chorke.com.json
|
mv certs/621edb67-*.json \
./auths/chorke.org.json
|
mv certs/249a5a7c-*.json \
./auths/shahed.biz.json
|
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel list --output=json|jq -r '.[].name'
|
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel route dns aa-chorke-com aa
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel route dns aa-chorke-org aa
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel route dns aa-shahed-biz aa
|
|
| ||
CONFIG_BASE=/etc/cloudflared
LOGGER_BASE=/var/log/cloudflared
AUTHNZ_BASE=/root/.cloudflared/auths
cat << EXE | sudo bash
mkdir -p ${CONFIG_BASE}/
mkdir -p ${LOGGER_BASE}/
mkdir -p /root/.cloudflared/{cert,auth}s/
EXE
| ||
|
| ||
LOGGER_FILE=${LOGGER_BASE}/chorke.com.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.com.json
CONFIG_FILE=${CONFIG_BASE}/chorke.com-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: aa-chorke-com
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.chorke.com
path: /*
- service: ssh://localhost:22
hostname: aa.chorke.com
- service: tcp://localhost:3306
hostname: aa.chorke.com
- service: tcp://localhost:5432
hostname: aa.chorke.com
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/chorke.org.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.org.json
CONFIG_FILE=${CONFIG_BASE}/chorke.org-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: aa-chorke-org
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.chorke.org
path: /*
- service: ssh://localhost:22
hostname: aa.chorke.org
- service: tcp://localhost:3306
hostname: aa.chorke.org
- service: tcp://localhost:5432
hostname: aa.chorke.org
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed.biz.json
CONFIG_FILE=${CONFIG_BASE}/shahed.biz-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: aa-shahed-biz
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.shahed.biz
path: /*
- service: ssh://localhost:22
hostname: aa.shahed.biz
- service: tcp://localhost:3306
hostname: aa.shahed.biz
- service: tcp://localhost:5432
hostname: aa.shahed.biz
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
|
| ||
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke.com-config.yml \
run aa-chorke-com
|
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke.org-config.yml \
run aa-chorke-org
|
sudo cloudflared tunnel \
--config /etc/cloudflared/shahed.biz-config.yml \
run aa-shahed-biz
|
|
| ||
SYSTEM_FILE=[email protected]
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke.com-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
SYSTEM_FILE=[email protected]
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke.org-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
SYSTEM_FILE=[email protected]
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/shahed.biz-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
|
| ||
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable [email protected]
systemctl start [email protected]
systemctl status [email protected]
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable [email protected]
systemctl start [email protected]
systemctl status [email protected]
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable [email protected]
systemctl start [email protected]
systemctl status [email protected]
EXE
|
|
| ||
tail -n100 \
-f /var/log/cloudflared/chorke.com.log
journalctl -xeu [email protected]
|
tail -n100 \
-f /var/log/cloudflared/chorke.org.log
journalctl -xeu [email protected]
|
tail -n100 \
-f /var/log/cloudflared/shahed-biz.log
journalctl -xeu [email protected]
|
|
| ||
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable [email protected]
systemctl stop [email protected]
systemctl status [email protected]
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable [email protected]
systemctl stop [email protected]
systemctl status [email protected]
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable [email protected]
systemctl stop [email protected]
systemctl status [email protected]
EXE
|
WARP Routing
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel create ab-chorke-com
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel create ab-chorke-org
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel create ab-shahed-biz
|
|
| ||
mv certs/56f034e2-*.json \
./auths/chorke.com.json
|
mv certs/472fe18e-*.json \
./auths/chorke.org.json
|
mv certs/030320f3-*.json \
./auths/shahed.biz.json
|
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.com.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke.org.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed.biz.pem \
tunnel list --output=json|jq -r '.[].name'
|
|
| ||
CONFIG_BASE=/etc/cloudflared
LOGGER_BASE=/var/log/cloudflared
AUTHNZ_BASE=/root/.cloudflared/auths
cat << EXE | sudo bash
mkdir -p ${CONFIG_BASE}/
mkdir -p ${LOGGER_BASE}/
mkdir -p /root/.cloudflared/{cert,auth}s/
EXE
| ||
|
| ||
LOGGER_FILE=${LOGGER_BASE}/chorke.com.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.com.json
CONFIG_FILE=${CONFIG_BASE}/chorke.com-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: ab-chorke-com
credentials-file: ${AUTHNZ_FILE}
warp-routing:
enabled: true
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/chorke.org.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke.org.json
CONFIG_FILE=${CONFIG_BASE}/chorke.org-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: ab-chorke-org
credentials-file: ${AUTHNZ_FILE}
warp-routing:
enabled: true
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed.biz.json
CONFIG_FILE=${CONFIG_BASE}/shahed.biz-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
---
tunnel: ab-shahed-biz
credentials-file: ${AUTHNZ_FILE}
warp-routing:
enabled: true
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
|
| ||
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke.com-config.yml \
run ab-chorke-com
|
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke.org-config.yml \
run ab-chorke-org
|
sudo cloudflared tunnel \
--config /etc/cloudflared/shahed.biz-config.yml \
run ab-shahed-biz
|
|
| ||
Playground
cat /usr/local/etc/cloudflared/config.yml
ls -lah ~/.cloudflare-warp
ls -lah ~/cloudflare-warp
|
sudo cloudflared service uninstall
systemctl status cloudflared
journalctl -xeu cloudflared
|
tail -n100 -f /var/log/cloudflared.log
sudo systemctl daemon-reload
ps aux|grep cloudflared
|
|
| ||
ls -alh /etc/systemd/system|grep cloudflared
ls -alh /etc/systemd/system|grep minikube
ls -alh /etc/systemd/system|grep minio
|
ls -lah /usr/local/etc/cloudflared/
ls -lah /etc/cloudflared/
ls -lah ~/.cloudflared/
|
sudo ln -s /etc/cloudflared/chorke.com-config.yml \
/etc/cloudflared/config.yml
ls -lah /etc/cloudflared/
|
References
|
| ||
|
| ||