Cloudflare: Difference between revisions
Jump to navigation
Jump to search
Line 231: | Line 231: | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="yaml"> | ||
LOGGER_FILE=${LOGGER_BASE}/chorke-com.log | LOGGER_FILE=${LOGGER_BASE}/chorke-com.log | ||
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-com.json | AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-com.json | ||
Line 275: | Line 275: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="yaml"> | ||
LOGGER_FILE=${LOGGER_BASE}/chorke-org.log | LOGGER_FILE=${LOGGER_BASE}/chorke-org.log | ||
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-org.json | AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-org.json | ||
Line 319: | Line 319: | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="yaml"> | ||
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log | LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log | ||
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed-biz.json | AUTHNZ_FILE=${AUTHNZ_BASE}/shahed-biz.json | ||
Line 392: | Line 392: | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="ini"> | ||
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | ||
Line 414: | Line 414: | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
INI | INI | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="ini"> | ||
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | ||
Line 446: | Line 439: | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
INI | INI | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| valign="top" | | | valign="top" | | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="ini"> | ||
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} | ||
Line 478: | Line 464: | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
INI | INI | ||
</syntaxhighlight> | |||
|- | |||
| colspan="3" | | |||
---- | |||
|- | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
cat << EXE | sudo bash | |||
systemctl daemon-reload | |||
systemctl enable [email protected] | |||
systemctl start [email protected] | |||
systemctl status [email protected] | |||
EXE | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
cat << EXE | sudo bash | |||
systemctl daemon-reload | |||
systemctl enable [email protected] | |||
systemctl start [email protected] | |||
systemctl status [email protected] | |||
EXE | |||
</syntaxhighlight> | |||
| valign="top" | | |||
<syntaxhighlight lang="bash"> | |||
cat << EXE | sudo bash | cat << EXE | sudo bash | ||
systemctl daemon-reload | systemctl daemon-reload |
Revision as of 20:55, 8 December 2024
WARP Client
The Cloudflare WARP Client allows individuals or organizations to have a faster, more secure and private experience online.
cat << EXE | sudo bash
apt-get purge -y cloudflare-warp
apt-get autoremove -y
EXE
WARP Client » Ubuntu
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
| sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null
DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}");\
cat << SRC | sudo tee /etc/apt/sources.list.d/cloudflare.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/cloudflare.asc]\
https://pkg.cloudflareclient.com/ ${DISTRIBUTION} main
SRC
cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable
apt-get install -y cloudflare-warp
sysctl -w net.ipv4.ip_forward=1
EXE
systemctl status warp-svc.service
warp-cli registration delete
warp-cli connector new eyJhIjoiNW…
warp-cli connect
WARP Client » NAT Route
vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
sudo sysctl -p net.ipv4.ip_forward = 1 ip route | grep default default via 10.19.83.1 dev wlan0 proto dhcp src 10.19.83.68 metric 20600
Cloudflared
cloudflared is a lightweight daemon that runs in your infrastructure and lets you securely expose internal resources to the Cloudflare edge.
cat << EXE | sudo bash
apt-get purge -y cloudflared
apt-get autoremove -y
EXE
Cloudflared » Ubuntu » AMD
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb
Cloudflared » Ubuntu » ARM
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb
Cloudflared » Service
cloudflared --help
cloudflared version
apt info cloudflared
sudo cloudflared service install eyJhIjoiNW…
systemctl status cloudflared
Argo Tunnel
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-com.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-org.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed-biz.pem
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel create aa-chorke-com
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel create aa-chorke-org
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel create aa-shahed-biz
|
| ||
mv certs/ccc2684a-*.json \
./auths/chorke-com.json
|
mv certs/621edb67-*.json \
./auths/chorke-org.json
|
mv certs/249a5a7c-*.json \
./auths/shahed-biz.json
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel list --output=json|jq -r '.[].name'
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel list --output=json|jq -r '.[].name'
|
| ||
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-com.pem \
tunnel route dns aa-chorke-com aa
|
cloudflared --origincert=\
/root/.cloudflared/certs/chorke-org.pem \
tunnel route dns aa-chorke-org aa
|
cloudflared --origincert=\
/root/.cloudflared/certs/shahed-biz.pem \
tunnel route dns aa-shahed-biz aa
|
| ||
CONFIG_BASE=/etc/cloudflared
LOGGER_BASE=/var/log/cloudflared
AUTHNZ_BASE=/root/.cloudflared/auths
cat << EXE | sudo bash
mkdir -p ${CONFIG_BASE}/
mkdir -p ${LOGGER_BASE}/
mkdir -p /root/.cloudflared/{cert,auth}s/
EXE
| ||
| ||
LOGGER_FILE=${LOGGER_BASE}/chorke-com.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-com.json
CONFIG_FILE=${CONFIG_BASE}/chorke-com-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-chorke-com
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.chorke.com
path: /*
- service: ssh://localhost:22
hostname: aa.chorke.com
- service: tcp://localhost:3306
hostname: aa.chorke.com
- service: tcp://localhost:5432
hostname: aa.chorke.com
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/chorke-org.log
AUTHNZ_FILE=${AUTHNZ_BASE}/chorke-org.json
CONFIG_FILE=${CONFIG_BASE}/chorke-org-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-chorke-org
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.chorke.org
path: /*
- service: ssh://localhost:22
hostname: aa.chorke.org
- service: tcp://localhost:3306
hostname: aa.chorke.org
- service: tcp://localhost:5432
hostname: aa.chorke.org
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
LOGGER_FILE=${LOGGER_BASE}/shahed-biz.log
AUTHNZ_FILE=${AUTHNZ_BASE}/shahed-biz.json
CONFIG_FILE=${CONFIG_BASE}/shahed-biz-config.yml
cat << YML | sudo tee ${CONFIG_FILE} >/dev/null
tunnel: aa-shahed-biz
credentials-file: ${AUTHNZ_FILE}
ingress:
- service: http://localhost
hostname: aa.shahed.biz
path: /*
- service: ssh://localhost:22
hostname: aa.shahed.biz
- service: tcp://localhost:3306
hostname: aa.shahed.biz
- service: tcp://localhost:5432
hostname: aa.shahed.biz
- service: http_status:404
warp-routing:
enabled: true
private_network:
- 10.19.83.0/24
dns:
- 1.1.1.1
- 8.8.8.8
- 10.19.83.100
loglevel: info
logfile: ${LOGGER_FILE}
heartbeat:
interval: 10s
max_retries: 3
restart: true
YML
|
| ||
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke-com-config.yml \
run aa-chorke-com
|
sudo cloudflared tunnel \
--config /etc/cloudflared/chorke-org-config.yml \
run aa-chorke-org
|
sudo cloudflared tunnel \
--config /etc/cloudflared/shahed-biz-config.yml \
run aa-shahed-biz
|
| ||
SYSTEM_FILE=[email protected]
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke-com-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
SYSTEM_FILE=[email protected]
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/chorke-org-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
SYSTEM_FILE=[email protected]
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}
cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=0
Type=notify
ExecStart=/usr/bin/cloudflared --no-autoupdate \
--config /etc/cloudflared/shahed-biz-config.yml \
tunnel run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
INI
|
| ||
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable [email protected]
systemctl start [email protected]
systemctl status [email protected]
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable [email protected]
systemctl start [email protected]
systemctl status [email protected]
EXE
|
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable [email protected]
systemctl start [email protected]
systemctl status [email protected]
EXE
|
| ||
tail -n100 \
-f /var/log/cloudflared/chorke-com.log
journalctl -xeu [email protected]
|
tail -n100 \
-f /var/log/cloudflared/chorke-org.log
journalctl -xeu [email protected]
|
tail -n100 \
-f /var/log/cloudflared/shahed-biz.log
journalctl -xeu [email protected]
|
| ||
Playground
lxc image list images:ubuntu/noble/desktop
lxc launch --vm images:ffa5fc9dfb84 cloudflare
lxc launch --vm images:ubuntu/noble/desktop cloudflare
|
lxc list status=running name=cloudflare --format=json |jq -r '.[].state.network.[].addresses'
lxc list status=running name=cloudflare --format=yaml |yq -r '.[].state.network.[].addresses'
lxc info cloudflare|yq '.Resources.["Network usage"][]["IP addresses"].inet'
| |
| ||
ls -lah /usr/local/etc/cloudflared/
ls -lah /etc/cloudflared/
ls -lah ~/.cloudflared/
|
lxc snapshot cloudflare warp:24.04
lxc publish cloudflare/warp:24.04 --alias cloudflare/warp:24.04
lxc rm cloudflare -f
| |
| ||
cat /usr/local/etc/cloudflared/config.yml
ls -lah ~/.cloudflare-warp
ls -lah ~/cloudflare-warp
|
sudo cloudflared service uninstall
systemctl status cloudflared
journalctl -xeu cloudflared
|
tail -n100 -f /var/log/cloudflared.log
sudo systemctl daemon-reload
ps aux|grep cloudflared
|
| ||
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-com.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/chorke-org.pem
|
sudo su
cd /root/.cloudflared/
cloudflared tunnel login
mv cert.pem ./certs/shahed-biz.pem
|