Cloudflare/Argo Tunnel

Argo Tunnel

cat << EXE \| sudo bash mkdir -p /home/system/ SYS_USERS='chorke-com-argo chorke-org-argo shahed-biz-argo' for SYS_USER in \${SYS_USERS};do SYS_GROUP="\${SYS_USER}" if ! id -g \${SYS_USER} &>/dev/null;then addgroup --quiet --system \${SYS_GROUP};fi if ! id -u \${SYS_USER} &>/dev/null;then adduser --quiet --system --ingroup \${SYS_GROUP} --home /home/system/\${SYS_USER} --shell /bin/bash --disabled-password \${SYS_USER} chage -m 99999 -M 99999 -E -1 -I -1 \${SYS_USER} mkdir /home/system/\${SYS_USER}/.ssh touch /home/system/\${SYS_USER}/.ssh/config touch /home/system/\${SYS_USER}/.ssh/authorized_keys chown -R \${SYS_USER}:\${SYS_GROUP} /home/system/\${SYS_USER}/ chmod 600 /home/system/\${SYS_USER}/.ssh/authorized_keys chmod 600 /home/system/\${SYS_USER}/.ssh/config chmod 700 /home/system/\${SYS_USER}/.ssh fi done echo && ls -alh /home/system//.ssh/ echo && cat /etc/passwd\|awk -F : '\$3 >= 120 && \$3 < 900 {printf("%-6s » %s\n", \$3, \$1)}'\|sort -h echo && cat /etc/group \|awk -F : '\$3 >= 120 && \$3 < 900 {printf("%-6s » %s\n", \$3, \$1)}'\|sort -h && echo EXE

cat << EXE \| sudo bash mkdir -p /var/log/cloudflared/chorke.com chown chorke-com-argo:chorke-com-argo \ -R /var/log/cloudflared/chorke.com EXE	cat << EXE \| sudo bash mkdir -p /var/log/cloudflared/chorke.org chown chorke-org-argo:chorke-org-argo \ -R /var/log/cloudflared/chorke.org EXE	cat << EXE \| sudo bash mkdir -p /var/log/cloudflared/shahed.biz chown shahed-biz-argo:shahed-biz-argo \ -R /var/log/cloudflared/shahed.biz EXE

sudo -i -u chorke-com-argo LOGGER_BASE=/var/log/cloudflared/chorke.com	sudo -i -u chorke-org-argo LOGGER_BASE=/var/log/cloudflared/chorke.org	sudo -i -u shahed-biz-argo LOGGER_BASE=/var/log/cloudflared/shahed.biz

CONFIG_BASE=${HOME}/.cloudflared AUTHNZ_BASE=${HOME}/.cloudflared CONFIG_FILE=${CONFIG_BASE}/argo.yml LOGGER_FILE=${LOGGER_BASE}/argo.log AUTHNZ_FILE=${AUTHNZ_BASE}/argo.json

cloudflared tunnel login cd ~/.cloudflared/

cloudflared \ tunnel create aa-chorke-com-argo	cloudflared \ tunnel create aa-chorke-org-argo	cloudflared \ tunnel create aa-shahed-biz-argo

cloudflared \ tunnel list --output=json\|jq -r '.[].name'

ln -s ${CONFIG_BASE}/\ 3d1105e6-e8f4-403e-9b2d-3367947e0a9e.json \ ${AUTHNZ_FILE}	ln -s ${CONFIG_BASE}/\ f7d72bda-f987-4731-b97f-43a14982444e.json \ ${AUTHNZ_FILE}	ln -s ${CONFIG_BASE}/\ 4567caf0-f9f5-47dc-bab5-794881e54af5.json \ ${AUTHNZ_FILE}

cloudflared \ tunnel route dns aa-chorke-com-argo aa	cloudflared \ tunnel route dns aa-chorke-org-argo aa	cloudflared \ tunnel route dns aa-shahed-biz-argo aa

cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: aa-chorke-com-argo credentials-file: ${AUTHNZ_FILE} ingress: - service: http://localhost hostname: aa.chorke.com - service: http_status:404 warp-routing: enabled: false # icmpv4-src: 10.19.83.68 private_network: - 10.19.83.0/24 dns: - 1.1.1.1 - 8.8.8.8 - 10.19.83.100 loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML	cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: aa-chorke-org-argo credentials-file: ${AUTHNZ_FILE} ingress: - service: http://localhost hostname: aa.chorke.org - service: http_status:404 warp-routing: enabled: false # icmpv4-src: 10.19.83.68 private_network: - 10.19.83.0/24 dns: - 1.1.1.1 - 8.8.8.8 - 10.19.83.100 loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML	cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: aa-shahed-biz-argo credentials-file: ${AUTHNZ_FILE} ingress: - service: http://localhost hostname: aa.shahed.biz - service: http_status:404 warp-routing: enabled: true # icmpv4-src: 10.19.83.68 private_network: - 10.19.83.0/24 dns: - 1.1.1.1 - 8.8.8.8 - 10.19.83.100 loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML

cat <<'ENV'\|tee -a ${HOME}/.bashrc >/dev/null # cloudflare tunnel config export CLOUDFLARED_CONFIG=${HOME}/.cloudflared/argo.yml ENV cat <<'ENV'\|tee -a ${HOME}/.profile >/dev/null if [ -f ${HOME}/.bashrc ]; then . ${HOME}/.bashrc fi ENV source ~/.profile

cloudflared tunnel run aa-chorke-com-argo exit	cloudflared tunnel run aa-chorke-org-argo exit	cloudflared tunnel run aa-shahed-biz-argo exit

SYSTEM_FILE=[email protected] SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} cat << INI \| sudo tee ${SYSTEM_PATH} >/dev/null [Unit] Description=cloudflared After=network-online.target Wants=network-online.target [Service] Group=chorke-com-argo User=chorke-com-argo TimeoutStartSec=0 Type=notify ExecStart=/usr/bin/cloudflared --no-autoupdate \ --config /home/system/chorke-com-argo/\ .cloudflared/argo.yml tunnel run Restart=on-failure RestartSec=5s [Install] WantedBy=multi-user.target INI	SYSTEM_FILE=[email protected] SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} cat << INI \| sudo tee ${SYSTEM_PATH} >/dev/null [Unit] Description=cloudflared After=network-online.target Wants=network-online.target [Service] Group=chorke-org-argo User=chorke-org-argo TimeoutStartSec=0 Type=notify ExecStart=/usr/bin/cloudflared --no-autoupdate \ --config /home/system/chorke-org-argo/\ .cloudflared/argo.yml tunnel run Restart=on-failure RestartSec=5s [Install] WantedBy=multi-user.target INI	SYSTEM_FILE=[email protected] SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE} cat << INI \| sudo tee ${SYSTEM_PATH} >/dev/null [Unit] Description=cloudflared After=network-online.target Wants=network-online.target [Service] Group=shahed-biz-argo User=shahed-biz-argo TimeoutStartSec=0 Type=notify ExecStart=/usr/bin/cloudflared --no-autoupdate \ --config /home/system/shahed-biz-argo/\ .cloudflared/argo.yml tunnel run Restart=on-failure RestartSec=5s [Install] WantedBy=multi-user.target INI

cat << EXE \| sudo bash systemctl daemon-reload systemctl enable [email protected] systemctl start [email protected] systemctl status [email protected] EXE	cat << EXE \| sudo bash systemctl daemon-reload systemctl enable [email protected] systemctl start [email protected] systemctl status [email protected] EXE	cat << EXE \| sudo bash systemctl daemon-reload systemctl enable [email protected] systemctl start [email protected] systemctl status [email protected] EXE

tail -n100 \ -f /var/log/cloudflared/chorke.com/argo.log journalctl -xeu [email protected]	tail -n100 \ -f /var/log/cloudflared/chorke.org/argo.log journalctl -xeu [email protected]	tail -n100 \ -f /var/log/cloudflared/shahed.biz/argo.log journalctl -xeu [email protected]

cat << EXE \| sudo bash systemctl daemon-reload systemctl disable [email protected] systemctl stop [email protected] systemctl status [email protected] EXE	cat << EXE \| sudo bash systemctl daemon-reload systemctl disable [email protected] systemctl stop [email protected] systemctl status [email protected] EXE	cat << EXE \| sudo bash systemctl daemon-reload systemctl disable [email protected] systemctl stop [email protected] systemctl status [email protected] EXE

WARP Routing

Skipped » Find More » 👆

cloudflared \ tunnel create ab-chorke-com-argo	cloudflared \ tunnel create ab-chorke-org-argo	cloudflared \ tunnel create ab-shahed-biz-argo

cloudflared \ tunnel list --output=json\|jq -r '.[].name'

ln -s ${CONFIG_BASE}/\ 56f034e2-7fc7-4423-8db3-1e9db8a24ca3.json \ ${AUTHNZ_FILE}	ln -s ${CONFIG_BASE}/\ 472fe18e-f903-478e-8e8e-2fbe70a4d72f.json \ ${AUTHNZ_FILE}	ln -s ${CONFIG_BASE}/\ 030320f3-d897-432d-8e6f-0e7aca572910.json \ ${AUTHNZ_FILE}

cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: ab-chorke-com-argo credentials-file: ${AUTHNZ_FILE} warp-routing: enabled: true loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML	cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: ab-chorke-org-argo credentials-file: ${AUTHNZ_FILE} warp-routing: enabled: true loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML	cat << YML \| tee ${CONFIG_FILE} >/dev/null --- tunnel: ab-shahed-biz-argo credentials-file: ${AUTHNZ_FILE} warp-routing: enabled: true loglevel: info logfile: ${LOGGER_FILE} heartbeat: interval: 10s max_retries: 3 restart: true YML

cat <<'ENV'\|tee -a ${HOME}/.bashrc >/dev/null # cloudflare tunnel config export CLOUDFLARED_CONFIG=${HOME}/.cloudflared/argo.yml ENV cat <<'ENV'\|tee -a ${HOME}/.profile >/dev/null if [ -f ${HOME}/.bashrc ]; then . ${HOME}/.bashrc fi ENV source ~/.profile

cloudflared tunnel run ab-chorke-com-argo exit	cloudflared tunnel run ab-chorke-org-argo exit	cloudflared tunnel run ab-shahed-biz-argo exit

Skipped » Find More » 👆

Playground

cat /usr/local/etc/cloudflared/config.yml ls -lah ~/.cloudflare-warp ls -lah ~/cloudflare-warp	sudo cloudflared service uninstall systemctl status cloudflared journalctl -xeu cloudflared	tail -n100 -f /var/log/cloudflared.log sudo systemctl daemon-reload ps aux\|grep cloudflared

ls -alh /etc/systemd/system\|grep cloudflared ls -alh /etc/systemd/system\|grep minikube ls -alh /etc/systemd/system\|grep minio	ls -lah /usr/local/etc/cloudflared/ ls -lah /etc/cloudflared/ ls -lah ~/.cloudflared/	sudo ln -s /etc/cloudflared/chorke.com-config.yml \ /etc/cloudflared/config.yml ls -lah /etc/cloudflared/

cloudflared access \ ssh-config --hostname aa.chorke.com	ssh-keygen -t ed25519 -C "[email protected]" \ -f ~/.ssh/argo.chorke.org_ed25519	echo 'id -g'\|sudo -i -u ${USER} bash echo 'id -ng'\|sudo -i -u ${USER} bash

cat /proc/sys/net/ipv4/ping_group_range sysctl net.ipv4.ping_group_range	echo '0 10000'\|\ sudo tee /proc/sys/net/ipv4/ping_group_range	cat /etc/sysctl.conf sudo sysctl -p

warp-cli disconnect warp-cli connect warp-cli status	telnet 10.19.83.68 5432 telnet 10.19.83.68 3306 telnet 10.19.83.68 22	nmap 10.19.83.68 --reason -Pn -p22,3306,5432 nmap 10.19.83.68 --reason -Pn --top 20 tail -n100 -f /var/log/kern.log

References

Cloudflare » Zero Trust » Connections Cloudflare » Zero Trust » Services Cloudflare » Zero Trust » Devices Cloudflare » Zero Trust » Tunnel Cloudflare » Zero Trust » gRPC Cloudflare » Zero Trust » RDP Cloudflare » Zero Trust » SMB Cloudflare » Zero Trust » SSH Cloudflare » Tunnel Cloudflare » SSH	Cloudflare » Zero Trust » Connect private networks Cloudflare » Zero Trust » SSH » Access for Infra Cloudflare » Zero Trust » Devices » Agentless Cloudflare » Zero Trust » Devices » WARP Cloudflare » Zero Trust » SSH » Connect

Cloudflare » WARP Connector Cloudflare » Access » Chorke Cloudflare

Linux Containers PostgreSQL OpenLDAP OpenVPN HAProxy MySQL Helm CIDR UFW Port	Cloud Computing Cost Tunnel » Cloudflare Google Cloud CLI Tunnel » Ngrok Tunnel » Local Terraform AWS CLI Ansible AWS K8s	CIDR » Restrict access to single IP SSH » Public Key Authentication SSH » Port Forwarding CIDR » 10.20.40.1/32 CIDR » 10.20.40.1/24 CIDR » 10.19.83.1/32 CIDR » 10.19.83.1/24 Linux User Creation

Cloudflare/Argo Tunnel

Contents

Argo Tunnel

WARP Routing

Playground

References

Navigation menu

Cloudflare/Argo Tunnel

Argo Tunnel

WARP Routing

Playground

References

Navigation menu

Search