WAN
| Hetzner Instances
|
| Name
|
Network
|
Subnets
|
Forward
|
| Hetzner » AA |
10.20.41.1/32 |
10.20.41.1 … 1/32 = 01 |
✅
|
| Hetzner » AB |
10.20.41.2/32 |
10.20.41.2 … 2/32 = 01 |
✅
|
| Hetzner » AE |
10.20.41.3/32 |
10.20.41.3 … 3/32 = 01 |
⚪️
|
| Hetzner » AC |
10.20.41.4/32 |
10.20.41.4 … 4/32 = 01 |
⚪️
|
| Hetzner » AE |
10.20.41.5/32 |
10.20.41.5 … 5/32 = 01 |
⚪️
|
SSH
ssh -qt -i ~/.ssh/cid.chorke.org_ed25519 [email protected] bash
cat <<'EXE' | sudo bash
free -th && echo && systemd-analyze && echo
df -h && echo && lsblk && echo
swapon --show
EXE
Add User
# root
passwd
adduser chorke
passwd chorke
adduser shahed
passwd shahed
APT Update
cat << EXE | sudo bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential snapd jq traceroute
apt-get clean cache && find /tmp -type f -atime +10 -delete && find /tmp -type s -atime +10 -delete
EXE
Swap Space
echo 'swapon --show'|sudo bash
cat <<'EXE' | sudo bash
swapoff /swap.img
fallocate -l 20G /swap.img
ls -lh /swap.img && mkswap /swap.img
chmod 0600 /swap.img && swapon /swap.img && swapon --show && free -th
EXE
cat << FST | sudo tee -a /etc/fstab >/dev/null
# loop based swap storage » 16GB + 4GB
/swap.img none swap sw 0 0
FST
free -th
cat /etc/fstab
echo 'swapon --show'|sudo bash
Utility » Tool
cat << EXE|sudo bash
PLATFORM=\$(uname -s)_\$(dpkg --print-architecture)
YQ_BINARY=\$(echo "yq_\${PLATFORM}"|tr '[:upper:]' '[:lower:]')
wget https://github.com/mikefarah/yq/releases/latest/download/\${YQ_BINARY} -O /usr/bin/yq && chmod +x /usr/bin/yq
EXE
Containerize » LXD
cat << EXE | sudo bash
snap install lxd --channel=6/stable
usermod -aG lxd chorke
usermod -aG lxd shahed
EXE
echo 'id -nG'|sudo -i -u chorke bash
echo 'id -nG'|sudo -i -u shahed bash
cat <<YML | sudo lxd init --preseed
---
config: {}
networks:
- config:
ipv4.address: 10.20.0.1/24
ipv4.nat: "true"
ipv6.address: auto
description: ""
name: lxdbr0
type: ""
project: default
storage_pools:
- config:
size: 30GiB
description: ""
name: lxd-zfs-pool-aa
driver: zfs
storage_volumes: []
profiles:
- config: {}
description: ""
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: lxd-zfs-pool-aa
type: disk
name: default
projects: []
cluster: null
YML
sudo ufw enable
sudo iptables -S
cat << EXE | sudo bash
ufw allow OpenSSH
ufw allow in on lxdbr0
ufw route allow in on lxdbr0
ufw route allow out on lxdbr0
EXE
sudo ufw status numbered
sudo iptables -S
cat << EXE | sudo bash
snap restart lxd
snap services lxd
EXE
lxc launch images:alpine/3.21 academia
lxc list -c=n -f=json|jq -r '.[]|select(.name=="academia")|.status'
cat <<'EXE'| lxc exec academia -- sh
ping -c5 chorke.org
ping -c5 shahed.biz
EXE
Containerize » Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| sudo tee /etc/apt/keyrings/docker.asc >/dev/null
DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}")
cat << SRC | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${DISTRIBUTION} stable
SRC
cat << EXE | sudo bash
apt-get update;echo
apt-cache policy docker-ce
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
apt-get clean cache && find /tmp -type f,s -atime +10 -delete
EXE
cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null
{
"bip" : "10.20.13.1/24",
"mtu" : 1500,
"dns" : [
"8.8.8.8",
"8.8.4.4"
],
"debug": true
}
EOF
cat << EXE | sudo bash
systemctl stop docker.socket
systemctl stop docker.service
systemctl start docker.service
usermod -aG docker chorke
usermod -aG docker shahed
EXE
ip a
docker image ls
docker network ls
echo 'id -nG'|sudo -i -u shahed bash
echo 'id -nG'|sudo -i -u chorke bash
cat <<'EXE'| docker run --rm -i alpine sh
echo
cat /etc/hosts ;echo
cat /etc/resolv.conf ;echo
ping -c5 chorke.org ;echo
ping -c5 shahed.biz ;echo
EXE
Cloudflare » VIRT
cat << INI | sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link add warp0 type dummy
ExecStartPost=/usr/sbin/ip addr add 10.20.41.1/32 dev warp0
ExecStartPost=/usr/sbin/ip link set warp0 up
ExecStop=/usr/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI
cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status warp0.service
EXE
ip a
Cloudflare » Argo » Tunnel
wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb
cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null
###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000
# 208 KiB Default RX Buffer
net.core.rmem_default=212992
# 208 KiB Default TX Buffer
net.core.wmem_default=212992
# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608
# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608
SYS
sudo sysctl -p
Skipped » Find More » 👈
Cloudflare » WARP » Tunnel
lxc launch ubuntu:24.04 cloudflare
lxc list -c=n -f=json|jq -r '.[]|select(.name=="cloudflare")|.status'
cat <<'EXE' | lxc exec cloudflare -- bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg jq && apt-get clean
EXE
cat <<'EXE' | lxc exec cloudflare -- bash
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
| sudo tee /etc/apt/keyrings/cloudflare.asc >/dev/null
DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}");\
cat << SRC | sudo tee /etc/apt/sources.list.d/cloudflare.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/cloudflare.asc]\
https://pkg.cloudflareclient.com/ ${DISTRIBUTION} main
SRC
cat /etc/apt/sources.list.d/cloudflare.list
cat /etc/apt/keyrings/cloudflare.asc
EXE
cat <<'EXE' | lxc exec cloudflare -- bash
apt-get update;echo
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y cloudflare-warp && apt-get clean
EXE
lxc exec cloudflare -- bash
sudo vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
sudo sysctl -p
net.ipv4.ip_forward = 1
ip route | grep default
default via 10.20.0.1 dev eth0 proto dhcp src 10.20.0.161 metric 100
lxc snapshot cloudflare base:2024.12.554.0
lxc publish cloudflare/base:2024.12.554.0 --alias cloudflare/base:2024.12.554.0
lxc restore cloudflare base:2024.12.554.0
lxc exec cloudflare -- bash
sudo warp-cli status
cat <<'EXE' | lxc exec cloudflare -- bash
warp-cli connector new eyJhIjoiNW…
warp-cli connect
EXE
cat << EXE | lxc exec cloudflare -- bash
warp-cli status
systemctl daemon-reload
systemctl enable --now warp-svc.service
systemctl status warp-svc.service
EXE
cat << EXE | lxc exec cloudflare -- bash
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
apt-get -y install iptables-persistent && apt-get clean cache
EXE
cat << EXE | lxc exec cloudflare -- bash
# allow forwarding traffic from host
iptables -A FORWARD -i eth0 -o CloudflareWARP -j ACCEPT
iptables -A FORWARD -i CloudflareWARP -o eth0 -j ACCEPT
# cloudflarewarp nat gateway setup for host
iptables -t nat -A POSTROUTING -o CloudflareWARP -j MASQUERADE
# persist across reboots, save the rules
mkdir -p /etc/iptables/
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
EXE
lxc snapshot cloudflare shahed:2025.03.09
lxc publish cloudflare/shahed:2025.03.09 --alias cloudflare/shahed:2025.03.09
lxc restore cloudflare shahed:2025.03.09
Skipped » Find More » 👈
Cloudflare » WARP » Exclude
Settings » 0Trust » WARP Client » Device settings » Profile settings » Default » Configure »
|
Split Tunnels » Exclude IPs and domains » Manage » Manage Split Tunnels
|
| Name |
Network |
Exclude
|
| Network » OpenVPN |
10.20.30.0/24 |
✅
|
| Network » Hetzner |
10.20.31.0/24 |
✅
|
| Network » Docker |
10.20.13.0/24 |
✅
|
| Network » Home |
10.19.83.0/24 |
✅
|
| Network » LXD |
10.20.0.0/24 |
✅
|
| Name |
Network |
Exclude
|
| Network » WiFi |
192.168.10.0/24 |
✅
|
| Network » WiFi |
192.168.1.0/24 |
✅
|
| Network » WiFi |
192.168.0.0/24 |
✅
|
| Network » WiFi |
172.17.0.0/24 |
✅
|
| Network » WiFi |
172.16.0.0/24 |
✅
|
| Network » WiFi |
10.10.10.0/24 |
✅
|
| Network » WiFi |
10.0.1.0/24 |
✅
|
| Network » WiFi |
10.0.0.0/24 |
✅
|
Cloudflare » WARP » Forward
| Implement Forward Routing
|
| Name
|
Network
|
Subnets
|
Forward
|
| Network » Cloud |
10.20.40.0/21 |
10.20.40 … 47.0/24 = 8 |
✅
|
| Network » Cloud |
10.20.48.0/21 |
10.20.48 … 55.0/24 = 8 |
⚪️
|
| Network » Cloud |
10.20.56.0/21 |
10.20.56 … 63.0/24 = 8 |
⚪️
|
| Network » Cloud |
10.20.46.0/23 |
10.20.46 … 47.0/24 = 2 |
⚪️
|
| Network » Cloud |
10.20.48.0/23 |
10.20.48 … 49.0/24 = 2 |
✅
|
| Network » Cloud |
10.20.50.0/23 |
10.20.50 … 51.0/24 = 2 |
⚪️
|
| Name
|
Network
|
Subnets
|
Forward
|
| Network » Office |
10.20.10.0/24 |
10.20.10 … 10.0/24 = 1 |
✅
|
Cloudflare » WARP » Route » Host
vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
sudo sysctl -p
net.ipv4.ip_forward = 1
ip route | grep default
default via 172.31.1.1 dev eth0 proto dhcp src 65.21.251.38 metric 100
cat << EXE | sudo bash
cat << ENV | tee /etc/default/warp-route >/dev/null
LXC_WARP_CLI_NAME=cloudflare
LXC_WARP_CLI_HOST=$(lxc list -f=json cloudflare | jq -r '.[]|.state.network.eth0.addresses[]|select(.family=="inet")|.address')
ENV
echo
cat /etc/default/warp-route
EXE
cat <<'INI' | sudo tee /etc/systemd/system/warp-route.service >/dev/null
[Unit]
Description=WARP Routes Over Clodflare LXC
Wants=network-online.target docker.service snap.lxd.daemon.service containerd.service
After=network-online.target docker.service snap.lxd.daemon.service containerd.service
[Service]
Type=oneshot
EnvironmentFile=-/etc/default/warp-route
ExecStartPre=/bin/sleep 15
ExecStartPre=/bin/bash -c "if [ -z \"${LXC_WARP_CLI_HOST}\" ]; then echo \"Variable LXC_WARP_CLI_HOST not set in /etc/default/warp-route\"; errors_exit; fi"
ExecStart=/usr/sbin/ip route add 10.20.10.0/24 via ${LXC_WARP_CLI_HOST}
ExecStart=/usr/sbin/ip route add 10.20.40.0/21 via ${LXC_WARP_CLI_HOST}
ExecStart=/usr/sbin/ip route add 10.20.48.0/23 via ${LXC_WARP_CLI_HOST}
ExecStop=/usr/sbin/ip route del 10.20.10.0/24
ExecStop=/usr/sbin/ip route del 10.20.40.0/21
ExecStop=/usr/sbin/ip route del 10.20.48.0/23
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI
cat << EXE | sudo bash
systemctl daemon-reload
cat /etc/systemd/system/warp-route.service
systemctl enable --now warp-route.service
systemctl status warp-route.service
echo && ip route show
echo && sysctl -p
EXE
cat << EXE | bash
traceroute 10.20.40.1
traceroute 10.20.41.1
EXE
cat << EXE | sudo bash
systemctl daemon-reload
cat /etc/systemd/system/warp-route.service
systemctl disable --now warp-route.service
systemctl status warp-route.service
echo && ip route show
echo && sysctl -p
EXE
LB » HAProxy » Install & Configure
cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y haproxy certbot;echo;haproxy -v;echo
cat /etc/haproxy/haproxy.cfg;echo
apt-get clean cache
EXE
sudo ufw status numbered
sudo iptables -S
cat << EXE | sudo bash
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 4321/tcp
EXE
sudo ufw status numbered
sudo iptables -S
Skipped » Find More » 👈
cat <<'EXE'| sudo bash
/etc/haproxy/proxy-scripts/reconfig
ls -alh /etc/haproxy/{haproxy.cfg,proxy-{backups,configs,default,enabled,scripts}}
EXE
nmap --reason mail.shahed.biz -sT -Pn -p25,587,110,995,143,993,465,4190
nmap --reason vpn.shahed.biz -sT -Pn --top 20
nmap --reason git.shahed.biz -sT -Pn -p4321
nmap --reason vpn.shahed.biz -sT -Pn -p1194
sudo nmap --reason vpn.shahed.biz -sU -Pn -p1194
LB » HAProxy » Frontend » HTTPS Config
certbot certonly --standalone --non-interactive --http-01-port=19830 -d k8s.aa.hetzner.shahed.biz --email [email protected] --agree-tos --dry-run
certbot certonly --standalone --non-interactive --http-01-port=19830 -d k8s.aa.hetzner.shahed.biz --email [email protected] --agree-tos
(cd /etc/letsencrypt/live/k8s.aa.hetzner.shahed.biz/;ln -s privkey.pem fullchain.pem.key)
certbot renew --http-01-port=19830
certbot certonly --standalone --non-interactive --http-01-port=19830 -d cid.chorke.org --dry-run
certbot certonly --standalone --non-interactive --http-01-port=19830 -d cid.chorke.org
(cd /etc/letsencrypt/live/cid.chorke.org/;ln -s privkey.pem fullchain.pem.key)
certbot certonly --standalone --non-interactive --http-01-port=19830 -d dev.chorke.org --dry-run
certbot certonly --standalone --non-interactive --http-01-port=19830 -d dev.chorke.org
(cd /etc/letsencrypt/live/dev.chorke.org/;ln -s privkey.pem fullchain.pem.key)
cd /etc/letsencrypt/live/;for d in *;do if [ -d "${d}" ];then cat ${d}/{fullchain,privkey}.pem|tee ${d}.pem >/dev/null;fi;done
cd /etc/letsencrypt/live/;for d in *;do if [ -d "${d}" ];then printf "crt ${PWD}/${d}.pem ";fi;done;\
printf "alpn h2,http/1.1 ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3\n"
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg >/dev/null
# ##############################################################################
# https frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
# this config added by chorke academia, inc
frontend fnt_shahed_biz_ssl
bind *:443 ssl crt /etc/letsencrypt/live/k8s.aa.hetzner.shahed.biz/fullchain.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
bind *:443 ssl crt /etc/letsencrypt/live/cid.chorke.org/fullchain.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
bind *:443 ssl crt /etc/letsencrypt/live/dev.chorke.org/fullchain.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
mode http
acl host-is-k8s-aa-hetzner-shahed-biz hdr(host) -i k8s.aa.hetzner.shahed.biz
acl host-is-cid-shahed-biz hdr(host) -i cid.chorke.org
acl host-is-dev-shahed-biz hdr(host) -i dev.chorke.org
acl path-is-artifactory path_beg /artifactory/
acl path-is-jenkins path_beg /jenkins/
acl path-is-gitlab path_beg /gitlab/
acl path-is-nexus path_beg /nexus/
http-request set-header X-Forwarded-For %[src]
http-request set-header X-Forwarded-Proto https
use_backend bck_shahed_biz_cid_artifactory if host-is-cid-shahed-biz path-is-artifactory
use_backend bck_shahed_biz_cid_jenkins if host-is-cid-shahed-biz path-is-jenkins
use_backend bck_shahed_biz_cid_gitlab if host-is-cid-shahed-biz path-is-gitlab
use_backend bck_shahed_biz_cid_nexus if host-is-cid-shahed-biz path-is-nexus
use_backend bck_shahed_biz_hetzner_aa_k8s if host-is-k8s-aa-hetzner-shahed-biz
default_backend bck_shahed_biz_cid
backend bck_shahed_biz_cid_artifactory
server shahed_ah_artifactory 10.20.40.8:8084
mode http
backend bck_shahed_biz_cid_jenkins
server shahed_ah_jenkins 10.20.40.8:8080
mode http
backend bck_shahed_biz_cid_gitlab
server shahed_af_gitlab 10.20.40.6:80
mode http
backend bck_shahed_biz_cid_nexus
server shahed_ah_nexus 10.20.40.8:8081
mode http
backend bck_shahed_biz_hetzner_aa_k8s
server hetzner_aa_k8s 192.168.49.2:80
mode http
backend bck_shahed_biz_cid
server shahed_am_apache2 10.20.40.13:80
mode http
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg /etc/haproxy/proxy-enabled/
vim /etc/haproxy/proxy-scripts/reconfig
/etc/haproxy/proxy-scripts/reconfig
LB » HAProxy » Frontend » Kube API Config
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg >/dev/null
# ##############################################################################
# tcp frontend config for 10.20.41.1:8443
# this config added by chorke academia, inc
frontend fnt_shahed_biz_hetzner_aa
bind *:8443
mode tcp
option tcplog
option dontlognull
default_backend bck_shahed_biz_hetzner_aa
backend bck_shahed_biz_hetzner_aa
server hetzner_aa 192.168.49.2:8443 check
mode tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg /etc/haproxy/proxy-enabled/
vim /etc/haproxy/proxy-scripts/reconfig
/etc/haproxy/proxy-scripts/reconfig
systemctl disable --now minikube.service
vim /etc/systemd/system/minikube.service
# append --apiserver-ips=10.20.41.1 with ExecStart
systemctl enable --now minikube.service
mkdir ~/.kube/hetzner-aa/
scp [email protected]:/home/system/minikube/.minikube/ca.crt ~/.kube/hetzner-aa/
scp [email protected]:/home/system/minikube/.minikube/profiles/minikube/client.{crt,key} ~/.kube/hetzner-aa/
cat <<'YML'| tee ~/.kube/hetzner-aa-kubeconfig.yaml >/dev/null
apiVersion: v1
kind: Config
clusters:
- name: minikube
cluster:
server: https://10.20.41.1:8443
certificate-authority: hetzner-aa/ca.crt
contexts:
- name: hetzner-aa
context:
cluster: minikube
namespace: default
user: minikube
users:
- name: minikube
user:
client-certificate: hetzner-aa/client.crt
client-key: hetzner-aa/client.key
current-context: hetzner-aa
YML
chmod 600 ~/.kube/hetzner-aa-kubeconfig.yaml
export KUBECONFIG=~/.kube/hetzner-aa-kubeconfig.yaml
kubectl config get-contexts
kubectl get namespace
Kubernetes » Minikube » Install & Configure
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | sudo tee /etc/apt/keyrings/kubernetes.asc >/dev/null
cat << SRC | sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null
deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/kubernetes.asc] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /
SRC
cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable;echo
apt-get install -y apache2-utils kubectl;echo
apt-get clean cache && find /tmp -type f -atime +10 -delete && find /tmp -type s -atime +10 -delete
EXE
if [ -x "$(command -v curl)" ];then \
sudo apt -qq update;\
export MINIKUBE_CPU_USE=6;\
export MINIKUBE_RAM_USE=13529;\
export MINIKUBE_INGRESS_HOST='k8s.aa.hetzner.shahed.biz';\
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minikube/1.0.01-ubuntu-24.04-arm64.sh.txt');\
else printf 'curl \033[0;31mnot found! \033[0m:(\n';fi
Skipped » Find More » 👈
Kubernetes » Minikube » Tunnel » Create Service
sudo visudo
# minikube no-password sudo access
minikube ALL=(ALL) NOPASSWD: ALL
cat << INI | sudo tee /etc/systemd/system/minikube-tunnel.service >/dev/null
[Unit]
Description=Minikube Tunnel
Documentation=https://minikube.sigs.k8s.io/docs/commands/tunnel/
After=network-online.target containerd.service docker.service minikube.service
Requires=network-online.target containerd.service docker.service minikube.service
Wants=network-online.target docker.service minikube.service
AssertFileIsExecutable=/var/minikube/bin/minikube
[Service]
User=minikube
Group=minikube
ProtectProc=invisible
StandardOutput=journal
WorkingDirectory=/var/minikube
EnvironmentFile=-/etc/default/minikube
ExecStart=/var/minikube/bin/minikube tunnel --cleanup=true
Restart=always
SendSIGKILL=no
TasksMax=infinity
TimeoutStopSec=infinity
[Install]
WantedBy=multi-user.target
INI
sudo systemctl enable --now minikube-tunnel.service
sudo systemctl disable --now minikube-tunnel.service
Skipped » Find More » 👈
Playground
ssh-copy-id -n -i ~/.ssh/cid.chorke.org_ed25519.pub [email protected]
ssh-copy-id -i ~/.ssh/cid.chorke.org_ed25519.pub [email protected]
|
certbot delete --cert-name k8s.aa.hetzner.shahed.biz
certbot delete --cert-name cid.chorke.org
|
|
|
|
|
|
|
References