#!/bin/bash # Complete Cloudflare Tunnel Setup for VM 100 # Run this AFTER SSH access to VM 100 is working # Usage: From root@pve: ssh ubuntu@192.168.1.244, then run this script set -e SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" # Load environment variables if [ -f "$PROJECT_ROOT/.env" ]; then set -a source <(grep -v '^#' "$PROJECT_ROOT/.env" | grep -v '^$' | sed 's/#.*$//' | grep '=') set +a else echo "Error: .env file not found. Please set:" echo " CLOUDFLARE_TUNNEL_TOKEN" echo " CLOUDFLARE_ACCOUNT_ID" echo " CLOUDFLARE_DOMAIN" exit 1 fi # Colors GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' echo "=========================================" echo "Cloudflare Tunnel Configuration" echo "=========================================" echo "" # Create directories and user echo -e "${GREEN}[1/6]${NC} Creating directories and user..." sudo mkdir -p /etc/cloudflared sudo useradd -r -s /bin/false cloudflared 2>/dev/null || true sudo chown cloudflared:cloudflared /etc/cloudflared echo "✓ Done" echo "" # Create config file echo -e "${GREEN}[2/6]${NC} Creating config file..." sudo tee /etc/cloudflared/config.yml > /dev/null << CONFIGEOF tunnel: $CLOUDFLARE_TUNNEL_TOKEN credentials-file: /etc/cloudflared/credentials.json ingress: - hostname: grafana.$CLOUDFLARE_DOMAIN service: http://192.168.1.82:3000 - hostname: prometheus.$CLOUDFLARE_DOMAIN service: http://192.168.1.82:9090 - hostname: git.$CLOUDFLARE_DOMAIN service: http://192.168.1.121:3000 - hostname: proxmox-ml110.$CLOUDFLARE_DOMAIN service: https://192.168.1.206:8006 originRequest: noTLSVerify: true - hostname: proxmox-r630.$CLOUDFLARE_DOMAIN service: https://192.168.1.49:8006 originRequest: noTLSVerify: true - service: http_status:404 CONFIGEOF sudo chown cloudflared:cloudflared /etc/cloudflared/config.yml sudo chmod 600 /etc/cloudflared/config.yml echo "✓ Done" echo "" # Create credentials file echo -e "${GREEN}[3/6]${NC} Creating credentials file..." sudo tee /etc/cloudflared/credentials.json > /dev/null << CREDEOF { "AccountTag": "$CLOUDFLARE_ACCOUNT_ID", "TunnelSecret": "$CLOUDFLARE_TUNNEL_TOKEN" } CREDEOF sudo chown cloudflared:cloudflared /etc/cloudflared/credentials.json sudo chmod 600 /etc/cloudflared/credentials.json echo "✓ Done" echo "" # Create systemd service echo -e "${GREEN}[4/6]${NC} Creating systemd service..." sudo tee /etc/systemd/system/cloudflared.service > /dev/null << SERVICEEOF [Unit] Description=Cloudflare Tunnel After=network.target [Service] Type=simple User=cloudflared ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run Restart=on-failure RestartSec=10s StandardOutput=journal StandardError=journal [Install] WantedBy=multi-user.target SERVICEEOF echo "✓ Done" echo "" # Enable and start service echo -e "${GREEN}[5/6]${NC} Enabling and starting service..." sudo systemctl daemon-reload sudo systemctl enable cloudflared sudo systemctl start cloudflared sleep 5 echo "✓ Done" echo "" # Verify echo -e "${GREEN}[6/6]${NC} Verifying configuration..." echo "" echo "=== Service Status ===" sudo systemctl status cloudflared --no-pager | head -15 echo "" echo "=== Configuration Files ===" ls -la /etc/cloudflared/ echo "" echo "=== Recent Logs ===" sudo journalctl -u cloudflared -n 10 --no-pager echo "" echo "=========================================" echo -e "${GREEN}Configuration Complete!${NC}" echo "=========================================" echo "" echo "Next steps:" echo "1. Verify service: systemctl status cloudflared" echo "2. View logs: journalctl -u cloudflared -f" echo "3. Configure DNS records in Cloudflare Dashboard" echo ""