d-bis/loc_az_hci
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
loc_az_hci/scripts/deploy/configure-cloudflared-vm100.sh
defiQUG c39465c2bd
Some checks failed
Test / test (push) Has been cancelled
Details
Initial commit: loc_az_hci (smom-dbis-138 excluded via .gitignore) 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-08 09:04:46 -08:00

234 lines
6.8 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Configure Cloudflare Tunnel on VM 100
# Run this script from Proxmox host (root@pve)
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
set -a
source <(grep -v '^#' "$PROJECT_ROOT/.env" | grep -v '^$' | sed 's/#.*$//' | grep '=')
set +a
else
echo "Error: .env file not found at $PROJECT_ROOT/.env"
exit 1
fi
VMID=100
VM_USER="ubuntu"
VM_IP="192.168.1.60"
echo "========================================="
echo "Cloudflare Tunnel Configuration for VM 100"
echo "========================================="
echo ""
# Check if we can SSH to VM
echo "Checking SSH access to VM 100..."
if ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 "$VM_USER@$VM_IP" "echo 'SSH OK'" 2>/dev/null; then
echo "✓ SSH access available"
USE_SSH=true
else
echo "✗ SSH access not available"
echo " You'll need to access VM 100 via Proxmox Console"
USE_SSH=false
fi
echo ""
echo "Configuration will be prepared for:"
echo " Domain: $CLOUDFLARE_DOMAIN"
echo " Account ID: $CLOUDFLARE_ACCOUNT_ID"
echo ""
if [ "$USE_SSH" = true ]; then
echo "Configuring via SSH..."
# Create directories and user
ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" <<EOF
sudo mkdir -p /etc/cloudflared
sudo useradd -r -s /bin/false cloudflared 2>/dev/null || true
sudo chown cloudflared:cloudflared /etc/cloudflared
EOF
# Create config file
ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" "sudo tee /etc/cloudflared/config.yml > /dev/null" <<CONFIGEOF
tunnel: $CLOUDFLARE_TUNNEL_TOKEN
credentials-file: /etc/cloudflared/credentials.json
ingress:
- hostname: grafana.$CLOUDFLARE_DOMAIN
service: http://192.168.1.82:3000
- hostname: prometheus.$CLOUDFLARE_DOMAIN
service: http://192.168.1.82:9090
- hostname: git.$CLOUDFLARE_DOMAIN
service: http://192.168.1.121:3000
- hostname: proxmox-ml110.$CLOUDFLARE_DOMAIN
service: https://192.168.1.206:8006
originRequest:
noTLSVerify: true
- hostname: proxmox-r630.$CLOUDFLARE_DOMAIN
service: https://192.168.1.49:8006
originRequest:
noTLSVerify: true
- service: http_status:404
CONFIGEOF
# Create credentials file
ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" "sudo tee /etc/cloudflared/credentials.json > /dev/null" <<CREDEOF
{
"AccountTag": "$CLOUDFLARE_ACCOUNT_ID",
"TunnelSecret": "$CLOUDFLARE_TUNNEL_TOKEN"
}
CREDEOF
# Set permissions
ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" <<EOF
sudo chown cloudflared:cloudflared /etc/cloudflared/config.yml /etc/cloudflared/credentials.json
sudo chmod 600 /etc/cloudflared/config.yml /etc/cloudflared/credentials.json
EOF
# Create systemd service
ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" "sudo tee /etc/systemd/system/cloudflared.service > /dev/null" <<SERVICEEOF
[Unit]
Description=Cloudflare Tunnel
After=network.target
[Service]
Type=simple
User=cloudflared
ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
Restart=on-failure
RestartSec=10s
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
SERVICEEOF
# Enable and start service
ssh -o StrictHostKeyChecking=no "$VM_USER@$VM_IP" <<EOF
sudo systemctl daemon-reload
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sleep 3
sudo systemctl status cloudflared --no-pager
EOF
echo ""
echo "✓ Configuration complete via SSH"
else
echo ""
echo "========================================="
echo "Manual Configuration Required"
echo "========================================="
echo ""
echo "Since SSH is not available, please:"
echo ""
echo "1. Access VM 100 via Proxmox Console:"
echo " - Go to: https://192.168.1.206:8006"
echo " - Navigate to: VM 100 → Console"
echo " - Login as: ubuntu"
echo ""
echo "2. Run these commands on VM 100:"
echo ""
cat <<'MANUAL'
# Create directories and user
sudo mkdir -p /etc/cloudflared
sudo useradd -r -s /bin/false cloudflared 2>/dev/null || true
sudo chown cloudflared:cloudflared /etc/cloudflared
# Create config file
sudo tee /etc/cloudflared/config.yml > /dev/null << 'CONFIGEOF'
tunnel: CLOUDFLARE_TUNNEL_TOKEN
credentials-file: /etc/cloudflared/credentials.json
ingress:
- hostname: grafana.CLOUDFLARE_DOMAIN
service: http://192.168.1.82:3000
- hostname: prometheus.CLOUDFLARE_DOMAIN
service: http://192.168.1.82:9090
- hostname: git.CLOUDFLARE_DOMAIN
service: http://192.168.1.121:3000
- hostname: proxmox-ml110.CLOUDFLARE_DOMAIN
service: https://192.168.1.206:8006
originRequest:
noTLSVerify: true
- hostname: proxmox-r630.CLOUDFLARE_DOMAIN
service: https://192.168.1.49:8006
originRequest:
noTLSVerify: true
- service: http_status:404
CONFIGEOF
# Replace placeholders (run these with actual values from .env)
sudo sed -i "s/CLOUDFLARE_TUNNEL_TOKEN/$CLOUDFLARE_TUNNEL_TOKEN/g" /etc/cloudflared/config.yml
sudo sed -i "s/CLOUDFLARE_DOMAIN/$CLOUDFLARE_DOMAIN/g" /etc/cloudflared/config.yml
# Create credentials file
sudo tee /etc/cloudflared/credentials.json > /dev/null << CREDEOF
{
"AccountTag": "CLOUDFLARE_ACCOUNT_ID",
"TunnelSecret": "CLOUDFLARE_TUNNEL_TOKEN"
}
CREDEOF
# Replace placeholders
sudo sed -i "s/CLOUDFLARE_ACCOUNT_ID/$CLOUDFLARE_ACCOUNT_ID/g" /etc/cloudflared/credentials.json
sudo sed -i "s/CLOUDFLARE_TUNNEL_TOKEN/$CLOUDFLARE_TUNNEL_TOKEN/g" /etc/cloudflared/credentials.json
# Set permissions
sudo chown cloudflared:cloudflared /etc/cloudflared/config.yml /etc/cloudflared/credentials.json
sudo chmod 600 /etc/cloudflared/config.yml /etc/cloudflared/credentials.json
# Create systemd service
sudo tee /etc/systemd/system/cloudflared.service > /dev/null << 'SERVICEEOF'
[Unit]
Description=Cloudflare Tunnel
After=network.target
[Service]
Type=simple
User=cloudflared
ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
Restart=on-failure
RestartSec=10s
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
SERVICEEOF
# Enable and start service
sudo systemctl daemon-reload
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
systemctl status cloudflared
MANUAL
echo ""
echo "Note: Replace CLOUDFLARE_TUNNEL_TOKEN, CLOUDFLARE_DOMAIN, and CLOUDFLARE_ACCOUNT_ID"
echo " with actual values from your .env file"
echo ""
echo "Or source the .env file first:"
echo " source /path/to/.env"
echo ""
fi
echo ""
echo "========================================="
echo "Configuration Complete"
echo "========================================="
echo ""
echo "Next steps:"
echo "1. Verify service: systemctl status cloudflared"
echo "2. View logs: journalctl -u cloudflared -f"
echo "3. Configure DNS records in Cloudflare Dashboard"
echo ""
Reference in New Issue View Git Blame Copy Permalink