c39465c2bd
Some checks failed
Test / test (push) Has been cancelled
Co-authored-by: Cursor <cursoragent@cursor.com>
165 lines
4.4 KiB
Bash
Executable File
165 lines
4.4 KiB
Bash
Executable File
#!/bin/bash
|
|
source ~/.bashrc
|
|
# Complete Cloudflare Tunnel Setup Script
|
|
# Run this on the Cloudflare Tunnel VM after OS installation
|
|
|
|
set -e
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
log_info() {
|
|
echo -e "${GREEN}[INFO]${NC} $1"
|
|
}
|
|
|
|
log_warn() {
|
|
echo -e "${YELLOW}[WARN]${NC} $1"
|
|
}
|
|
|
|
log_error() {
|
|
echo -e "${RED}[ERROR]${NC} $1"
|
|
}
|
|
|
|
log_step() {
|
|
echo -e "${BLUE}[STEP]${NC} $1"
|
|
}
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
log_error "Please run as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
log_step "Step 1: Installing cloudflared..."
|
|
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared
|
|
chmod +x /usr/local/bin/cloudflared
|
|
cloudflared --version
|
|
log_info "cloudflared installed successfully"
|
|
|
|
log_step "Step 2: Creating cloudflared user..."
|
|
useradd -r -s /bin/false cloudflared || log_warn "User cloudflared may already exist"
|
|
mkdir -p /etc/cloudflared
|
|
chown cloudflared:cloudflared /etc/cloudflared
|
|
|
|
log_step "Step 3: Authenticating cloudflared..."
|
|
log_warn "You need to authenticate cloudflared manually:"
|
|
echo ""
|
|
echo "Run this command:"
|
|
echo " cloudflared tunnel login"
|
|
echo ""
|
|
echo "This will open a browser for authentication."
|
|
echo "After authentication, press Enter to continue..."
|
|
read -p "Press Enter after completing authentication..."
|
|
|
|
log_step "Step 4: Creating tunnel..."
|
|
log_warn "Creating tunnel 'azure-stack-hci'..."
|
|
log_warn "If tunnel already exists, you can skip this step."
|
|
read -p "Create new tunnel? (y/n) " -n 1 -r
|
|
echo
|
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
cloudflared tunnel create azure-stack-hci || log_warn "Tunnel may already exist"
|
|
fi
|
|
|
|
# Get tunnel ID
|
|
TUNNEL_ID=$(cloudflared tunnel list | grep azure-stack-hci | awk '{print $1}' | head -1)
|
|
if [ -z "$TUNNEL_ID" ]; then
|
|
log_error "Could not find tunnel ID. Please create tunnel manually."
|
|
exit 1
|
|
fi
|
|
log_info "Tunnel ID: $TUNNEL_ID"
|
|
|
|
log_step "Step 5: Creating tunnel configuration..."
|
|
cat > /etc/cloudflared/config.yml <<EOF
|
|
tunnel: $TUNNEL_ID
|
|
credentials-file: /etc/cloudflared/$TUNNEL_ID.json
|
|
|
|
ingress:
|
|
# Proxmox UI
|
|
- hostname: proxmox.yourdomain.com
|
|
service: https://192.168.1.206:8006
|
|
originRequest:
|
|
noHappyEyeballs: true
|
|
tcpKeepAlive: 30
|
|
connectTimeout: 30s
|
|
|
|
# Proxmox R630
|
|
- hostname: proxmox-r630.yourdomain.com
|
|
service: https://192.168.1.49:8006
|
|
originRequest:
|
|
noHappyEyeballs: true
|
|
tcpKeepAlive: 30
|
|
connectTimeout: 30s
|
|
|
|
# Grafana Dashboard
|
|
- hostname: grafana.yourdomain.com
|
|
service: http://192.168.1.82:3000
|
|
originRequest:
|
|
connectTimeout: 30s
|
|
|
|
# Git Server
|
|
- hostname: git.yourdomain.com
|
|
service: https://192.168.1.121:443
|
|
originRequest:
|
|
noHappyEyeballs: true
|
|
tcpKeepAlive: 30
|
|
connectTimeout: 30s
|
|
|
|
# K3s Dashboard (if exposed)
|
|
- hostname: k3s.yourdomain.com
|
|
service: https://192.168.1.188:6443
|
|
originRequest:
|
|
noHappyEyeballs: true
|
|
tcpKeepAlive: 30
|
|
connectTimeout: 30s
|
|
|
|
# Catch-all (must be last)
|
|
- service: http_status:404
|
|
EOF
|
|
|
|
chmod 600 /etc/cloudflared/config.yml
|
|
chown cloudflared:cloudflared /etc/cloudflared/config.yml
|
|
log_info "Configuration file created: /etc/cloudflared/config.yml"
|
|
log_warn "Update hostnames in config.yml to match your domain!"
|
|
|
|
log_step "Step 6: Creating systemd service..."
|
|
cat > /etc/systemd/system/cloudflared.service <<EOF
|
|
[Unit]
|
|
Description=Cloudflare Tunnel
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=cloudflared
|
|
ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
log_step "Step 7: Enabling and starting service..."
|
|
systemctl daemon-reload
|
|
systemctl enable cloudflared
|
|
systemctl start cloudflared
|
|
sleep 2
|
|
systemctl status cloudflared --no-pager
|
|
|
|
log_info "========================================="
|
|
log_info "Cloudflare Tunnel Setup Complete!"
|
|
log_info "========================================="
|
|
echo ""
|
|
log_warn "Next steps:"
|
|
echo " 1. Update /etc/cloudflared/config.yml with your actual domain"
|
|
echo " 2. Configure DNS records in Cloudflare Dashboard"
|
|
echo " 3. Set up Zero Trust policies in Cloudflare Dashboard"
|
|
echo " 4. Test tunnel connectivity: cloudflared tunnel info azure-stack-hci"
|
|
echo ""
|
|
log_info "Tunnel status: systemctl status cloudflared"
|
|
log_info "Tunnel logs: journalctl -u cloudflared -f"
|
|
|