search

AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home.html
GNU General Public License v3.0
25.01k stars 1.8k forks source link

MAKE THE CLOUDFLARE CDN PART OF THE WIKI MORE UNDERSTANDABLE #5146

Open erew70 opened 1 year ago

erew70 commented 1 year ago

Prerequisites

Description

What problem are you trying to solve?

It is more like an issue that makes me mad. As said in the wiki, cloudflare's cdn can be configured as a reverse proxy. How? Configure a list called trusted_proxies? WELL THEN WHERE IS THE LIST LOCATED?! HOW DO I CREATE IT IF IT DOESN'T EXIST?

Please help this is frustrating.

My goal here is to setup encryption w/ reverse proxy so i have a fully working block page. I know how to setup nginx reverse proxy but i rather use cloudflare cdn because with nginx, you have to SPECIFY a specific address to use https. Kinda confusing what to specify so i decided to think of using cloudflare cdn which the guide to configuring it is poorly documented

Proposed solution

Make it easier for people like me to understand. Furthermore, you should do more documentation on it.

Alternatives considered

None available.

Additional information

I have no more info to give you

ppfeufer commented 1 year ago

It's in

/opt/AdGuardHome/AdGuardHome.yaml
erew70 commented 1 year ago

It's in

/opt/AdGuardHome/AdGuardHome.yaml

can you give me an example cause I don't know how to write the list into the file

fernvenue commented 1 year ago

Hi @githubissocool, trusted_proxies is just in AdGuardHome's configuration file, it's in the root directory of AdGuardHome, on most Unix systems the default directory is /opt/AdGuardHome, but on macOS it's /Applications/AdGuardHome. It depends on how you installed AdGuardHome. Or you can use find command to find the configuration file in whole / directory like this:

~# find / -name AdGuardHome.yaml
/opt/AdGuardHome/AdGuardHome.yaml

And here's what you need in trusted_proxies:

trusted_proxies:
   - 103.21.244.0/22
   - 103.22.200.0/22
   - 103.31.4.0/22
   - 104.16.0.0/13
   - 104.24.0.0/14
   - 108.162.192.0/18
   - 131.0.72.0/22
   - 141.101.64.0/18
   - 162.158.0.0/15
   - 172.64.0.0/13
   - 173.245.48.0/20
   - 188.114.96.0/20
   - 190.93.240.0/20
   - 197.234.240.0/22
   - 198.41.128.0/17
   - 2400:cb00::/32
   - 2606:4700::/32
   - 2803:f800::/32
   - 2405:b500::/32
   - 2405:8100::/32
   - 2a06:98c0::/29
   - 2c0f:f248::/32

Just add Cloudflare's IP range to trusted_proxies, that's quite simple, right? Then resolve your domain to your AdGuardHome's public address on Cloudflare and make sure it is proxied, add your Cloudflare certificates to AdGuardHome. That's it, that's the common way to use Cloudflare CDN with AdGuardHome.

If you think that's too hard or complicated, you can just allow all in AdGuardHome, and use iptables or UFW to allow Cloudflare only, here's an example for UFW to allow Cloudflare in:

for cloudflare in `curl https://www.cloudflare.com/ips-v4`; do ufw allow proto tcp from $cloudflare to any port 443; done
for cloudflare in `curl https://www.cloudflare.com/ips-v6`; do ufw allow proto tcp from $cloudflare to any port 443; done

Personally, I use Cloudflare Tunnel now, you don't even need a public IP address or allow anything in from public network, just allow AdGuardHome to respond to DoH requests without TLS encryption, install cloudflared and start a tunnel on dashboard, I think that's more convenient and secure. But that's just my personal choice, you can choose the way you like.

Hope these can help you :)