Open priceaj opened 1 year ago
Thanks for reporting this and digging into it yourself already a bit.
On cloudflared
2022.9.1 the environmental variables work.
$ cloudflared --version
cloudflared version 2022.9.1 (built 2022-09-21T19:52:59Z)
$ TUNNEL_POST_QUANTUM=true cloudflared tunnel run [...]
2022-10-04T22:46:39Z INF Starting tunnel tunnelID=[...]
2022-10-04T22:46:39Z INF GOOS: darwin, GOVersion: go1.19.1, GoArch: amd64
2022-10-04T22:46:39Z INF Environmental variables map[TUNNEL_POST_QUANTUM:true]
2022-10-04T22:46:39Z INF cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/as-a-service/
2022-10-04T22:46:39Z INF Generated Connector ID: [...]
2022-10-04T22:46:39Z INF Initial protocol quic
2022-10-04T22:46:39Z INF Using experimental hybrid post-quantum key agreement X25519Kyber768Draft00
[...]
Checking the docker image now.
Ok, I figured it out. The issue is that you're not running a named Tunnel cloudflared tunnel run name
, but instead are using a quick tunnel cloudflared tunnel
. The flag is only defined for the former. We'll add the flag to the quick tunnels too, but in the mean time you can use a named Tunnel.
Or, if you're impatient, apply
diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go
index a45e6e0c..6acafe4b 100644
--- a/cmd/cloudflared/tunnel/cmd.go
+++ b/cmd/cloudflared/tunnel/cmd.go
@@ -665,6 +665,13 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
EnvVars: []string{"TUNNEL_MAX_FETCH_SIZE"},
Hidden: true,
}),
+ altsrc.NewBoolFlag(&cli.BoolFlag{
+ Name: "post-quantum",
+ Usage: "When given creates an experimental post-quantum secure tunnel",
+ Aliases: []string{"pq"},
+ EnvVars: []string{"TUNNEL_POST_QUANTUM"},
+ Hidden: FipsEnabled,
+ }),
selectProtocolFlag,
overwriteDNSFlag,
}...)
Thanks I thought having the TUNNEL_NAME env var was equilivent to running tunnel run name
, but based on what you have said, I guess not, it does create a named tunnel on my cloudflare account though!
To be honest the Docker cloudflared and the environment variables aren't that well documented so I've had to try to piece together a configuration that works, ideally where I can deploy a new service directly from a compose file, in a single step, without having to copy config files around.
Thanks for the fix, I'll wait till it appears in an official version, my docker instance should automatically upgrade and pick it up, so will leave the environment variable in place till it does
Describe the bug
Using cloudflared:latest docker image (Version 2022.10.0) The TUNNEL_POST_QUANTUM environment variable does not seem to work.
To Reproduce
My Docker compose is specified as follows:
I have tried setting TUNNEL_POST_QUANTUM to TRUE, true, "TRUE", "true"
If it's an issue with Cloudflare Tunnel:
Expected behavior Expected logs to show a line stating "Using experimental hybrid post-quantum key agreement" as per https://blog.cloudflare.com/post-quantum-tunnel/
Environment and versions
Logs and errors For all cases, when starting up logs show:
2022-10-04T20:12:27Z INF Settings: map[no-autoupdate:true] 2022-10-04T20:12:27Z INF Environmental variables map[XXX TUNNEL_POST_QUANTUM:true XXX] 2022-10-04T20:12:27Z INF Generated Connector ID: XXX 2022-10-04T20:12:27Z INF Initial protocol quic 2022-10-04T20:12:27Z INF ICMP proxy will use XXX as source for IPv4
There should be an additional line after Initial protocol quic mentioning the post quantum key agreement algorithm which is used
Additional context Note that the other two boolean variables specified in the environment variables do seem to work:
and both are specified differently in subcommands.go when compared to the postQuantumFlag:
postQuantumFlag = altsrc.NewBoolFlag(&cli.BoolFlag{
forceDeleteFlag = &cli.BoolFlag{
overwriteDNSFlag = &cli.BoolFlag{
Not sure if that could be the cause of the issue