search

mimugmail / opn-repo

OPNsense repo by mimugmail
Other
355 stars 27 forks source link

Cloudflared package #14

Open Cadish opened 3 years ago

Cadish commented 3 years ago

Hi,

Would it be possible to add cloudflared as a package? https://github.com/cloudflare/cloudflared

Thanks Cadish

mimugmail commented 3 years ago

I asked over there about current pkg as the Port is outdated. Lets see :)

Cadish commented 3 years ago

Great! Thanks!

Cadish commented 3 years ago

hi @mimugmail , they have merged the code apparently... https://github.com/cloudflare/cloudflared/issues/285

mimugmail commented 3 years ago

No, the author merged it into his own fork, it's still open.

mimugmail commented 3 years ago

It's now in community repo:

pkg install cloudflared If you tell me something about config and syntax I can try to build a plugin

Cadish commented 3 years ago

Great! Will try it. Thanks a lot.

The config & syntax are dependent on what you want to achieve with it. I only use it with Cloudflare Argo to create a tunnel to disclose internal applications to the outside without opening any ports. This way, I also can use Cloudflare Access as an extra security level to not disclose my origins directly.

To do this:

  1. Create a tunnel itself: cloudflared tunnel create <NAME>
  2. Create a config file: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/config
  3. Run the tunnel: cloudflared tunnel --config path/config.yaml run <NAME>.

More documentation on this is here: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps

mimugmail commented 3 years ago

If you got it running on the OPN you can also send me the config via private channel and I can try to build a plugin for you.

MattElek commented 3 years ago

I'd love to see support for this, especially considering that Cloudflare Tunnel is free now. I imagine some people might like to use it for DNS over HTTPS, although dnscrypt-proxy already exists in the main repository.

Qhilm commented 1 year ago

why doesn't cloudflared service install work? That would be so much simpler, single command to set up the tunnel.

Qhilm commented 1 year ago

@mimugmail, this is the config file which works for me, in case you're still search for a reference. The problem is, I can't manage to run it as a service at the moment, unless I'm missing something.

tunnel: sense
credentials-file: /root/.cloudflared/<tunnel-UID>.json
ingress:
 # Rules map traffic from a hostname to a local service:
 - hostname: subomain1.youcloudflaredomain.com
   service: https://server1.localdomain.com
 - hostname: subomain2.youcloudflaredomain.com
   service: https://server2.localdomain.com:12345
 # This “catch-all” rule doesn’t have a hostname/path, so it matches everything
 - service: http_status:404

Important is that the server1 will need to have both server1.localdomain.com and subomain1.youcloudflaredomain.com in its certificate SAN, otherwise it fails. I assume it's possible to disable the TLS verification somehow but I didn't want to. Same for server2, it will need both server2.localdomain.com and subomain2.youcloudflaredomain.com in its SAN.

But overall it would be great to have the remotely managed tunnel, that would greatly simplify all of this, no login, no creating a config file, etc. etc. Single command with a token created in the cloudflare dashboard, done.

sammyke007 commented 3 weeks ago

Did anyone manage to run this as a service?

Qhilm commented 3 weeks ago

Did anyone manage to run this as a service?

This worked for me:

https://www.jackpearce.co.uk/cloudflared-opnsense/

sammyke007 commented 3 weeks ago

Did anyone manage to run this as a service?

This worked for me:

https://www.jackpearce.co.uk/cloudflared-opnsense/

Yes, that's exactly what I use, but Cloudflared's tunnel as a plugin (service) would be even better.