Initial commit: loc_az_hci (smom-dbis-138 excluded via .gitignore)
Some checks failed
Test / test (push) Has been cancelled
Some checks failed
Test / test (push) Has been cancelled
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
defiQUG
164
scripts/infrastructure/setup-cloudflare-tunnel.sh
Executable file
164
scripts/infrastructure/setup-cloudflare-tunnel.sh
Executable file
@@ -0,0 +1,164 @@
|
||||
#!/bin/bash
|
||||
source ~/.bashrc
|
||||
# Complete Cloudflare Tunnel Setup Script
|
||||
# Run this on the Cloudflare Tunnel VM after OS installation
|
||||
|
||||
set -e
|
||||
|
||||
# Colors
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
BLUE='\033[0;34m'
|
||||
NC='\033[0m'
|
||||
|
||||
log_info() {
|
||||
echo -e "${GREEN}[INFO]${NC} $1"
|
||||
}
|
||||
|
||||
log_warn() {
|
||||
echo -e "${YELLOW}[WARN]${NC} $1"
|
||||
}
|
||||
|
||||
log_error() {
|
||||
echo -e "${RED}[ERROR]${NC} $1"
|
||||
}
|
||||
|
||||
log_step() {
|
||||
echo -e "${BLUE}[STEP]${NC} $1"
|
||||
}
|
||||
|
||||
# Check if running as root
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
log_error "Please run as root (use sudo)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log_step "Step 1: Installing cloudflared..."
|
||||
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared
|
||||
chmod +x /usr/local/bin/cloudflared
|
||||
cloudflared --version
|
||||
log_info "cloudflared installed successfully"
|
||||
|
||||
log_step "Step 2: Creating cloudflared user..."
|
||||
useradd -r -s /bin/false cloudflared || log_warn "User cloudflared may already exist"
|
||||
mkdir -p /etc/cloudflared
|
||||
chown cloudflared:cloudflared /etc/cloudflared
|
||||
|
||||
log_step "Step 3: Authenticating cloudflared..."
|
||||
log_warn "You need to authenticate cloudflared manually:"
|
||||
echo ""
|
||||
echo "Run this command:"
|
||||
echo " cloudflared tunnel login"
|
||||
echo ""
|
||||
echo "This will open a browser for authentication."
|
||||
echo "After authentication, press Enter to continue..."
|
||||
read -p "Press Enter after completing authentication..."
|
||||
|
||||
log_step "Step 4: Creating tunnel..."
|
||||
log_warn "Creating tunnel 'azure-stack-hci'..."
|
||||
log_warn "If tunnel already exists, you can skip this step."
|
||||
read -p "Create new tunnel? (y/n) " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
||||
cloudflared tunnel create azure-stack-hci || log_warn "Tunnel may already exist"
|
||||
fi
|
||||
|
||||
# Get tunnel ID
|
||||
TUNNEL_ID=$(cloudflared tunnel list | grep azure-stack-hci | awk '{print $1}' | head -1)
|
||||
if [ -z "$TUNNEL_ID" ]; then
|
||||
log_error "Could not find tunnel ID. Please create tunnel manually."
|
||||
exit 1
|
||||
fi
|
||||
log_info "Tunnel ID: $TUNNEL_ID"
|
||||
|
||||
log_step "Step 5: Creating tunnel configuration..."
|
||||
cat > /etc/cloudflared/config.yml <<EOF
|
||||
tunnel: $TUNNEL_ID
|
||||
credentials-file: /etc/cloudflared/$TUNNEL_ID.json
|
||||
|
||||
ingress:
|
||||
# Proxmox UI
|
||||
- hostname: proxmox.yourdomain.com
|
||||
service: https://192.168.1.206:8006
|
||||
originRequest:
|
||||
noHappyEyeballs: true
|
||||
tcpKeepAlive: 30
|
||||
connectTimeout: 30s
|
||||
|
||||
# Proxmox R630
|
||||
- hostname: proxmox-r630.yourdomain.com
|
||||
service: https://192.168.1.49:8006
|
||||
originRequest:
|
||||
noHappyEyeballs: true
|
||||
tcpKeepAlive: 30
|
||||
connectTimeout: 30s
|
||||
|
||||
# Grafana Dashboard
|
||||
- hostname: grafana.yourdomain.com
|
||||
service: http://192.168.1.82:3000
|
||||
originRequest:
|
||||
connectTimeout: 30s
|
||||
|
||||
# Git Server
|
||||
- hostname: git.yourdomain.com
|
||||
service: https://192.168.1.121:443
|
||||
originRequest:
|
||||
noHappyEyeballs: true
|
||||
tcpKeepAlive: 30
|
||||
connectTimeout: 30s
|
||||
|
||||
# K3s Dashboard (if exposed)
|
||||
- hostname: k3s.yourdomain.com
|
||||
service: https://192.168.1.188:6443
|
||||
originRequest:
|
||||
noHappyEyeballs: true
|
||||
tcpKeepAlive: 30
|
||||
connectTimeout: 30s
|
||||
|
||||
# Catch-all (must be last)
|
||||
- service: http_status:404
|
||||
EOF
|
||||
|
||||
chmod 600 /etc/cloudflared/config.yml
|
||||
chown cloudflared:cloudflared /etc/cloudflared/config.yml
|
||||
log_info "Configuration file created: /etc/cloudflared/config.yml"
|
||||
log_warn "Update hostnames in config.yml to match your domain!"
|
||||
|
||||
log_step "Step 6: Creating systemd service..."
|
||||
cat > /etc/systemd/system/cloudflared.service <<EOF
|
||||
[Unit]
|
||||
Description=Cloudflare Tunnel
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=cloudflared
|
||||
ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
log_step "Step 7: Enabling and starting service..."
|
||||
systemctl daemon-reload
|
||||
systemctl enable cloudflared
|
||||
systemctl start cloudflared
|
||||
sleep 2
|
||||
systemctl status cloudflared --no-pager
|
||||
|
||||
log_info "========================================="
|
||||
log_info "Cloudflare Tunnel Setup Complete!"
|
||||
log_info "========================================="
|
||||
echo ""
|
||||
log_warn "Next steps:"
|
||||
echo " 1. Update /etc/cloudflared/config.yml with your actual domain"
|
||||
echo " 2. Configure DNS records in Cloudflare Dashboard"
|
||||
echo " 3. Set up Zero Trust policies in Cloudflare Dashboard"
|
||||
echo " 4. Test tunnel connectivity: cloudflared tunnel info azure-stack-hci"
|
||||
echo ""
|
||||
log_info "Tunnel status: systemctl status cloudflared"
|
||||
log_info "Tunnel logs: journalctl -u cloudflared -f"
|
||||
|
||||
Reference in New Issue
Block a user