Cloudflared: Difference between revisions
basic stub with untested config |
described how to get credentialsFile |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
[https://github.com/cloudflare/cloudflared Cloudflared] is a command line client for a network tunnel from the cloudflare network to a server. | |||
Introduced in https://github.com/NixOS/nixpkgs/pull/171875 | Introduced in https://github.com/NixOS/nixpkgs/pull/171875 | ||
== Example == | == Example == | ||
To get credentialsFile (e.g. tunnel-ID.json) do: | |||
<syntaxhighlight lang="sh"> | |||
cloudflared tunnel login <the-token-you-see-in-dashboard> | |||
cloudflared tunnel create ConvenientTunnelName | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="nix"> | |||
{ | |||
services.cloudflared = { | |||
enable = true; | |||
tunnels = { | |||
"00000000-0000-0000-0000-000000000000" = { | |||
credentialsFile = "${config.sops.secrets.cloudflared-creds.path}"; | |||
default = "http_status:404"; | |||
}; | |||
}; | |||
}; | |||
} | |||
</syntaxhighlight> | |||
Then you can use dashboard to add your public hosts (will need to convert the new tunnel to dashboard-managed). | |||
Alternatively, save the <code>cert.pem</code> to cloudflared user's %home%/.cloudflared/cert.pem, and instead of using dashboard specify ingress rules in your configuration.nix like this: | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
Line 24: | Line 49: | ||
}; | }; | ||
} | } | ||
</syntaxhighlight> | |||
[[Category:Networking]] |
Latest revision as of 18:56, 27 September 2024
Cloudflared is a command line client for a network tunnel from the cloudflare network to a server.
Introduced in https://github.com/NixOS/nixpkgs/pull/171875
Example
To get credentialsFile (e.g. tunnel-ID.json) do:
cloudflared tunnel login <the-token-you-see-in-dashboard>
cloudflared tunnel create ConvenientTunnelName
{
services.cloudflared = {
enable = true;
tunnels = {
"00000000-0000-0000-0000-000000000000" = {
credentialsFile = "${config.sops.secrets.cloudflared-creds.path}";
default = "http_status:404";
};
};
};
}
Then you can use dashboard to add your public hosts (will need to convert the new tunnel to dashboard-managed).
Alternatively, save the cert.pem
to cloudflared user's %home%/.cloudflared/cert.pem, and instead of using dashboard specify ingress rules in your configuration.nix like this:
{
services.cloudflared = {
enable = true;
tunnels = {
"00000000-0000-0000-0000-000000000000" = {
credentialsFile = "${config.sops.secrets.cloudflared-creds.path}";
ingress = {
"*.domain1.com" = {
service = "http://localhost:80";
path = "/*.(jpg|png|css|js)";
};
"*.domain2.com" = "http://localhost:80";
};
default = "http_status:404";
};
};
};
}