Cloudflared: Difference between revisions
Category:Networking. Description added, link added |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 5: | Line 5: | ||
== Example == | == Example == | ||
To get credentialsFile (e.g. tunnel-ID.json) do: | |||
<syntaxhighlight lang="sh"> | |||
cloudflared tunnel login <the-token-you-see-in-dashboard> | |||
cloudflared tunnel create ConvenientTunnelName | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="nix"> | |||
{ | |||
services.cloudflared = { | |||
enable = true; | |||
tunnels = { | |||
"00000000-0000-0000-0000-000000000000" = { | |||
credentialsFile = "${config.sops.secrets.cloudflared-creds.path}"; | |||
default = "http_status:404"; | |||
}; | |||
}; | |||
}; | |||
} | |||
</syntaxhighlight> | |||
Then you can use dashboard to add your public hosts (will need to convert the new tunnel to dashboard-managed). | |||
Alternatively, save the <code>cert.pem</code> to cloudflared user's %home%/.cloudflared/cert.pem, and instead of using dashboard specify ingress rules in your configuration.nix like this: | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
| Line 26: | Line 49: | ||
}; | }; | ||
} | } | ||
</syntaxhighlight> | |||
== Troubleshooting == | |||
At the moment (2025), for support of browser rendering of the tunnels, this line is required: | |||
<syntaxhighlight lang="nix"> | |||
services.openssh.settings.Macs = [ | |||
[ | |||
# Current defaults: | |||
"hmac-sha2-512-etm@openssh.com" | |||
"hmac-sha2-256-etm@openssh.com" | |||
"umac-128-etm@openssh.com" | |||
# Added: | |||
"hmac-sha2-256" | |||
]; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
The issue has been reported on [https://github.com/cloudflare/cloudflared/issues/1198 Github] | |||
[[Category:Networking]] | [[Category:Networking]] | ||