Cloudflared: Difference between revisions

From NixOS Wiki
← Older edit
VisualWikitext
Klinger (talk | contribs)
trusted
736 edits
Category:Networking. Description added, link added
Lostmsu (talk | contribs)
13 edits
described how to get credentialsFile
 
Line 5: Line 5:
== Example ==
== Example ==


To get credentialsFile (e.g. tunnel-ID.json) do:
<syntaxhighlight lang="sh">
cloudflared tunnel login <the-token-you-see-in-dashboard>
cloudflared tunnel create ConvenientTunnelName
</syntaxhighlight>


<syntaxhighlight lang="nix">
{
  services.cloudflared = {
    enable = true;
    tunnels = {
      "00000000-0000-0000-0000-000000000000" = {
        credentialsFile = "${config.sops.secrets.cloudflared-creds.path}";
        default = "http_status:404";
      };
    };
  };
}
</syntaxhighlight>
Then you can use dashboard to add your public hosts (will need to convert the new tunnel to dashboard-managed).
Alternatively, save the <code>cert.pem</code> to cloudflared user's %home%/.cloudflared/cert.pem, and instead of using dashboard specify ingress rules in your configuration.nix like this:


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
Line 26: Line 49:
   };
   };
}
}
</syntaxhighlight>


</syntaxhighlight>
[[Category:Networking]]
[[Category:Networking]]

Latest revision as of 18:56, 27 September 2024

Cloudflared is a command line client for a network tunnel from the cloudflare network to a server.

Introduced in https://github.com/NixOS/nixpkgs/pull/171875

Example

To get credentialsFile (e.g. tunnel-ID.json) do: 

cloudflared tunnel login <the-token-you-see-in-dashboard>
cloudflared tunnel create ConvenientTunnelName

{
  services.cloudflared = {
    enable = true;
    tunnels = {
      "00000000-0000-0000-0000-000000000000" = {
        credentialsFile = "${config.sops.secrets.cloudflared-creds.path}";
        default = "http_status:404";
      };
    };
  };
}

Then you can use dashboard to add your public hosts (will need to convert the new tunnel to dashboard-managed).

Alternatively, save the cert.pem to cloudflared user's %home%/.cloudflared/cert.pem, and instead of using dashboard specify ingress rules in your configuration.nix like this: 

{
  services.cloudflared = {
    enable = true;
    tunnels = {
      "00000000-0000-0000-0000-000000000000" = {
        credentialsFile = "${config.sops.secrets.cloudflared-creds.path}";
        ingress = {
          "*.domain1.com" = {
            service = "http://localhost:80";
            path = "/*.(jpg|png|css|js)";
          };
          "*.domain2.com" = "http://localhost:80";
        };
        default = "http_status:404";
      };
    };
  };
}
Retrieved from "https://wiki.nixos.org/w/index.php?title=Cloudflared&oldid=17669"