LAB-linuxserver/docker-mods
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-mods.git synced 2026-01-18 11:22:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add support for remotely managed tunnel

Browse Source
This commit is contained in:
aptalca 2024-12-19 20:52:02 -05:00
parent 973e037a4f
commit 0e000bcdfc
No known key found for this signature in database
GPG Key ID: BE36CFFB9FD85548
4 changed files with 51 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,7 +1,7 @@
# syntax=docker/dockerfile:1
# Build container
FROM ghcr.io/linuxserver/baseimage-alpine:3.19 AS buildstage
FROM ghcr.io/linuxserver/baseimage-alpine:3.21 AS buildstage
ARG MOD_VERSION

43
README.md
View File

@ -6,7 +6,48 @@ If no additional parameters are supplied this mod adds [`cloudflared`](https://g
If all additional parameters are supplied this docker mod will also create/configure/route/enable a cloudflare tunnel via `cloudflared` and the cloudflare v4 API.
## Usage
This mod supports both locally managed and remotely managed tunnels.
## Remotely Managed Tunnel Usage
First create a tunnel on Cloudflare's [Zero Trust Dashboard](https://one.dash.cloudflare.com/) and note the tunnel's token.
Here an example snippet to help you get started using this docker mod.
### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose))
```yaml
swag:
image: lscr.io/linuxserver/nginx
container_name: nginx
environment:
PUID: 1000
PGID: 1000
TZ: Europe/London
DOCKER_MODS: linuxserver/mods:universal-cloudflared
CF_REMOTE_MANAGE_TOKEN: cbvcnbvcjyrtd5erxjhgvkjhbvmhnfchgfchgjv
volumes:
- /path/to/appdata/config:/config
restart: unless-stopped
```
# Parameters
Container images/mods are configured using parameters passed at runtime (such as those above).
| Parameter | Function | Notes |
| :----: | --- | --- |
| `DOCKER_MODS` | Enable this docker mod with `linuxserver/mods:universal-cloudflared` | If adding multiple mods, enter them in an array separated by `\|`, such as `DOCKER_MODS: linuxserver/mods:universal-cloudflared\|linuxserver/mods:universal-mod2` |
### Cloudflare tunnel parameters
| Parameter | Function | Notes |
| :----: | --- | --- |
| `CF_REMOTE_MANAGE_TOKEN` | Existing Cloudflare tunnel's token | |
Once set up, all tunnel config will be handled through the [Zero Trust Dashboard](https://one.dash.cloudflare.com/)
## Locally Managed Tunnel Usage
Here an example snippet to help you get started using this docker mod.

4
root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run
View File

@ -40,7 +40,9 @@ fi
cloudflared -v
echo "**** Checking for cloudflare tunnel parameters... ****"
if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then
if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then
echo "**** CF_REMOTE_MANAGE_TOKEN is set, cloudflared will attempt to connect to existing tunnel ****"
elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then
if [[ ${#CF_TUNNEL_PASSWORD} -lt 32 ]]; then
echo "**** Cloudflare tunnel password must be at least 32 characters long, exiting... ****"
exit 1

8
root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run
View File

@ -1,11 +1,13 @@
#!/usr/bin/with-contenv bash
if [[ $(uname -m) = "armv7l" ]]; then
echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****"
sleep infinity
echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****"
sleep infinity
fi
if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then
if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then
exec s6-setuidgid abc cloudflared tunnel --no-autoupdate run --token ${CF_REMOTE_MANAGE_TOKEN}
elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then
exec s6-setuidgid abc cloudflared tunnel --no-autoupdate --config /etc/cloudflared/config.yml run
else
echo "**** Issues with cloudflared settings, sleeping ****"