diff --git a/Dockerfile b/Dockerfile index 9355eac3..ecaa5e93 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # Build container -FROM ghcr.io/linuxserver/baseimage-alpine:3.19 AS buildstage +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 AS buildstage ARG MOD_VERSION diff --git a/README.md b/README.md index a93ea934..5ad51ef7 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,48 @@ If no additional parameters are supplied this mod adds [`cloudflared`](https://g If all additional parameters are supplied this docker mod will also create/configure/route/enable a cloudflare tunnel via `cloudflared` and the cloudflare v4 API. -## Usage +This mod supports both locally managed and remotely managed tunnels. + +## Remotely Managed Tunnel Usage + +First create a tunnel on Cloudflare's [Zero Trust Dashboard](https://one.dash.cloudflare.com/) and note the tunnel's token. + +Here an example snippet to help you get started using this docker mod. + +### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) + +```yaml + swag: + image: lscr.io/linuxserver/nginx + container_name: nginx + environment: + PUID: 1000 + PGID: 1000 + TZ: Europe/London + DOCKER_MODS: linuxserver/mods:universal-cloudflared + CF_REMOTE_MANAGE_TOKEN: cbvcnbvcjyrtd5erxjhgvkjhbvmhnfchgfchgjv + volumes: + - /path/to/appdata/config:/config + restart: unless-stopped +``` + +# Parameters + +Container images/mods are configured using parameters passed at runtime (such as those above). + +| Parameter | Function | Notes | +| :----: | --- | --- | +| `DOCKER_MODS` | Enable this docker mod with `linuxserver/mods:universal-cloudflared` | If adding multiple mods, enter them in an array separated by `\|`, such as `DOCKER_MODS: linuxserver/mods:universal-cloudflared\|linuxserver/mods:universal-mod2` | + +### Cloudflare tunnel parameters + +| Parameter | Function | Notes | +| :----: | --- | --- | +| `CF_REMOTE_MANAGE_TOKEN` | Existing Cloudflare tunnel's token | | + +Once set up, all tunnel config will be handled through the [Zero Trust Dashboard](https://one.dash.cloudflare.com/) + +## Locally Managed Tunnel Usage Here an example snippet to help you get started using this docker mod. diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run index 176f6e06..dea854c9 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run @@ -40,7 +40,9 @@ fi cloudflared -v echo "**** Checking for cloudflare tunnel parameters... ****" -if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then +if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then + echo "**** CF_REMOTE_MANAGE_TOKEN is set, cloudflared will attempt to connect to existing tunnel ****" +elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then if [[ ${#CF_TUNNEL_PASSWORD} -lt 32 ]]; then echo "**** Cloudflare tunnel password must be at least 32 characters long, exiting... ****" exit 1 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run index bfc94997..3b890db5 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run @@ -1,11 +1,13 @@ #!/usr/bin/with-contenv bash if [[ $(uname -m) = "armv7l" ]]; then - echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****" - sleep infinity + echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****" + sleep infinity fi -if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then +if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then + exec s6-setuidgid abc cloudflared tunnel --no-autoupdate run --token ${CF_REMOTE_MANAGE_TOKEN} +elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then exec s6-setuidgid abc cloudflared tunnel --no-autoupdate --config /etc/cloudflared/config.yml run else echo "**** Issues with cloudflared settings, sleeping ****"