From 0e000bcdfc3310dddeebc4e6bcafb54be73cd97e Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Thu, 19 Dec 2024 20:52:02 -0500 Subject: [PATCH 1/2] Add support for remotely managed tunnel --- Dockerfile | 2 +- README.md | 43 ++++++++++++++++++- .../init-mod-universal-cloudflared-setup/run | 4 +- .../s6-rc.d/svc-mod-universal-cloudflared/run | 8 ++-- 4 files changed, 51 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9355eac3..ecaa5e93 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 # Build container -FROM ghcr.io/linuxserver/baseimage-alpine:3.19 AS buildstage +FROM ghcr.io/linuxserver/baseimage-alpine:3.21 AS buildstage ARG MOD_VERSION diff --git a/README.md b/README.md index a93ea934..5ad51ef7 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,48 @@ If no additional parameters are supplied this mod adds [`cloudflared`](https://g If all additional parameters are supplied this docker mod will also create/configure/route/enable a cloudflare tunnel via `cloudflared` and the cloudflare v4 API. -## Usage +This mod supports both locally managed and remotely managed tunnels. + +## Remotely Managed Tunnel Usage + +First create a tunnel on Cloudflare's [Zero Trust Dashboard](https://one.dash.cloudflare.com/) and note the tunnel's token. + +Here an example snippet to help you get started using this docker mod. + +### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) + +```yaml + swag: + image: lscr.io/linuxserver/nginx + container_name: nginx + environment: + PUID: 1000 + PGID: 1000 + TZ: Europe/London + DOCKER_MODS: linuxserver/mods:universal-cloudflared + CF_REMOTE_MANAGE_TOKEN: cbvcnbvcjyrtd5erxjhgvkjhbvmhnfchgfchgjv + volumes: + - /path/to/appdata/config:/config + restart: unless-stopped +``` + +# Parameters + +Container images/mods are configured using parameters passed at runtime (such as those above). + +| Parameter | Function | Notes | +| :----: | --- | --- | +| `DOCKER_MODS` | Enable this docker mod with `linuxserver/mods:universal-cloudflared` | If adding multiple mods, enter them in an array separated by `\|`, such as `DOCKER_MODS: linuxserver/mods:universal-cloudflared\|linuxserver/mods:universal-mod2` | + +### Cloudflare tunnel parameters + +| Parameter | Function | Notes | +| :----: | --- | --- | +| `CF_REMOTE_MANAGE_TOKEN` | Existing Cloudflare tunnel's token | | + +Once set up, all tunnel config will be handled through the [Zero Trust Dashboard](https://one.dash.cloudflare.com/) + +## Locally Managed Tunnel Usage Here an example snippet to help you get started using this docker mod. diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run index 176f6e06..dea854c9 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run @@ -40,7 +40,9 @@ fi cloudflared -v echo "**** Checking for cloudflare tunnel parameters... ****" -if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then +if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then + echo "**** CF_REMOTE_MANAGE_TOKEN is set, cloudflared will attempt to connect to existing tunnel ****" +elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then if [[ ${#CF_TUNNEL_PASSWORD} -lt 32 ]]; then echo "**** Cloudflare tunnel password must be at least 32 characters long, exiting... ****" exit 1 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run index bfc94997..3b890db5 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run @@ -1,11 +1,13 @@ #!/usr/bin/with-contenv bash if [[ $(uname -m) = "armv7l" ]]; then - echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****" - sleep infinity + echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****" + sleep infinity fi -if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then +if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then + exec s6-setuidgid abc cloudflared tunnel --no-autoupdate run --token ${CF_REMOTE_MANAGE_TOKEN} +elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then exec s6-setuidgid abc cloudflared tunnel --no-autoupdate --config /etc/cloudflared/config.yml run else echo "**** Issues with cloudflared settings, sleeping ****" From 60bd8e5bd127e67c662d19d714656535a077066d Mon Sep 17 00:00:00 2001 From: aptalca <541623+aptalca@users.noreply.github.com> Date: Fri, 20 Dec 2024 12:00:49 -0500 Subject: [PATCH 2/2] remove obsolete armhf checks --- .../s6-rc.d/init-mod-universal-cloudflared-setup/run | 9 +++------ .../s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run | 5 ----- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run index dea854c9..91aadc44 100755 --- a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run +++ b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run @@ -4,13 +4,10 @@ echo "**** Cloudflared setup script init... ****" echo "**** Checking cloudflared setup script requirements... ****" ARCH="$(command arch)" -if [ "${ARCH}" = "x86_64" ]; then +if [ "${ARCH}" = "x86_64" ]; then ARCH="amd64" -elif [ "${ARCH}" = "aarch64" ]; then - ARCH="arm64" -elif [ "${ARCH}" = "armv7l" ]; then - echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****" - exit 0 +elif [ "${ARCH}" = "aarch64" ]; then + ARCH="arm64" else echo "**** Unsupported Linux architecture ${ARCH} found, exiting... ****" exit 1 diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run index 3b890db5..ae7d10a5 100755 --- a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run +++ b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run @@ -1,10 +1,5 @@ #!/usr/bin/with-contenv bash -if [[ $(uname -m) = "armv7l" ]]; then - echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****" - sleep infinity -fi - if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then exec s6-setuidgid abc cloudflared tunnel --no-autoupdate run --token ${CF_REMOTE_MANAGE_TOKEN} elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then