route1337.manage_cloudflared

Panoramica Versioni Approfondimenti

Ansible Role - manage_cloudflared

This repository contains the Ansible role for setting up a cloudflared server in WARP mode or ingress mode.

What This Role Does

This Ansible role helps you configure cloudflared on an Ubuntu 20.04+ server in either WARP tunnel mode or ingress mode.

  1. Download and install cloudflared from a package repository.
  2. Set up cloudflared:
    1. Configure it to run as a service.
    2. Start the cloudflared service.

Variables

You need to provide tunnel configuration files because this role does not include authentication and tunnel creation for security.

The following variables are required:

  1. manage_cloudflared.warp - Use WARP tunneling instead of ingress. (Default: false)
    manage_cloudflared.warp: true
manage_cloudflared.tunnel_uuid: "a1b234c5-de67-89f0-g123-4hi5jk678l90"
manage_cloudflared.account_tag: "1234567abcdefg890123hijklom45678"
manage_cloudflared.tunnel_secret: "YmFkc2VjcmV0Cg=="
manage_cloudflared.tunnel_name: "internal_warp"
  2. You can use either the manage_cloudflared.console_token method or the local configuration method:
    console_token: "BASE64 STRING OF TUNNEL TOKEN"
    OR
    manage_cloudflared.tunnel_uuid: "a1b234c5-de67-89f0-g123-4hi5jk678l90"
manage_cloudflared.account_tag: "1234567abcdefg890123hijklom45678"
manage_cloudflared.tunnel_secret: "YmFkc2VjcmV0Cg=="
manage_cloudflared.tunnel_name: "internal_websites"
manage_cloudflared.ingresses:
   - hostname: statuspage.externaldomain.com
     service: "https://10.1.2.3:443"
     dont_verify_ssl: true
     host_header: "status.internaldomain.com"
   - hostname: timeclock.externaldomain.com
     service: "https://timeclock.internaldomain.net:443"
   - hostname: timeclock.externaldomain.com
     service: "https://timeclock.internaldomain.net:443"

ZTA Managed Tunnels

If you are using manage_cloudflared.console_token, you don’t need to specify any other variables since the Zero Trust Console will handle everything else.

Also, please note that switching between config file-managed and ZTA-managed tunnels won't work smoothly. The service install test only checks if the service exists, so if you install one before the other, the old service style will not be removed. You will need to delete the old service manually.

Testing

All testing for this role is done manually, given the nature of the service.
Please refer to TESTING.md for details and instructions on testing.

The open-source code by Route 1337 LLC relies on donations. If you find this Ansible role helpful, please consider supporting us via the GitHub Sponsors button.

Thank you for your support!

Informazioni sul progetto

Deploy and configure cloudflared using pre-created tunnel credentials

role cloudflared reverseproxy security vpn zerotrust
Installa
ansible-galaxy install route1337.manage_cloudflared
GitHub repository
1 stelle
0 fork
1 problemi aperti
Licenza
mit
Download
147
Proprietario
Route 1337 LLC
Modern InfoSec, Zero Trust, and DevOps consulting for Web2 and Web3 clients.