Added cloudflared service #545
Conversation
README.md
Outdated
| @@ -20,6 +20,7 @@ If you have a spare domain name you can configure applications to be accessible | |||
| * [Booksonic](https://booksonic.org/) - The selfhosted audiobook server | |||
| * [Calibre-web](https://github.com/janeczku/calibre-web) - Provides a clean interface for browsing, reading and downloading eBooks using an existing Calibre database. | |||
| * [Cloud Commander](https://cloudcmd.io/) - A dual panel file manager with integrated web console and text editor | |||
| * [Cloudflared (Argo tunnel)](https://github.com/cloudflare/cloudflared) - Bypass Carrier Grade NAT (CGNAT) restrictions by serving your services through a direct Cloudflare connection | |||
There was a problem hiding this comment.
I think this needs tweaking - the name has been changed to "Cloudflare Tunnel", and it'd be better to mention its primary purpose (increasing security with a private VPN tunnel into the Cloudflare network).
There was a problem hiding this comment.
This makes sense, I just used cloudflared to bypass CGNAT but I see how it's useful to show its other capabilities to the user
docs/applications/cloudflared.md
Outdated
|
|
||
| Cloudflare: [https://www.cloudflare.com](https://www.cloudflare.com) | ||
|
|
||
| This service is very useful when your NAS doesn't have a static IP and it's situated a [Carrier Grade NAT](https://en.wikipedia.org/wiki/Carrier-grade_NAT). With this approach your NAS is connected directly to the Cloudflare servers, which allow public access to your externally available applications. |
There was a problem hiding this comment.
NAT circumvention is a useful feature but not the primary purpose
roles/cloudflared/tasks/main.yml
Outdated
| restart_policy: unless-stopped | ||
| command: "tunnel --no-autoupdate run --token {{ cloudflared_token }}" | ||
| network_mode: "host" | ||
| recreate: true |
There was a problem hiding this comment.
Is it necessary to recreate the container on every run?
There was a problem hiding this comment.
Sorry my mistake, it's left behind from my personal setup in which I was setting watchtower labels for autoupdate, which requires recreating the container
📝 improved description of the cloudflared application
|
I found myself setting this up recently so I thought I'd toss a link to my cloudflared branch in case either of you found any of it useful. The only real differences are in documentation and the way that I set up the container. Instead of setting it up with host networking, I use a bit of Ansible to identify the host IP address in the bridge network, then configure the containers |
|
Hi @HitLuca This version looks promissing. Right now I am using @allthestairs approach but I would like to make it more automatic and ready for traefik serving me also internal domains. I dug a bit and found aeleos/cloudflared#14 (comment) |
What this PR does / why we need it: Adds Cloudflare Argo tunnel support through cloudflared, very useful when a user is behind a Carrier Grade NAT (often the case when using a SIM card for internet connection)
Which issue (if any) this PR fixes:
Fixes #522