crash.software
Projects
Pull Requests
Issues
Builds
pikvm
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY pikvm Commits 6e126404
🤬

  • Added tutorial for using cloudflared (#922)

    * Added tutorial for using cloudflared

This provides a remote access solution that doesn't rely on port forwarding or requiring any software to be installed on the remote pc.

* Updated to use latest release sourcecode

Removed the requirement to use git to pull code and streamlined for more automated builds.
  • Loading...
  • Solareon committed with GitHub 1 year ago
    6e126404
    1 parent 6e9b1c60
  • ■ ■ ■ ■ ■ ■
    docs/cloudflared.md
     1 +# Cloudflare Tunnels
     2 + 
     3 +[Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/) can be used to access PiKVM over the internet securely using Cloudflare Zero Trust with the ```cloudflared``` daemon. This is a convenient and free (for private use) tool for allowing access to web services running on your internal network without port forwarding or IPv4/IPv6 compatability issues. This document is provided as an example for accessing your pikvm over the internet but you can also use zerotier/tailscale/insert xyz vpn service here. Basic support like whats shown below is provided as an example, any other setting or functionality needs to be redirected to the appropriate community.
     4 + 
     5 +## Prequisites
     6 +
     7 +1. A domain utilizing Cloudflare for DNS
     8 +2. A Cloudflare tunnel configured with an application created and secured by an access policy
     9 + 
     10 +## Cloudflare Tunnel Steps
     11 + 
     12 +1. Login to Cloudflare and provision a tunnel using the steps [here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/remote/). Save the tunnel token as we will need this later. In most cases the target will be https://localhost
     13 +2. Create a self-hosted application with the url matching one created in the previous step by following the steps [here](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-apps/).
     14 + * You will need to check the http options to disable SSL certificate verification under Tunnels -> Configure -> Public Hostname -> yourapplication.yourdomain -> Edit -> TLS Settings -> No TLS Verify as the PiKVM uses self-signed certificates.
     15 + 
     16 + * Don't skip the access policies as this important to preventing randoms from the internet from gaining access to your PiKVM. Cloudflare offers a variety of login options with the simplest being One-time PINs that are emailed to you. NOTE: This external authentication will not replace the username/password for the PiKVM but instead supplement it acting as a first line of defense from the internet.
     17 +
     18 +## Installation
     19 + 
     20 +Unfortunately Cloudflare does not provide binaries for armv7hf so we need to compile from source to generate a working build.
     21 + 
     22 +### On the PiKVM side
     23 + 
     24 +1. Use these commands:
     25 + 
     26 + ```
     27 + # rw
     28 + # pacman -Syu go
     29 + # curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest | grep "tarball_url" | cut -d '"' -f 4 | xargs curl -LJo cloudflared-latest.tar.gz
     30 + # tar -xzvf cloudflared-latest.tar.gz --transform 's|[^/]*/|cloudflared/|'
     31 + # cd cloudflared/cmd/cloudflared/
     32 + # go build
     33 + # mv cloudflared /usr/bin/cloudflared
     34 + # cloudflared version
     35 + ```
     36 + 
     37 +2. Create the service configuration file
     38 +
     39 + ```
     40 + # systemctl edit --full cloudflared.service
     41 + ```
     42 + 
     43 +3. Insert the following configuration replacing TOKEN VALUE with your token from the Cloudflare tunnel step.
     44 + 
     45 + ```
     46 + [Unit]
     47 + Description=Cloudflare Tunnel
     48 + After=network.target
     49 +
     50 + [Service]
     51 + TimeoutStartSec=0
     52 + Type=notify
     53 + ExecStart=/usr/bin/cloudflared --protocol quic tunnel run --token <TOKEN VALUE>
     54 + Restart=on-failure
     55 + RestartSec=5s
     56 + ```
     57 + 
     58 +4. Afterwards verify service is started and stays running
     59 + 
     60 + ```
     61 + # systemctl enable --now cloudflared
     62 + # systemctl status cloudflared
     63 + ```
     64 +5. Open a web browser and attempt
     65 + 
     66 +## Updating cloudflared
     67 + 
     68 +1. Use these commands to update the ```cloudflared``` daemon:
     69 +
     70 + ```
     71 + # rw
     72 + # rm -rf cloudflared/
     73 + # curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest | grep "tarball_url" | cut -d '"' -f 4 | xargs curl -LJo cloudflared-latest.tar.gz
     74 + # tar -xzvf cloudflared-latest.tar.gz --transform 's|[^/]*/|cloudflared/|'
     75 + # cd cloudflared/cmd/cloudflared/
     76 + # go build && mv cloudflared /usr/bin/cloudflared
     77 + # systemctl restart cloudflared
     78 + ```
     79 + 
  • ■ ■ ■ ■ ■
    mkdocs.yml
    skipped 68 lines
    69 69   - "Internet access":
    70 70   - "Port forwarding": port_forwarding.md
    71 71   - "Tailscale VPN": tailscale.md
     72 + - "Cloudflare Tunnel": cloudflare.md
    72 73   - "Setting up Wi-Fi": wifi.md
    73 74   - "Let's Encrypt certificates": letsencrypt.md
    74 75   - "Video":
    skipped 25 lines
Please wait...
Page is in error, reload to recover