#!/bin/bash # Configure Cloudflare Tunnel on VM 100 # Run this script AFTER SSH'ing to VM 100 (192.168.1.244) # Usage: From root@pve: ssh ubuntu@192.168.1.244, then run this script set -e SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" # Load environment variables if [ -f "$PROJECT_ROOT/.env" ]; then set -a source <(grep -v '^#' "$PROJECT_ROOT/.env" | grep -v '^$' | sed 's/#.*$//' | grep '=') set +a else echo "Error: .env file not found. Please set these variables:" echo " CLOUDFLARE_TUNNEL_TOKEN" echo " CLOUDFLARE_ACCOUNT_ID" echo " CLOUDFLARE_DOMAIN" exit 1 fi echo "=========================================" echo "Cloudflare Tunnel Configuration" echo "=========================================" echo "" # Create directories and user echo "Creating directories and user..." sudo mkdir -p /etc/cloudflared sudo useradd -r -s /bin/false cloudflared 2>/dev/null || true sudo chown cloudflared:cloudflared /etc/cloudflared echo "✓ Directories and user created" echo "" # Create config file echo "Creating config file..." sudo tee /etc/cloudflared/config.yml > /dev/null << CONFIGEOF tunnel: $CLOUDFLARE_TUNNEL_TOKEN credentials-file: /etc/cloudflared/credentials.json ingress: - hostname: grafana.$CLOUDFLARE_DOMAIN service: http://192.168.1.82:3000 - hostname: prometheus.$CLOUDFLARE_DOMAIN service: http://192.168.1.82:9090 - hostname: git.$CLOUDFLARE_DOMAIN service: http://192.168.1.121:3000 - hostname: proxmox-ml110.$CLOUDFLARE_DOMAIN service: https://192.168.1.206:8006 originRequest: noTLSVerify: true - hostname: proxmox-r630.$CLOUDFLARE_DOMAIN service: https://192.168.1.49:8006 originRequest: noTLSVerify: true - service: http_status:404 CONFIGEOF sudo chown cloudflared:cloudflared /etc/cloudflared/config.yml sudo chmod 600 /etc/cloudflared/config.yml echo "✓ Config file created" echo "" # Create credentials file echo "Creating credentials file..." sudo tee /etc/cloudflared/credentials.json > /dev/null << CREDEOF { "AccountTag": "$CLOUDFLARE_ACCOUNT_ID", "TunnelSecret": "$CLOUDFLARE_TUNNEL_TOKEN" } CREDEOF sudo chown cloudflared:cloudflared /etc/cloudflared/credentials.json sudo chmod 600 /etc/cloudflared/credentials.json echo "✓ Credentials file created" echo "" # Create systemd service echo "Creating systemd service..." sudo tee /etc/systemd/system/cloudflared.service > /dev/null << SERVICEEOF [Unit] Description=Cloudflare Tunnel After=network.target [Service] Type=simple User=cloudflared ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/config.yml run Restart=on-failure RestartSec=10s StandardOutput=journal StandardError=journal [Install] WantedBy=multi-user.target SERVICEEOF echo "✓ Service file created" echo "" # Enable and start service echo "Enabling and starting service..." sudo systemctl daemon-reload sudo systemctl enable cloudflared sudo systemctl start cloudflared sleep 3 echo "" echo "=========================================" echo "Configuration Complete" echo "=========================================" echo "" # Check status echo "Service Status:" sudo systemctl status cloudflared --no-pager | head -15 echo "" echo "Files created:" ls -la /etc/cloudflared/ echo "" echo "Recent logs:" sudo journalctl -u cloudflared -n 10 --no-pager echo "" echo "=========================================" echo "Next Steps:" echo "1. Verify service is running: systemctl status cloudflared" echo "2. View logs: journalctl -u cloudflared -f" echo "3. Configure DNS records in Cloudflare Dashboard" echo "========================================="