Eddie Seelke Posted January 4, 2023 Share Posted January 4, 2023 I would love to see cloudflared as a native plugin for unRAID. I know that there is a docker container, but it would be, in my opinion, better to have it native so that it runs even when the array is offline. This is a much easier way to proxy sites to containers. It does not require any ports to be forwarded and users cannot get your home public IP address. And, it can be used to connect to your home network when away by using the 1.1.1.1 client. This seems to be a must have for anyone wanting to share data and keep their network secure. 3 Quote Link to comment
Eddie Seelke Posted January 9, 2023 Author Share Posted January 9, 2023 (edited) So, I would still love to see this as a plug-in for unRAID. But, I have managed to scrape together a script that will work in the meantime. It's not perfect, but it does work so I thought I would share in case it helps someone else. I am using the User Scripts plugin. I created a script called argo_tunnel and pasted the following into it. #!/bin/bash # #description=Create Cloudflare Zero Trust Tunnel #backgroundOnly=true #arrayStarted=false #noParity=false #clearLog=true # Create Cloudflare Zero Trust Tunnel # #--DEFINE VARIABLES--# # Set tunnel token found at https://one.dash.cloudflare.com argotoken=PASTETOKENHERE # Set folder for executables argofolder=/root/argo #--START SCRIPT--# /usr/local/emhttp/plugins/dynamix/scripts/notify -s "Cloudflare Tunnel" -d "Starting Cloudflare Tunnel." mkdir -p $argofolder # Download supervisor and cloudflared and make executable wget -nc https://m1l7.c18.e2-3.dev/files/unraid/supervisord -P $argofolder/ chmod +x $argofolder/supervisord wget -nc -O $argofolder/cloudflared https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 chmod +x $argofolder/cloudflared # Create supervisord conf file cat > $argofolder/supervisord.conf << EOL [unix_http_server] file = /var/run/supervisor.sock chmod = 0777 chown= nobody:nogroup [program:cloudflared] command = $argofolder/cloudflared --protocol quic tunnel run --token $argotoken autostart = true autorestart = true startsecs = 20 startretries = 100 redirect_stderr = true stdout_logfile = /var/log/cloudflared.log stdout_logfile_maxbytes = 2M stdout_logfile_backups = 0 stopsignal = INT EOL #Run Cloudflare Tunnel $argofolder/supervisord -c $argofolder/supervisord.conf -d #Stop Notification #/usr/local/emhttp/plugins/dynamix/scripts/notify -s "Cloudflare Tunnel" -d "Stopping Cloudflare Tunnel." There are two variables. $argotoken - You will need to add your token from https://one.dash.cloudflare.com/ replacing PASTETOKENHERE. $argofolder - You can change this or leave the default to your liking. It does not seem as if there is a way to start scripts in User Scripts at boot. Since I wanted this to start even if the array doesn't start, I added the following line to my /boot/config/go file. sh /boot/config/plugins/user.scripts/scripts/argo_tunnel/script If you didn't choose the same name for the script, you will need to update the path for the script above. And, if you don't want to edit the go file, you can simply choose "At First Array Start Only" for your script in User Scripts. If this helps, please leave a comment. And, if you know a better way to implement this, please let me know. Edited June 3, 2023 by Eddie Seelke Changed URL for supervisord Quote Link to comment
Kaldek Posted January 23, 2023 Share Posted January 23, 2023 Hi mate, I have set up the Docker container from the official repo and it's working well, with a few items that I suspect you are a good source to discuss them with: Access via the tunnel to the myunraid.net URL does not work unless I set TLS to "Yes" rather than "strict" so that it uses the self-signed certificate (and I set TLS verification to off in the Cloudflare portal What is the correct setup if the internal host is accessed via DNS (e.g. host.mydomain.local) rather than IP address? It's literally day 1 here so these are questions I would probably be able to work out later anyway. Figured it can't hurt to ask. Quote Link to comment
ricostuart Posted March 5, 2023 Share Posted March 5, 2023 This is something I've been looking for! But when I run the script, I get a continuous error : INFO[2023-03-05T09:49:45Z] create process:cloudflared INFO[2023-03-05T09:49:45Z] stop listening INFO[2023-03-05T09:49:45Z] try to start program program=cloudflared INFO[2023-03-05T09:49:45Z] success to listen on address addr=/var/run/supervisor.sock protocol=unix DEBU[2023-03-05T09:49:45Z] wait program exit program=cloudflared INFO[2023-03-05T09:49:46Z] fail to wait for program exit program=cloudflared DEBU[2023-03-05T09:49:46Z] wait program exit program=cloudflared INFO[2023-03-05T09:49:46Z] fail to wait for program exit program=cloudflared DEBU[2023-03-05T09:49:46Z] wait program exit program=cloudflared Any ideas? I have the tunnel running via docker no problem. I've also had it running as a service on debian too without issue. And I've checked the tunnel token. Unless I'm using the wrong thing? Presuming that the tunnel token is what the code is needing...... Quote Link to comment
jbrukardt Posted June 2, 2023 Share Posted June 2, 2023 wget -nc http://s3.syncd.tech/files/unraid/supervisord ^^ this seems to be an invalid URL Quote Link to comment
Eddie Seelke Posted June 3, 2023 Author Share Posted June 3, 2023 20 hours ago, jbrukardt said: wget -nc http://s3.syncd.tech/files/unraid/supervisord ^^ this seems to be an invalid URL Sorry, I had switched to iDrive recently. Change the URL to https://m1l7.c18.e2-3.dev/files/unraid/supervisord The first URL will also work if you use https. But, if I forget to update the SSL certificate, which expires every three months, it might fail. The dev url should always work. Quote Link to comment
boomam Posted June 6, 2023 Share Posted June 6, 2023 The issue here is that not everyone is comfortable with Cloudflare tunnels - Some prefer traditional VPN, some Tailscale, etc. Equally, in order for the tunnel software to remain compatible, regular updates are needed. Unraid just isnt updated often enough for that to be possible. It would make more sense imo, to decouple the docker daemon running from the array. As an example, I run my docker images from a dedicated cache drive. For stateless containers like Cloudflared, it does not need or use storage beyond the image to start from - there is no need for the array in this case. Decoupling as such gives that flexibility for truly stateless containers to run without the array, without forcing a specific ongoing "feature" requirement on the Unraid dev team. 1 Quote Link to comment
Eddie Seelke Posted June 6, 2023 Author Share Posted June 6, 2023 2 hours ago, boomam said: Decoupling as such gives that flexibility for truly stateless containers to run without the array, without forcing a specific ongoing "feature" requirement on the Unraid dev team. I'm not sure I follow. I don't believe there is anything in this thread specifying that the unRAID dev team should create a cloudflared plugin. The script I made allows you to run the cloudflared tunnel without needing the array up and running. It does not update itself while running, but does get the latest version every time it starts. If I had the skillset, I would be happy to make an installable plugin for unRAID that would do this without having to use this script. However, is someone wanted to take my hodgepod script as an example and create said plugin, I would be happy to help in any way I can. 1 Quote Link to comment
ech0 Posted July 25, 2023 Share Posted July 25, 2023 On 6/6/2023 at 11:55 AM, Eddie Seelke said: I'm not sure I follow. I don't believe there is anything in this thread specifying that the unRAID dev team should create a cloudflared plugin. You said twice in your first 2 posts.... On 1/4/2023 at 2:34 PM, Eddie Seelke said: I would love to see cloudflared as a native plugin for unRAID. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.