public_git
/
pikvm
mirror of https://github.com/pikvm/pikvm.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix

This commit is contained in:
Maxim Devaev 2023-04-22 21:25:10 +03:00
parent 6e12640434
commit 2c80bd932a
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/cloudflared.md
View File

@ -1,23 +1,30 @@
# Cloudflare Tunnels # Cloudflare Tunnels
[Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/) can be used to access PiKVM over the internet securely using Cloudflare Zero Trust with the ```cloudflared``` daemon. This is a convenient and free (for private use) tool for allowing access to web services running on your internal network without port forwarding or IPv4/IPv6 compatability issues. This document is provided as an example for accessing your pikvm over the internet but you can also use zerotier/tailscale/insert xyz vpn service here. Basic support like whats shown below is provided as an example, any other setting or functionality needs to be redirected to the appropriate community. [Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/) can be used to access PiKVM over the internet securely using Cloudflare Zero Trust with the `cloudflared` daemon. This is a convenient and free (for private use) tool for allowing access to web services running on your internal network without port forwarding or IPv4/IPv6 compatability issues. This document is provided as an example for accessing your PiKVM over the internet but you can also use Zerotier/[Tailscale](tailscale.md)/*Insert XYZ VPN service here*. Basic support like whats shown below is provided as an example, any other setting or functionality needs to be redirected to the appropriate community.
## Prequisites ## Prequisites
1. A domain utilizing Cloudflare for DNS 1. A domain utilizing Cloudflare for DNS
2. A Cloudflare tunnel configured with an application created and secured by an access policy 2. A Cloudflare tunnel configured with an application created and secured by an access policy
## Cloudflare Tunnel Steps ## Cloudflare Tunnel Steps
1. Login to Cloudflare and provision a tunnel using the steps [here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/remote/). Save the tunnel token as we will need this later. In most cases the target will be https://localhost 1. Login to Cloudflare and provision a tunnel using the steps [here](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/remote/). Save the tunnel token as we will need this later. In most cases the target will be https://localhost
2. Create a self-hosted application with the url matching one created in the previous step by following the steps [here](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-apps/).
* You will need to check the http options to disable SSL certificate verification under Tunnels -> Configure -> Public Hostname -> yourapplication.yourdomain -> Edit -> TLS Settings -> No TLS Verify as the PiKVM uses self-signed certificates. 2. Create a self-hosted application with the URL matching one created in the previous step by following the steps [here](https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-apps/).
* You will need to check the http options to disable SSL certificate verification under `Tunnels -> Configure -> Public Hostname -> yourapplication.yourdomain -> Edit -> TLS Settings -> No TLS Verify` as the PiKVM uses self-signed certificates.
* Don't skip the access policies as this important to preventing randoms from the internet from gaining access to your PiKVM. Cloudflare offers a variety of login options with the simplest being One-time PINs that are emailed to you. NOTE: This external authentication will not replace the username/password for the PiKVM but instead supplement it acting as a first line of defense from the internet. * Don't skip the access policies as this important to preventing randoms from the internet from gaining access to your PiKVM. Cloudflare offers a variety of login options with the simplest being One-time PINs that are emailed to you. NOTE: This external authentication will not replace the username/password for the PiKVM but instead supplement it acting as a first line of defense from the internet.
## Installation ## Installation
Unfortunately Cloudflare does not provide binaries for armv7hf so we need to compile from source to generate a working build. Unfortunately Cloudflare does not provide binaries for ARM so we need to compile from source to generate a working build.
### On the PiKVM side ### On the PiKVM side
@ -42,7 +49,7 @@ Unfortunately Cloudflare does not provide binaries for armv7hf so we need to com
3. Insert the following configuration replacing TOKEN VALUE with your token from the Cloudflare tunnel step. 3. Insert the following configuration replacing TOKEN VALUE with your token from the Cloudflare tunnel step.
``` ```ini
[Unit] [Unit]
Description=Cloudflare Tunnel Description=Cloudflare Tunnel
After=network.target After=network.target
@ -61,8 +68,10 @@ Unfortunately Cloudflare does not provide binaries for armv7hf so we need to com
# systemctl enable --now cloudflared # systemctl enable --now cloudflared
# systemctl status cloudflared # systemctl status cloudflared
``` ```
5. Open a web browser and attempt 5. Open a web browser and attempt
## Updating cloudflared ## Updating cloudflared
1. Use these commands to update the ```cloudflared``` daemon: 1. Use these commands to update the ```cloudflared``` daemon: