Merge pull request #991 from linuxserver/universal-cloudflared-cloud-managed

aptalca · web-flow · commit 272e8eb7e208 · 2024-12-20T12:25:07.000-05:00
Add support for remotely managed tunnel
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1
 
 # Build container
-FROM ghcr.io/linuxserver/baseimage-alpine:3.19 AS buildstage
+FROM ghcr.io/linuxserver/baseimage-alpine:3.21 AS buildstage
 
 ARG MOD_VERSION
 
diff --git a/README.md b/README.md
@@ -6,7 +6,48 @@ If no additional parameters are supplied this mod adds [`cloudflared`](https://g
 
 If all additional parameters are supplied this docker mod will also create/configure/route/enable a cloudflare tunnel via `cloudflared` and the cloudflare v4 API.
 
-## Usage
+This mod supports both locally managed and remotely managed tunnels.
+
+## Remotely Managed Tunnel Usage
+
+First create a tunnel on Cloudflare's [Zero Trust Dashboard](https://one.dash.cloudflare.com/) and note the tunnel's token.
+
+Here an example snippet to help you get started using this docker mod.
+
+### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose))
+
+```yaml
+  swag:
+    image: lscr.io/linuxserver/nginx
+    container_name: nginx
+    environment:
+      PUID: 1000
+      PGID: 1000
+      TZ: Europe/London
+      DOCKER_MODS: linuxserver/mods:universal-cloudflared
+      CF_REMOTE_MANAGE_TOKEN: cbvcnbvcjyrtd5erxjhgvkjhbvmhnfchgfchgjv
+    volumes:
+      - /path/to/appdata/config:/config
+    restart: unless-stopped
+```
+
+# Parameters
+
+Container images/mods are configured using parameters passed at runtime (such as those above).
+
+| Parameter | Function | Notes |
+| :----: | --- | --- |
+| `DOCKER_MODS` | Enable this docker mod with `linuxserver/mods:universal-cloudflared` | If adding multiple mods, enter them in an array separated by `\|`, such as `DOCKER_MODS: linuxserver/mods:universal-cloudflared\|linuxserver/mods:universal-mod2` |
+
+### Cloudflare tunnel parameters
+
+| Parameter | Function | Notes |
+| :----: | --- | --- |
+| `CF_REMOTE_MANAGE_TOKEN` | Existing Cloudflare tunnel's token |   |
+
+Once set up, all tunnel config will be handled through the [Zero Trust Dashboard](https://one.dash.cloudflare.com/)
+
+## Locally Managed Tunnel Usage
 
 Here an example snippet to help you get started using this docker mod.
 
diff --git a/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run b/root/etc/s6-overlay/s6-rc.d/init-mod-universal-cloudflared-setup/run
@@ -4,13 +4,10 @@ echo "**** Cloudflared setup script init... ****"
 
 echo "**** Checking cloudflared setup script requirements... ****"
 ARCH="$(command arch)"
-if [ "${ARCH}" = "x86_64" ]; then 
+if [ "${ARCH}" = "x86_64" ]; then
   ARCH="amd64"
-elif [ "${ARCH}" = "aarch64" ]; then 
-  ARCH="arm64" 
-elif [ "${ARCH}" = "armv7l" ]; then 
-  echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****"
-  exit 0
+elif [ "${ARCH}" = "aarch64" ]; then
+  ARCH="arm64"
 else
   echo "**** Unsupported Linux architecture ${ARCH} found, exiting... ****"
   exit 1
@@ -40,7 +37,9 @@ fi
 cloudflared -v
 
 echo "**** Checking for cloudflare tunnel parameters... ****"
-if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then
+if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then
+  echo "**** CF_REMOTE_MANAGE_TOKEN is set, cloudflared will attempt to connect to existing tunnel ****"
+elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]]; then
   if [[ ${#CF_TUNNEL_PASSWORD} -lt 32 ]]; then
     echo "**** Cloudflare tunnel password must be at least 32 characters long, exiting... ****"
     exit 1 
diff --git a/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run b/root/etc/s6-overlay/s6-rc.d/svc-mod-universal-cloudflared/run
@@ -1,11 +1,8 @@
 #!/usr/bin/with-contenv bash
 
-if [[ $(uname -m) = "armv7l" ]]; then
-  echo "**** The universal cloudflared mod no longer supports arm32v7/armhf per https://info.linuxserver.io/issues/2023-07-01-armhf/ ****"
-  sleep infinity
-fi
-
-if [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then
+if [[ -n "${CF_REMOTE_MANAGE_TOKEN}" ]]; then
+    exec s6-setuidgid abc cloudflared tunnel --no-autoupdate run --token ${CF_REMOTE_MANAGE_TOKEN}
+elif [[ ${#CF_ZONE_ID} -gt 0 ]] && [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]] && [[ ${#CF_TUNNEL_CONFIG} -gt 0 ]] && [[ ${#CF_TUNNEL_PASSWORD} -gt 31 ]]; then
     exec s6-setuidgid abc cloudflared tunnel --no-autoupdate --config /etc/cloudflared/config.yml run
 else
     echo "**** Issues with cloudflared settings, sleeping ****"
