• Tags
AI
Ansible
APP
BASH
Browser
Byte
Chart
Checklist
Chrome OS
CI
Cloudflare
Command Line
Config
Container
CURL
Data
Debug
Docker
Emoji
EMQX
GIN
Git
Github
Gitlab
Go
Golang
Google
GraphQL
HTTP
Infra
Infrastructure
Introduction
ITerm2
Kubernetes
Leetcode
Lightweight
Linux
Llm
Lua
Machinelearning
MacOS
Markdown
MQTT
Network
Nginx
Ollama
Prometheus
Protobuf
Proxy
Push
Python
QRCode
Redis
Regex
Security
SFTP
SHELL
Slides
Snow
Software
Ssh
String
Switch
Synology
Terminal
Timeout
Travel
Tunnel
URL
Video
Visualization
VScode
Web
Youtube
Zero Trust
台語

Cloudflare Zero Trust

Connect private networks 1. Set up the client Create device enrollment rules Create device enrollment rules to determine which devices can enroll to Zero Trust organization. Set device enrollment permissions In Zero Trust, go to Settings > WARP Client > Device enrollment > Device enrollment permissions > Manage. Rules > Policies > Add a rule > Include > Selector > Emails ending in > Value > @ruru910.com. 2. Route private network IPs through WARP In Zero Trust, go to Settings > WARP Client > Device settings > Profile settings > Profile name > Default > Configure. Configure settings: Enabled: Captive portal detection, Mode switch, Allow device to leave organization, Allow updates. Service mode: Gateway with WARP. Local Domain Fallback > Manage > Domain > nas.ruru910.com. Split Tunnels: Exclude IPs and domains > Manage. Delete the IP range of nas.ruru910.com. 3. Filter network traffic with Gateway 1. Enable the Gateway proxy In Zero Trust, go to Settings > Network. Gateway Logging: Capture all. Firewall: Proxy(TCP, UDP, ICMP), WARP to WARP, AV inspection. 2. Create Zero Trust policies Go to Access > Applications > Add an application > Private Network > Application Type > Destination IP. For Value, enter the IP address for your application (for example, 10.128.0.7). Modify policy > identify > Selector > User Email > in > @ruru910.com. Reference Connect private networks Configure Local Domain Fallback Configure Split Tunnels Traffic routing with WARP

Tuesday, September 26, 2023 Read

Cloudflare tunnel on Synology

Setup Synology Create a directory in docker directory, such as cloudflare-tunnel. Download cloudflared/cloudflared image to registry. ssh to admin@synology Change cloudflare-tunnel owner, sudo chown -R 65532:65532 /volume1/docker/cloudflare-tunnel. Run containers - cloudflared tunnel login Run container and mount volume docker/cloudflare-tunnel:/home/nonroot/.cloudflared. Select Use the same network as Docker Host in network tab. Add command tunnel login in envorinment tab. Go to container log, and copy login url. Paste url to browser and authorize the zone. Export the container setting json to the directory cloudflare-tunnel. - cloudflared tunnel create synology-tunnel Edit the container setting json in the the directory cloudflare-tunnel, modify cmd. tunnel create synology-tunnel. Import the container setting json and run a new container. The container will stop and create tunnel config json in cloudflare-tunnel. Create config.yml and write ingress rules. In config.yml, tunnel value is the same as the tunnel config json name, and credentials-file is /home/nonroot/.cloudflared/tunnel config json Export the second container setting json to the directory cloudflare-tunnel. - cloudflared tunnel route dns synology-tunnel synology.ruru910.com Edit the second container setting json in the the directory cloudflare-tunnel, modify cmd. tunnel route dns synology-tunnel synology.ruru910.com. Import the second container setting json and run a new container. The container will stop and create a dns record mapping domain to the tunnel. - cloudflared tunnel run synology-tunnel Edit the second container setting json in the the directory cloudflare-tunnel, modify cmd. tunnel run synology-tunnel. Import the second container setting json and run a new container. The tunnel now is connectable. Reference CLOUDFLARE tunnel on SYNOLOGY. (the raw way)

Monday, September 25, 2023 Read