15.07.2023
CloudFlare Tunnel can be useful to use reliable alternative to ngrok when you need to expose your application running locally to the outside world.
The following example exposes my application locally running on port 3000 to the Internet on the hostname https://app.prokopov.me
Prerequisites
How does it work?
- cloudflared CLI is an agent running locally and connected to CloudFlare cloud.
- DNS record of type CNAME is created, pointing to the CloudFlare cloud.
- CloudFlare does the routing magic!
resource "cloudflare_tunnel" "main" {
account_id = "777414c2d4e87234087ebac4685e7df6"
name = "tunnel-to-app"
secret = random_id.main.b64_std
}
resource "cloudflare_tunnel_config" "main" {
account_id = "777414c2d4e87234087ebac4685e7df6"
tunnel_id = cloudflare_tunnel.main.id
config {
warp_routing {
enabled = true
}
ingress_rule {
hostname = "app.prokopov.me"
service = "http://localhost:3000"
}
ingress_rule {
service = "http_status:404"
}
}
}
resource "cloudflare_record" "main" {
value = "${cloudflare_tunnel.main.id}.cfargotunnel.com"
proxied = true
name = "app"
type = "CNAME"
zone_id = cloudflare_zone.main.id
}
Local tunnel part
- Find generated token for resource cloudflare_tunnel.main
TOKEN=$(terraform show -json | jq -r '.values.root_module.resources[] | select(.address=="cloudflare_tunnel.main").values.tunnel_token')
- Use token
cloudflared tunnel run --token=${TOKEN} tunnel-to-app
03.04.2023
It is in general very good idea to manage infra configuration as a code. Unfortunately, Mirkotik terrafrom support is basic, as OSS driven.
Nevertheless, I appreciate author for effors.
Here is an example how to use it with Hashicorp Vault.
Commands
export VAULT_ADDR=http://vault_address:8200
export VAULT_TOKEN=<token>
terraform init
terraform plan
Example
main.tf
provider "vault" {}
data "vault_generic_secret" "main" {
path = "common/mikrotik/nexus-home"
}
provider "mikrotik" {
host = data.vault_generic_secret.main.data["address"] # Or set MIKROTIK_HOST environment variable
username = data.vault_generic_secret.main.data["username"] # Or set MIKROTIK_USER environment variable
password = data.vault_generic_secret.main.data["password"] # Or set MIKROTIK_PASSWORD environment variable
tls = false # Or set MIKROTIK_TLS environment variable
ca_certificate = "/path/to/ca/certificate.pem" # Or set MIKROTIK_CA_CERTIFICATE environment variable
insecure = true # Or set MIKROTIK_INSECURE environment variable
}
// /ip address
// :put [find where address="192.168.88.1/24"]
// *1
// terraform import mikrotik_ip_address.lan '*1'
resource "mikrotik_ip_address" "lan" {
address = "192.168.88.1/24"
comment = "LAN Network"
interface = "ether2"
}
// uncomment on release https://github.com/ddelnano/terraform-provider-mikrotik
# resource "mikrotik_firewall_filter_rule" "https" {
# action = "accept"
# chain = "forward"
# comment = "Web access to local HTTP server"
# connection_state = ["new"]
# dst_port = "443"
# in_interface = "ether1"
# in_interface_list = "local_lan"
# out_interface_list = "ether3"
# protocol = "tcp"
# }
terraform.tf
terraform {
required_providers {
mikrotik = {
source = "ddelnano/mikrotik"
version = "0.10.0"
}
}
}
17.03.2023
There are lots of options to greet collegue or close ones with cards.
This one was recommended by one of the coworkers.
Group Greeting Cards
06.08.2013
Все течет, все меняется.
Когда-то тебе нравились одни штуки, проходит некоторое время, и тебе уже нравятся другие. Мы меняемся, а вместе с нами и мировосприятие.
Так и с этим блогом. Для чего «рюшечки» и красивое «журнальное» и скеуоморфное оформление блога, если люди сюда приходят почитать?
Поэтому встречайте другую крайность — Content is the King. Иными словами суровый минимализм.
Как вам?
