82 lines
3.6 KiB
Markdown
82 lines
3.6 KiB
Markdown
# ☁️ Cloudflare & Tunnel Configuration - Home Lab
|
|
|
|
This document outlines the Cloudflare account, tunnel configurations, connector deployments, certificate handling, and service exposure details for secure external access to homelab services.
|
|
|
|
---
|
|
|
|
## 🌐 Cloudflare Account
|
|
|
|
| Field | Value |
|
|
|---------------------|---------------------------|
|
|
| **Email** | chris.darrigo@gmail.com |
|
|
| **Domains Managed** | `wtfsolutions.cc`, `whatsolutions.us` |
|
|
| **DNS Provider** | Cloudflare (nameservers: `aspen.ns.cloudflare.com`, `jeremy.ns.cloudflare.com`) |
|
|
| **Cloudflare Access** | Not in use currently |
|
|
|
|
---
|
|
|
|
## 🔒 TLS & Certificate Management
|
|
|
|
| Field | Value |
|
|
|----------------------------|--------------------------------------------|
|
|
| **TLS Termination** | Cloudflare Proxy (edge termination) |
|
|
| **TLS Mode (`wtfsolutions.cc`)** | Full or Full (Strict) (recommended) |
|
|
| **TLS Mode (`whatsolutions.us`)** | Flexible or Full |
|
|
| **Home Assistant Cert** | Issued by Google Trust Services (CN=WE1) |
|
|
| **Nextcloud Cert** | Issued by Cloudflare Origin CA |
|
|
| **Cert Expiry (HA)** | Sep 20, 2025 |
|
|
| **Cert Expiry (Nextcloud)**| Sep 19, 2025 |
|
|
| **Renewal** | Automatic (Cloudflare-managed) |
|
|
|
|
---
|
|
|
|
## 🔁 Tunnels & Service Routing
|
|
|
|
### Tunnel 1: `nextcloud-tunnel`
|
|
|
|
| Field | Value |
|
|
|---------------------|------------------------------------------------------|
|
|
| **Tunnel ID** | `18240cbb-71f2-4767-89e7-f6f18186da3b` |
|
|
| **Connector Location** | LXC 111 (Nextcloud container) |
|
|
| **Version** | cloudflared 2025.7.0 |
|
|
| **Binary Path** | `/usr/bin/cloudflared` |
|
|
| **Config File** | `/root/.cloudflared/config.yml` |
|
|
| **Tunnel Command** | `cloudflared tunnel --config /root/.cloudflared/config.yml run` |
|
|
| **Credentials File** | `/root/.cloudflared/18240cbb-71f2-4767-89e7-f6f18186da3b.json` |
|
|
|
|
**Ingress Rules**:
|
|
```yaml
|
|
ingress:
|
|
- hostname: drive.whatsolutions.us
|
|
service: http://localhost:11000
|
|
originRequest:
|
|
originServerName: drive.whatsolutions.us
|
|
noTLSVerify: true
|
|
http2Origin: true
|
|
disableChunkedEncoding: true
|
|
- service: http_status:404
|
|
```
|
|
|
|
---
|
|
|
|
### Tunnel 2: `homeassistant`
|
|
|
|
| Field | Value |
|
|
|---------------------|----------------------------------------------------|
|
|
| **Tunnel ID** | `8a3cb4ad-4538-4709-bf3c-aa52db05bfc4` |
|
|
| **Status** | Created, not actively running |
|
|
| **Expected Hostname**| `wtfsolutions.cc` |
|
|
| **Connector Location** | LXC 111 (same as Nextcloud + cloudflared) |
|
|
| **Config** | Not registered in `config.yml` |
|
|
| **Expected Routing** | Home Assistant (`192.168.1.36:8123`) via tunnel |
|
|
|
|
---
|
|
|
|
## 🔐 Notes
|
|
|
|
- `cloudflared` is installed and managed in LXC 111
|
|
- The config file `/root/.cloudflared/config.yml` currently runs `nextcloud-tunnel` only
|
|
- `homeassistant` tunnel credentials exist but the tunnel is not active (yet)
|
|
- No Cloudflare Access (SSO or 2FA policies) is enforced for either subdomain
|
|
- All service credentials stored in Bitwarden → folder `homelab`
|
|
- Tunnel routing is HTTP-only behind Cloudflare (TLS at edge) |