-
Notifications
You must be signed in to change notification settings - Fork 1
/
firecow_cloudflared
executable file
·75 lines (60 loc) · 2.63 KB
/
firecow_cloudflared
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/usr/bin/env sh
set -e
# function that prints info message, if TUNNEL_LOGLEVEL is debug or info
printInfo() {
echo "${TUNNEL_LOGLEVEL}" | grep -q -E '^(debug|info)$' || return 0
formattedDate=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo "$formattedDate INF ${1}"
}
# function that prints fatal message and exits
printAndExit() {
formattedDate=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo >&2 "$formattedDate FAT ${2}"
exit "${1}"
}
if [ -n "${TUNNEL_NAME}" ]; then
printAndExit 1 "You cannot use TUNNEL_NAME it's derived from TUNNEL_HOSTNAME"
fi
if [ -n "${TUNNEL_FORCE_PROVISIONING_DNS}" ]; then
printAndExit 1 "You cannot use TUNNEL_FORCE_PROVISIONING_DNS it's determined via route dns command"
fi
if [ -z "${TUNNEL_HOSTNAME}" ]; then
printAndExit 1 "You need to specify TUNNEL_HOSTNAME"
fi
if [ -z "${TUNNEL_URL}" ] && [ -z "${TUNNEL_UNIX_SOCKET}" ]; then
printAndExit 1 "You need to specify TUNNEL_URL or TUNNEL_UNIX_SOCKET"
fi
# Make sure TUNNEL_LOGLEVEL is valid
echo "${TUNNEL_LOGLEVEL}" | grep -q -E '^(debug|info|warn|error|fatal)$' || printAndExit $? "TUNNEL_LOGLEVEL must be debug|info|warn|error|fatal"
# Infer tunnel name
derived_tunnel_name=$(echo "${TUNNEL_HOSTNAME}" | sed "s,^.*://,,g" | tr '[:upper:]' '[:lower:]')
unset TUNNEL_HOSTNAME
# Fetch tunnel token
cloudflared --loglevel 'error' tunnel token "${derived_tunnel_name}" > /tmp/creds.json || exit_code=$?
if [ -z "${exit_code}" ]; then
# Infer tunnel id and place correct cred json file
tunnel_id=$(base64 -d < /tmp/creds.json | jq -r '.t')
base64 -d < /tmp/creds.json | jq '.["AccountTag"] = .a | .["TunnelID"] = .t | .["TunnelSecret"] = .s' > /etc/cloudflared/"${tunnel_id}".json
else
# Create the tunnel
printInfo "Creating new named tunnel '${derived_tunnel_name}'"
cloudflared --loglevel 'error' tunnel create "${derived_tunnel_name}" 1>/dev/null
# Point a DNS record to the tunnel
printInfo "Routing dns from '${derived_tunnel_name}' to tunnel"
cloudflared --loglevel 'error' tunnel route dns --overwrite-dns "${derived_tunnel_name}" "${derived_tunnel_name}"
cloudflared --loglevel 'error' tunnel token "${derived_tunnel_name}" > /tmp/creds.json
# Infer tunnel id and place correct cred json file
tunnel_id=$(base64 -d < /tmp/creds.json | jq -r '.t')
base64 -d < /tmp/creds.json | jq '.["AccountTag"] = .a | .["TunnelID"] = .t | .["TunnelSecret"] = .s' > /etc/cloudflared/"${tunnel_id}".json
fi
# Add config file
cat << EOF > /etc/cloudflared/config.yml
---
tunnel: ${tunnel_id}
credentials-file: /etc/cloudflared/${tunnel_id}.json
ingress:
- service: ${TUNNEL_URL:-$TUNNEL_UNIX_SOCKET}
EOF
unset TUNNEL_URL
unset TUNNEL_UNIX_SOCKET
exec "cloudflared" "tunnel" "run"