sumarsono.com
Take it with a grain of salt


Expose Local Lxd Container Ke Internet Pakai Cloudflare Argo Tunnel

Posted on

Smart Routing, Cloudflare’s traffic acceleration feature. Starting today, we’re excited to announce that any organization can use the secure, outbound-only connection feature of the product at no cost. You can still add the paid Argo Smart Routing feature to accelerate traffic.

Sumber: A Boring Announcement: Free Tunnels for Everyone

Kabar gembira tentunya, untuk aku dan kalian yang butuh Argo Tunnel. Argo tunnel bisa kita pakai untuk ekspose service lokal ke internet. Gampangnya gini:

Aku bikin web app, aku jalanin app tsb di laptopku, aku pengen temenku yang beda pulau untuk melihat app-ku dan menjajalnya. Mau di taruh di hosting kok gk menguntungkan orang cobanya cuma 1-2 jam, app-nya juga baru setengah jadi. Salah satu cara untuk ekspose aplikasi ku ke internet adalah pakai argo tunnel, nanti temenku bisa buka app-ku via appku.sumarsono.com misalnya.

Begitu kira-kira.

Namun, dalam kasus sekarang aku mau expose adguard yang ada di dalam kontainer lxc/lxd, supaya flow-nya lebih kelihatan.

Pertama, taruh domain di cloudflare

Syarat mutlak untuk pakai Argo Tunnel. Domain yang akan kita pakai harus pakai nameserver cloudflare, di manage di cloudflare. Free juga kok, tenang.

Kedua, install cloudflared

Silakan ikuti petuah di dokumentasi official. lebih jos. Aku pribadi memilih run compiled binary yang mereka sediakan. Tinggal download dan jalankan.

Ketiga, login cloudflared

Cukup jalanin command di terminal

┌─[sumar][tingpret][~/opt]
└─▪  cloudflared tunnel login
A browser window should have opened at the following URL:

https://dash.cloudflare.com/argotunnel?xxxyyyzzzdst

If the browser failed to open, please visit the URL above directly in your browser.
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
/home/sumar/.cloudflared/cert.pem

Lalu ikuti wizard-nya.

Keempat, bikin argo tunnel

┌─[sumar][tingpret][~/opt]
└─▪ cloudflared tunnel create lxd-adguard
Tunnel credentials written to /home/sumar/.cloudflared/xxx-yyy-zzz-aaa-bbb.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.

Created tunnel lxd-adguard with id xxx-yyy-zzz-aaa-bbb

Catat baik-baik itu tunnel id dan tunnel credential-nya

Kelima, bikin config untuk cloudflared

Aku harus cek ip dari container adguard yang akan aku expose ke internet

┌─[sumar][tingpret][~/opt]
└─▪  lxc list
+---------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
|        NAME         |  STATE  |         IPV4         |                     IPV6                      |   TYPE    | SNAPSHOTS |
+---------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| adguard             | RUNNING | 10.179.72.2 (eth0)   | fd42:26d1:59e3:5a35:216:3eff:fe79:2cd9 (eth0) | CONTAINER | 0         |
+---------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+

IP container-nya adalah 10.179.72.2, port-nya kebetulan aku set ke 80 di dalam kontainer.

Lanjut aku bikin /home/sumar/.cloudflared/config.yml

credentials-file: /home/sumar/.cloudflared/xxx-yyy-zzz-aaa-bbb.json
tunnel: xxx-yyy-zzz-aaa-bbb

ingress:
  - hostname: adguard.sumarsono.com
    service: http://10.179.72.2:80
  - service: http_status:404

Keenam, bikin subdomain

Sesuai config, aku bikin subdomain adguard.sumarsono.com

┌─[sumar][tingpret][~/opt]
└─▪  cloudflared tunnel route dns xxx-yyy-zzz-aaa-bbb adguard.sumarsono.com

Terakhir, jalankan cloudflared

┌─[sumar][tingpret][~/opt]
└─▪  cloudflared tunnel --config /home/sumar/.cloudflared/config.yml run

Sekarang kalau aku akses https://adguard.sumarsono.com akan tampil halaman login adguard yang aku host di lxd container di laptopku.

Referensi: