Londek
Londek
PostsComments
CDCloudflare Developers
Created by Londek on 9/17/2024 in #general-help
WARP fails lookup on Github Actions
Weird but this works, I suspect because Docker is not used 
jobs:
  deploy:
    runs-on: ubuntu-latest
    timeout-minutes: 5

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Go
        uses: actions/setup-go@v5
        
      - name: Install drone-ssh
        uses: actions-go/go-install@main
        with:
          module: github.com/appleboy/drone-ssh@latest

      - name: Install drone-scp
        uses: actions-go/go-install@main
        with:
          module: github.com/appleboy/drone-scp@latest

      - name: Setup Cloudflare Zero Trust
        uses: oHTGo/[email protected]
        with:
          organization: rvtools
          auth-client-id: ${{ vars.CLOUDFLARE_WARP_CLIENT_ID }}
          auth-client-secret: ${{ secrets.CLOUDFLARE_WARP_CLIENT_SECRET }}

      - name: Copy config via sftp
        run: |
          drone-scp -H "${{ vars.SERVER_HOST }}" -u "${{ vars.SERVER_USERNAME }}" --ssh-key "${{ secrets.SERVER_SSH_KEY }}" --target "${{ vars.APP_DEPLOY_DIRECTORY }}" --source "docker-compose.yml"

      - name: Update docker compose via SSH
        run: |
          drone-ssh -H "${{ vars.SERVER_HOST }}" -u "${{ vars.SERVER_USERNAME }}" --ssh-key "${{ secrets.SERVER_SSH_KEY }}" -s "cd ${{ vars.APP_DEPLOY_DIRECTORY }} && sudo docker compose up -d --remove-orphans"
jobs:
  deploy:
    runs-on: ubuntu-latest
    timeout-minutes: 5

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Go
        uses: actions/setup-go@v5
        
      - name: Install drone-ssh
        uses: actions-go/go-install@main
        with:
          module: github.com/appleboy/drone-ssh@latest

      - name: Install drone-scp
        uses: actions-go/go-install@main
        with:
          module: github.com/appleboy/drone-scp@latest

      - name: Setup Cloudflare Zero Trust
        uses: oHTGo/[email protected]
        with:
          organization: rvtools
          auth-client-id: ${{ vars.CLOUDFLARE_WARP_CLIENT_ID }}
          auth-client-secret: ${{ secrets.CLOUDFLARE_WARP_CLIENT_SECRET }}

      - name: Copy config via sftp
        run: |
          drone-scp -H "${{ vars.SERVER_HOST }}" -u "${{ vars.SERVER_USERNAME }}" --ssh-key "${{ secrets.SERVER_SSH_KEY }}" --target "${{ vars.APP_DEPLOY_DIRECTORY }}" --source "docker-compose.yml"

      - name: Update docker compose via SSH
        run: |
          drone-ssh -H "${{ vars.SERVER_HOST }}" -u "${{ vars.SERVER_USERNAME }}" --ssh-key "${{ secrets.SERVER_SSH_KEY }}" -s "cd ${{ vars.APP_DEPLOY_DIRECTORY }} && sudo docker compose up -d --remove-orphans"
6 replies
CDCloudflare Developers
Created by Londek on 9/17/2024 in #general-help
WARP fails lookup on Github Actions
This looks like Github Actions Docker bug, it tries to use eth0 network(resolvconf) instead of warp's
6 replies
CDCloudflare Developers
Created by Londek on 9/17/2024 in #general-help
WARP fails lookup on Github Actions
jobs:
  deploy:
    runs-on: ubuntu-latest
    timeout-minutes: 5

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Cloudflare Zero Trust
        uses: oHTGo/[email protected]
        with:
          organization: rvtools
          auth-client-id: ${{ vars.CLOUDFLARE_WARP_CLIENT_ID }}
          auth-client-secret: ${{ secrets.CLOUDFLARE_WARP_CLIENT_SECRET }}

      - name: Copy config via sftp
        uses: appleboy/[email protected]
        with:
          host: ${{ vars.SERVER_HOST }}
          username: ${{ vars.SERVER_USERNAME }}
          key: ${{ secrets.SERVER_SSH_KEY }}
          source: "docker-compose.yml"
          target: ${{ vars.APP_DEPLOY_DIRECTORY }}

      - name: "Update docker compose via SSH"
        uses: appleboy/[email protected]
        with:
          host: ${{ vars.SERVER_HOST }}
          username: ${{ vars.SERVER_USERNAME }}
          key: ${{ secrets.SERVER_SSH_KEY }}
          script: |
            cd ${{ vars.APP_DEPLOY_DIRECTORY }}
            sudo docker compose up -d --remove-orphans
jobs:
  deploy:
    runs-on: ubuntu-latest
    timeout-minutes: 5

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Cloudflare Zero Trust
        uses: oHTGo/[email protected]
        with:
          organization: rvtools
          auth-client-id: ${{ vars.CLOUDFLARE_WARP_CLIENT_ID }}
          auth-client-secret: ${{ secrets.CLOUDFLARE_WARP_CLIENT_SECRET }}

      - name: Copy config via sftp
        uses: appleboy/[email protected]
        with:
          host: ${{ vars.SERVER_HOST }}
          username: ${{ vars.SERVER_USERNAME }}
          key: ${{ secrets.SERVER_SSH_KEY }}
          source: "docker-compose.yml"
          target: ${{ vars.APP_DEPLOY_DIRECTORY }}

      - name: "Update docker compose via SSH"
        uses: appleboy/[email protected]
        with:
          host: ${{ vars.SERVER_HOST }}
          username: ${{ vars.SERVER_USERNAME }}
          key: ${{ secrets.SERVER_SSH_KEY }}
          script: |
            cd ${{ vars.APP_DEPLOY_DIRECTORY }}
            sudo docker compose up -d --remove-orphans
6 replies
CDCloudflare Developers
Created by Londek on 9/17/2024 in #general-help
WARP fails lookup on Github Actions
I tried replicating the issue on fresh VM however everything works fine on it even with copy pasted mdm.xml
6 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
I'm not an enterprise but neither a lazy guy to trade security for fastness. - This is very accurate description of me too, I just want to do stuff correctly, like it'd be done in big tech
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
which was never intended to be a thing in first place
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
also http://any-subdomain-resolved-to-that-server.internal.example.com:3000 grants access to grafana service (service, not reverse proxy) via server bound port
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
This post describes exactly what I want to achieve https://gtzsec.medium.com/accessing-kubernetes-services-using-cloudflare-zero-trust-cb594435da22 But docker compose is just...
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
Right now grafana.internal.example.com:5432 connects me with db which I dont want, it works with server ports and not individual services
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
In my head I imagined rather grafana.internal.example.com actually resolving to actual service in docker compose and not the server host
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
but I dont really enjoy the solution since if service is non-http such as db I can still access it thru private ip (10.0.0.1:5432)
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
this way once i connect with warp I can simply access https://grafana.internal.example.com from web browser
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
What I ended up doing is: - Adding cloudflared to docker compose - Setting up private dns server (and adding it to local domain faillback) - Setting up dns like grafana.internal.example.com - Add private network via cloudflare tunnel (10.0.0.0/16) - Remember to remove 10.0.0.0/8 from split tunnels exclude ^ - Routing grafana.internal.example.com with reverse proxy to local service
48 replies
CDCloudflare Developers
Created by Londek on 9/1/2024 in #general-help
Securely hosting admin panels
Currently dig results in SERVFAIL "; EDE: 22 (No Reachable Authority): (Upstream request timed out)" which I find weird because once I'm off zero trust vpn and I try to query private dns it works just fine - but it defeats purpose of zero trust
48 replies