From b68f1c8c0492ef3d9e0a8b651d760f62c5369144 Mon Sep 17 00:00:00 2001 From: Akihiro Nagai Date: Wed, 5 Nov 2025 20:20:56 +0900 Subject: [PATCH] cloudflared: improve init script for tunnel management Resolved conflict between remotely-managed tunnel and locally-managed tunnel configurations. - Bumped PKG_RELEASE to 2 - Commented out 'config' and 'origincert' options in default configuration file - Preserved options as comments for user reference Signed-off-by: Akihiro Nagai --- net/cloudflared/Makefile | 4 ++-- net/cloudflared/files/cloudflared.config | 4 ++-- net/cloudflared/files/cloudflared.init | 19 ++++++++++++++----- net/cloudflared/files/sample_config.yml | 8 ++++++++ 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/net/cloudflared/Makefile b/net/cloudflared/Makefile index 4b88c953f5..3920dc9639 100644 --- a/net/cloudflared/Makefile +++ b/net/cloudflared/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudflared PKG_VERSION:=2025.10.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)? @@ -31,7 +31,7 @@ define Package/cloudflared CATEGORY:=Network SUBMENU:=Web Servers/Proxies TITLE:=Cloudflare Tunnel client - URL:=https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide + URL:=https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/ DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle endef diff --git a/net/cloudflared/files/cloudflared.config b/net/cloudflared/files/cloudflared.config index f159c7c58c..36d1652ef1 100644 --- a/net/cloudflared/files/cloudflared.config +++ b/net/cloudflared/files/cloudflared.config @@ -2,8 +2,8 @@ config cloudflared 'config' option enabled '0' option token '' - option config '/etc/cloudflared/config.yml' - option origincert '/etc/cloudflared/cert.pem' +# option config '/etc/cloudflared/config.yml' +# option origincert '/etc/cloudflared/cert.pem' option edge_bind_address '' option edge_ip_version '' option grace_period '' diff --git a/net/cloudflared/files/cloudflared.init b/net/cloudflared/files/cloudflared.init index 351dd0d395..a22964df7a 100755 --- a/net/cloudflared/files/cloudflared.init +++ b/net/cloudflared/files/cloudflared.init @@ -9,6 +9,7 @@ PROG="/usr/bin/cloudflared" append_param_arg() { local value + config_get value "config" "$1" $2 [ -n "$value" ] && procd_append_param command "--${1//_/-}" "$value" } @@ -17,15 +18,26 @@ start_service() { config_load "$CONF" local enabled + local token + config_get_bool enabled "config" "enabled" [ "$enabled" -eq "1" ] || return 1 procd_open_instance "$CONF" procd_set_param command "$PROG" "tunnel" procd_append_param command "--no-autoupdate" + procd_append_param command "run" + + config_get token "config" "token" + if [ -n "$token" ]; then + # Remotely-managed tunnel (recommended by Cloudflare) + procd_append_param command "--token" "$token" + else + # Locally-managed tunnels + append_param_arg "config" "/etc/cloudflared/config.yml" + append_param_arg "origincert" "/etc/cloudflared/cert.pem" + fi - append_param_arg "config" "/etc/cloudflared/config.yml" - append_param_arg "origincert" "/etc/cloudflared/cert.pem" append_param_arg "edge_bind_address" append_param_arg "edge_ip_version" append_param_arg "grace_period" @@ -37,9 +49,6 @@ start_service() { append_param_arg "loglevel" append_param_arg "logfile" - procd_append_param command "run" - append_param_arg "token" - procd_set_param respawn procd_set_param stderr 1 diff --git a/net/cloudflared/files/sample_config.yml b/net/cloudflared/files/sample_config.yml index 1b3a5544a2..af98abbc7c 100644 --- a/net/cloudflared/files/sample_config.yml +++ b/net/cloudflared/files/sample_config.yml @@ -1,3 +1,11 @@ +# https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/ + +# NOTICE +# Cloudflare recommends setting up a remotely-managed tunnel. +# Remotely-managed configurations are stored on Cloudflare, +# which allows you to manage the tunnel from any machine +# using the dashboard, API, or Terraform. + #tunnel: #credentials-file: /etc/cloudflared/.json # -- 2.30.2