Update Cloudflare and Portainer.md
This commit is contained in:
Zef Hemel
GitHub
parent
038d025d1f
commit
0a6a0016a2
@ -12,7 +12,7 @@ This guide will be divided into three parts, in the first we'll set up Silverbul
|
||||
We will prepare a template in Portainer where we will add the configuration of a ==docker-compose.yaml== that will run our containers, and we will be able to move the stack to another server/host if necessary using the same configuration.
|
||||
|
||||
First, go to **Home** > (Your environment name, default is **local**) > **App Templates** > **Custom Templates** and click on the blue button in the right corner > "**Add Custom Template**".
|
||||
|
||||
|
||||
|
||||
### Name
|
||||
|
||||
@ -83,7 +83,7 @@ volumes:
|
||||
We will replace "your-token-value-here" with a real token value in the next steps.
|
||||
|
||||
Once you have this, go to the bottom of the page and click **Actions** > **Create Custom Template**.
|
||||
|
||||
|
||||
|
||||
Now we have to build the network before we can deploy it.
|
||||
|
||||
@ -106,23 +106,23 @@ Choose "**silverbullet**" because that is the name we are already using in the =
|
||||
|
||||
You can leave all the other options by default or change them to suit your network needs.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Click **Create Network** at the bottom of the page.
|
||||
|
||||
|
||||
|
||||
## Deploying the Stack
|
||||
|
||||
Go to **Home** > **Local** > **App Templates** > **Custom Templates**.
|
||||
|
||||
Go into the **silverbullet-docker** and click on **Edit**.
|
||||
|
||||
|
||||
Click on **Deploy the stack**.
|
||||
|
||||
|
||||
Give it a few seconds and you will get a notification that both containers are running. 😇
|
||||
|
||||
Only the silverbullet container should be working properly by this point, as we haven't finished with Cloudflare yet.
|
||||
|
||||
|
||||
|
||||
## Verification
|
||||
|
||||
@ -148,49 +148,49 @@ We assume you've already [signed up to Cloudflare](https://www.cloudflare.com/),
|
||||
## Add your Site/Domain Name to Cloudflare
|
||||
|
||||
Follow the [official docs](https://developers.cloudflare.com/fundamentals/get-started/setup/add-site/) of Cloudflare on how to add a site, it's really easy, just remember to change the name servers (DNS) to the ones suggested by Cloudflare in the website where you bought your domain name.
|
||||
|
||||
|
||||
Like this (This is Njalla config panel)
|
||||
|
||||
|
||||
|
||||
## Setup Tunnel
|
||||
|
||||
Without opening any ports or touching the firewall, we set up this tunnel to connect it to our server.
|
||||
|
||||
Click on **Zero Trust** once you have added your site/domain name.
|
||||
|
||||
|
||||
Click on **Create Tunnel**.
|
||||
|
||||
|
||||
Choose a name for your tunnel, I chose "myhome", very imaginative again 😛. And then click on **Save Tunnel**.
|
||||
|
||||
|
||||
|
||||
Since we have already set up a container of Cloudflare, just copy the token you are given. And be careful, if someone gets your token they will be able to make a tunnel connection to your server.
|
||||
|
||||
|
||||
|
||||
Now that you have the token value of your tunnel, it's time to configure the cloudflare container in Portainer. Let's go there.
|
||||
|
||||
Go to **App Templates** > **Custom Templates** > **Edit**.
|
||||
|
||||
|
||||
Replace “your-token-value-here!” with your token value.
|
||||
|
||||
|
||||
Click on **Update the template**.****
|
||||
|
||||
Next, go to **Stacks** and click on the stack “**silverbullet-docker**”, or the name of your choice, then click **Remove**.
|
||||
|
||||
|
||||
Click **Remove** to confirm. Don't worry, this will only remove the stack and the containers attached to it, not the template.
|
||||
|
||||
|
||||
Then go to **App Templates**.
|
||||
|
||||
Go into the **silverbullet-docker** and click on **Edit**.
|
||||
|
||||
|
||||
Click **Deploy Stack**.
|
||||
|
||||
|
||||
Come back to Cloudflare and in the Connectors section you will see that a connection has been made to your server. Click **Next**.
|
||||
|
||||
|
||||
Click **Add a public hostname**.
|
||||
|
||||
|
||||
Fill in the **subdomain** field with the name you want to use to access silverbullet. Choose your domain name and for **Type** choose **HTTP** and the **URL** should be **silverbullet:3000**.
|
||||
|
||||
|
||||
|
||||
Check now with **silberbullet.your-domain-name.com**. You should be able to access it.
|
||||
|
||||
# 3 - Set up Cloudflare Zero Access Trust (Auth).
|
||||
@ -198,12 +198,12 @@ Check now with **silberbullet.your-domain-name.com**. You should be able to acce
|
||||
We assume you've already [signed up to Cloudflare](https://www.cloudflare.com/), if not you can go and do it now, it's free but you'll need to add a real debit/credit card to have access to the tunnels and zero access. If you don't want to do that, you can use **alternatives** like [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy) or [Nginx](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) for reverse proxy and [Authelia](https://www.authelia.com/) or you can use the [BasicAuth build-in](https://silverbullet.md/Authentication) for authentication.
|
||||
|
||||
Go to **Access** > **Applications** and click **Add an application** from the Zero Trust panel.
|
||||
|
||||
|
||||
|
||||
Select **Self-Hosted**.
|
||||
|
||||
|
||||
Choose a name for your application and use the same name for the subdomain you chose in the previous steps. In our case both are **silverbullet**.
|
||||
|
||||
|
||||
Leave the rest of the page as default and click **Next** at the bottom of the page.
|
||||
|
||||
Now it's time to select the name of the policy, the action and the duration of the session.
|
||||
@ -211,13 +211,13 @@ Now it's time to select the name of the policy, the action and the duration of t
|
||||
Select a descriptive **Name** for future troubleshooting, select **Allow** for the **Action** and leave the session duration at its default.
|
||||
|
||||
In the **Configure rules** section, select **Emails** if you want to use emails (or you can use a range of IPs, specific countries...) for verification, and enter the emails you want to allow access to Silverbullet.
|
||||
|
||||
|
||||
Leave the rest of the page as default and click **Next** at the bottom of the page.
|
||||
|
||||
On the next page, leave everything as default and click on **Add Application** at the bottom of the page.
|
||||
|
||||
Go to **silverbullet.your-domain-name.com** and you should see a page like this:
|
||||
|
||||
|
||||
Going back to the Zero Trust overview, we are now going to create some special rules to allow some specific files from silverbullet without authentication. The same thing happens with other auth applications such as [Authelia](https://silverbullet.md/Authelia).
|
||||
|
||||
Create a new self-hosted application in Cloudflare, we suggest the name **silverbullet bypass**.
|
||||
@ -231,11 +231,11 @@ service_worker.js
|
||||
```
|
||||
|
||||
Leave the rest as default and click **Next** at the bottom of the page.
|
||||
|
||||
|
||||
For the policy name we suggest **silverbullet bypass paths**, as for the **Action** you need to select **Bypass**, and in the Configure Rules **Select** **Everyone** or you can exclude a range of IP's or countries if required.
|
||||
|
||||
Leave the rest as default and click **Next** at the bottom of the page.
|
||||
|
||||
|
||||
These rules only take effect on the specific paths, you can read more about [Policy inheritance on Cloudflare.](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/)
|
||||
|
||||
On the next page, leave everything as default and click on **Add Application** at the bottom of the page.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user