[ARGO] Legacy cloudflared configuration

I am very happy with the operation of ARGO using the cloudflared installation and I do not want to migrate - I not that my configuration is flagged as legacy but I want to keep it the same because it is scriptable without having to SED an existing configuration file if adding new websites but,

If I presently have multiple cloudflared instances running each their own configuration file on the same server, what is the correct instruction of the config.yml file, is there an example? – Currently the cloudflared service registers its own subdomain and that is an !IMPORTANT feature for scriptable server configuration otherwise the CloudFlare API has to be scripted and that is FBS as far as I am concerned when the cloudflared service can do it.

Here are the instructions I followed:

1 Like

That sounds like it ignores the question. Without legacy the cloudflared cannot self-register the DNS when I am trying this, if I add a new host.

You can migrate from your existing legacy tunnel to a Named Tunnel by adding --name <your-choice> to the command arguments.

E.g., if you had: cloudflared tunnel --url localhost:80 --hostname my.domain.com you can migrate by just doing cloudflared tunnel --url localhost:80 --hostname my.domain.com --name mytunnel

Prior to doing this, you have to remove the existing DNS record that points to your my.domain.com, since that’s a AAAA record, and Named Tunnel will create a CNAME instead.

This, however, is a naive migration:

  • this only works reliably if cloudflared is running with a persistent file system that is reused, as otherwise the generated secret for the Named Tunnel will be written to disk but lost
  • if you just use this naive migration, you are missing out on the ability to use Ingress Rules and to run a single Named Tunnel whereas with legacy tunnels you’d have to run 1 per origin service
  • this naive migration does not take advantage of the Named Tunnels “lightweight run command”: if you run like this, then every time cloudflared starts, it will perform heavyweight operations that have less guarantee of being reliable; instead, Named Tunnels run command does not allocate anything, just runs the tunnel and connects to our edge, so it is much more guaranteed to succeed
2 Likes

Thank you. I am considering that it may be better to migrate my several tunnels to a single tunnel with ingress rules and using a named tunnel. Currently, I have several instances of the following, each with their own domain. Some with their own local service port.

~/.cloudflare/config1.yml

logfile: /var/log/cloudflared.log
origincert: /home/pi/.cloudflared/cert.pem
autouodate-freq: 10m
hostname: my.domain.com
url: http://127.0.0.1:80

So I take it that I must pre-register the tunnel named mytunnel and then I can add connections to it, and it will work that way? Are you able to show me this in the new configuration file format?

My current command line from supervisord is /usr/local/bin/cloudflared1 tunnel --config /home/pi/.cloudflared/config1.yml

Your overall understanding is correct.

You can find many examples in our tutorials (e.g. https://developers.cloudflare.com/cloudflare-one/tutorials/gitlab#connecting-to-cloudflare) and our configuration reference (https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file/ingress).

Be sure to also check the blog post announcing ingress rules: https://blog.cloudflare.com/many-services-one-cloudflared/

1 Like

Except that no longer works after you convert the config file to ingress rules. I have to remove the config file temporarily to create another DNS entry and then replace the config file or it does not work. The DNS entry is not automatically created and cloudflared tunnel --url localhost:80 --hostname my.domain.com --name mytunnel will not run if there is existing ingress rules. I need to add new ingress rules and new DNS entries. Is there a procedure somewhere that documents the process so that people don’t have to guess? Or, is it not possible>? I cannot stop the service for 30 seconds to add a new DNS entry and I am not adding a LoadBalancer for every host. I found this earlier which is why I asked and I have just tested it again.

I have domain1.example.com and domain2.example.com and I am using ingress rules. What is the scriptable process to run from shell to add another host domain100.example.com, please?

I have looked at my deployment methodology and I expect I have a method to deploy that will not require updating the DNS records on the tunnel very often. Other than that, it is working.

You can use this method to switch cloudflared to a new config — e.g. to modify the ingress rules — without downtime: [FEATURE REQUEST] Hot swap/update config without restarting `cloudflared` · Issue #512 · cloudflare/cloudflared · GitHub

After cloudflared is ready to in-take a new ingress rule, you can go to to the dashboard and add a new CNAME with that ingress rule domain and pointing to the UUID.cfargotunnel.com
Or just use cloudflared tunnel route dns command to do it.

2 Likes