Adam Chalmers
5afa3251dd
TUN-4150: Only show the connector table in 'tunnel info' if there are connectors. Don't show rows with zero connections.
2021-03-30 20:13:00 +00:00
Igor Postelnik
8ca0d86c85
TUN-3863: Consolidate header handling logic in the connection package; move headers definitions from h2mux to packages that manage them; cleanup header conversions
...
All header transformation code from h2mux has been consolidated in the connection package since it's used by both h2mux and http2 logic.
Exported headers used by proxying between edge and cloudflared so then can be shared by tunnel service on the edge.
Moved access-related headers to corresponding packages that have the code that sets/uses these headers.
Removed tunnel hostname tracking from h2mux since it wasn't used by anything. We will continue to set the tunnel hostname header from the edge for backward compatibilty, but it's no longer used by cloudflared.
Move bastion-related logic into carrier package, untangled dependencies between carrier, origin, and websocket packages.
2021-03-29 21:57:56 +00:00
Adam Chalmers
ebf5292bf9
TUN-4146: Unhide and document grace-period
2021-03-29 16:29:18 -05:00
Adam Chalmers
f9062ab473
TUN-4141: Better error messages for tunnel info subcommand.
2021-03-26 14:45:35 -05:00
Michael Borkenstein
63833b07dd
AUTH-3455: Generate short-lived ssh cert per hostname
2021-03-25 10:38:43 -05:00
Igor Postelnik
da4d0b2bae
TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future.
2021-03-24 10:53:29 -05:00
Igor Postelnik
50435546c5
TUN-4118: Don't overwrite existing file with tunnel credentials. For ad-hoc tunnels, this means tunnel won't start if there's a file in the way.
2021-03-24 08:26:22 -05:00
Igor Postelnik
9018ee5d5e
TUN-4116: Ingore credentials-file setting in configuration file during tunnel create and delete opeations.
...
This change has two parts:
1. Update to newer version of the urfave/cli fork that correctly sets flag value along the context hierarchy while respecting config file overide behavior of the most specific instance of the flag.
2. Redefine --credentials-file flag so that create and delete subcommand don't use value from the config file.
2021-03-24 08:15:36 -05:00
Nuno Diegues
8250b67a9f
TUN-4111: Warn the user if both properties "tunnel" and "hostname" are used
2021-03-23 20:14:29 +00:00
Nuno Diegues
4a7763e497
TUN-3998: Allow to cleanup the connections of a tunnel limited to a single client
2021-03-23 08:48:54 +00:00
Michael Borkenstein
2c75326021
AUTH-3394: Ensure scheme on token command
2021-03-17 10:50:03 -05:00
Igor Postelnik
9023daba24
TUN-3715: Apply input source to the correct context
2021-03-17 14:59:39 +00:00
Nuno Diegues
89d0e45d62
TUN-3993: New `cloudflared tunnel info` to obtain details about the active connectors for a tunnel
2021-03-17 14:08:18 +00:00
Igor Postelnik
a34099724e
TUN-4094: Don't read configuration file for access commands
2021-03-16 17:36:46 -05:00
Igor Postelnik
8c5498fad1
TUN-3715: Only read config file once, right before invoking the command
2021-03-16 17:22:13 -05:00
Adam Chalmers
2c746b3361
TUN-4081: Update log severities to use Zerolog's levels
2021-03-16 19:04:49 +00:00
Michael Borkenstein
841344f1e7
AUTH-3394: Creates a token per app instead of per path - with fix for
...
free tunnels
2021-03-12 15:49:47 +00:00
Adam Chalmers
b0e69c4b8a
Revert "AUTH-3394: Creates a token per app instead of per path"
...
This reverts commit 8e340d9598
.
2021-03-10 13:54:38 -06:00
Adam Chalmers
aa5ebb817a
TUN-4075: Dedup test should not compare order of list
2021-03-10 13:48:59 -06:00
Michael Borkenstein
8e340d9598
AUTH-3394: Creates a token per app instead of per path
2021-03-10 17:15:16 +00:00
Igor Postelnik
39065377b5
TUN-4063: Cleanup dependencies between packages.
...
- Move packages the provide generic functionality (such as config) from `cmd` subtree to top level.
- Remove all dependencies on `cmd` subtree from top level packages.
- Consolidate all code dealing with token generation and transfer to a single cohesive package.
2021-03-09 14:02:59 +00:00
Areg Harutyunyan
d83d6d54ed
TUN-3905: Cannot run go mod vendor in cloudflared due to fips
2021-03-09 17:31:59 +04:00
Nuno Diegues
a2b41ea3e6
TUN-4016: Delegate decision to update for Worker service
2021-03-08 19:25:42 +00:00
Adam Chalmers
ded9dec4f0
TUN-3819: Remove client-side check that deleted tunnels have no connections
2021-03-05 21:21:10 +00:00
Adam Chalmers
4f88982584
TUN-3994: Log client_id when running a named tunnel
2021-03-03 17:27:23 +00:00
Nuno Diegues
bcd71b56e9
TUN-3989: Check in with Updater service in more situations and convey messages to user
2021-03-03 13:57:04 +00:00
Adam Chalmers
5c7b451e17
TUN-3995: Optional --features flag for tunnel run.
...
These features will be included in the ClientInfo.Features field when
running a named tunnel.
2021-03-02 16:21:17 -06:00
cthuang
b73c039070
TUN-3988: Log why it cannot check if origin cert exists
2021-03-01 21:37:44 +00:00
Nuno Diegues
f1ca2de515
TUN-3978: Unhide teamnet commands and improve their help
2021-03-01 11:59:46 +00:00
Adam Chalmers
27507ab192
TUN-3970: Route ip show has alias route ip list
2021-02-26 17:15:43 +00:00
Nuno Diegues
5ba3b3b309
TUN-3939: Add logging that shows that Warp-routing is enabled
2021-02-23 14:19:47 +00:00
cthuang
63a29f421a
TUN-3895: Tests for socks stream handler
2021-02-23 14:19:47 +00:00
Igor Postelnik
9c298e4851
TUN-3855: Add ability to override target of 'access ssh' command to a different host for testing
2021-02-23 14:19:47 +00:00
Nuno Diegues
6681d179dc
TUN-3809: Allow routes ip show to output as JSON or YAML
...
It also fixes the marshelling of CIDR into JSON since otherwise
it would show garbled characters as the mask.
2021-02-23 14:19:47 +00:00
cthuang
2146f71b45
TUN-3753: Select http2 protocol when warp routing is enabled
2021-02-23 14:19:47 +00:00
Sudarsan Reddy
b4700a52e3
TUN-3725: Warp-routing is independent of ingress
...
- Changed warp-routing configuration to its own yaml.
- Ingress Rules host matching is indepedent of warp-routing.
2021-02-23 14:19:47 +00:00
cthuang
e2262085e5
TUN-3617: Separate service from client, and implement different client for http vs. tcp origins
...
- extracted ResponseWriter from proxyConnection
- added bastion tests over websocket
- removed HTTPResp()
- added some docstrings
- Renamed some ingress clients as proxies
- renamed instances of client to proxy in connection and origin
- Stream no longer takes a context and logger.Service
2021-02-23 14:19:44 +00:00
Areg Harutyunyan
117766562b
TUN-3945: Fix runApp signature for generic service
2021-02-19 22:06:57 +00:00
Igor Postelnik
a8ae6de213
TUN-3924: Removed db-connect command. Added a placeholder handler for this command that informs users that command is no longer supported.
2021-02-17 20:13:51 -06:00
David Jimenez
d7c4a89106
Add max upstream connections dns-proxy option ( #290 )
...
* Add max upstream connections dns-proxy option
Allows defining a limit to the number of connections that can be
established with the upstream DNS host.
If left unset, there may be situations where connections fail to
establish, which causes the Transport to create an influx of connections
causing upstream to throttle our requests and triggering a runaway
effect resulting in high CPU usage. See https://github.com/cloudflare/cloudflared/issues/91
* Code review with proposed changes
* Add max upstream connections flag to tunnel flags
* Reduce DNS proxy max upstream connections default value
Reduce the default value of maximum upstream connections on the DNS
proxy to guarantee it works on single-core and other low-end hardware.
Further testing could allow for a safe increase of this value.
* Update dns-proxy flag name
Also remove `MaxUpstreamConnsFlag` const as it's no longer referenced in more than one place and to make things more consistent with how the other flags are referenced.
Co-authored-by: Adam Chalmers <achalmers@cloudflare.com>
2021-02-12 21:32:29 +04:00
Adam Chalmers
7f97e2f030
TUN-3913: Help gives wrong exit code for autoupdate
2021-02-11 08:39:56 -06:00
Adam Chalmers
a278753bbf
TUN-3902: Add jitter to backoffhandler
...
Jitter is important to avoid every cloudflared in the world trying to
reconnect at t=1, 2, 4, etc. That could overwhelm the backend. But
if each cloudflared randomly waits for up to 2, then up to 4, then up
to 8 etc, then the retries get spread out evenly across time.
On average, wait times should be the same (e.g. instead of waiting for
exactly 1 second, cloudflared will wait betweeen 0 and 2 seconds).
This is the "Full Jitter" algorithm from https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/
2021-02-11 14:36:13 +00:00
Akemi Davisson
67680f5536
AUTH-3375 exchangeOrgToken deleted cookie fix
2021-02-10 16:09:50 +00:00
Security Generation
a4f185fd28
Update error message to use login command
...
Unless I'm mistaken, when there is no existing token for an app, the `login` command needs to be run to obtain a token (not the `token` command, which itself doesn't generate a token).
2021-02-09 17:15:13 +00:00
Igor Postelnik
cf562ef8c8
TUN-3635: Send event when unregistering tunnel for gracful shutdown so /ready endpoint reports down status befoe connections finish handling pending requests.
2021-02-08 15:38:42 +00:00
Adam Chalmers
dbd90f270e
TUN-3864: Users can choose where credentials file is written after creating a tunnel
2021-02-05 11:20:51 -06:00
Adam Chalmers
dca77ee13e
TUN-3854: cloudflared tunnel list flags to sort output
2021-02-03 23:47:49 +00:00
Adam Chalmers
0d22106416
TUN-3848: Use transport logger for h2mux
2021-02-03 17:31:16 -06:00
Areg Harutyunyan
88b53eb886
TUN-3826: Use go-fips when building cloudflared for linux/amd64
2021-02-02 18:12:14 +00:00
Igor Postelnik
6cdd20e820
TUN-3792: Handle graceful shutdown correctly when running as a windows service. Only expose one shutdown channel globally, which now triggers the graceful shutdown sequence across all modes. Removed separate handling of zero-duration grace period, instead it's checked only when we need to wait for exit.
2021-01-27 07:21:34 -06:00
Areg Harutyunyan
c4fbb05c1b
TUN-3165: Add reference to Argo Tunnel documentation in the help output
2021-01-25 16:17:00 +00:00
Igor Postelnik
d503aeaf77
TUN-3118: Changed graceful shutdown to immediately unregister tunnel from the edge, keep the connection open until the edge drops it or grace period expires
2021-01-22 11:14:36 -06:00
Nuno Diegues
2d0b86f2e4
TUN-3777: Fix /ready endpoint for classic tunnels
...
Classic tunnels flow was triggering an event for RegisteringTunnel for
every connection that was about to be established, and then a Connected
event for every connection established.
However, the RegistreringTunnel event had no connection ID, always
causing it to unset/disconnect the 0th connection making the /ready
endpoint report incorrect numbers for classic tunnels.
2021-01-19 13:02:44 +00:00
Igor Postelnik
4a76ed12e7
TUN-3766: Print flags defined at all levels of command hierarchy, not just locally defined flags for a command. This fixes output of overriden settings for subcommand.
2021-01-18 11:16:42 +00:00
Igor Postelnik
04b1e4f859
TUN-3738: Refactor observer to avoid potential of blocking on tunnel notifications
2021-01-18 11:16:23 +00:00
Nuno Diegues
7c3ceeeaef
TUN-3757: Fix legacy Uint flags that are incorrectly handled by ufarve library
...
The following UInt flags:
* Uint64 - heartbeat-count, compression-quality
* Uint - retries, port, proxy-port
were not being correctly picked from the configuration YAML
since the multi origin refactor
This is due to a limitation of the ufarve library, which we
overcome for now with handling those as Int flags.
2021-01-14 13:08:55 +00:00
Nuno Diegues
01f0d67875
TUN-3744: Fix compilation error in windows service
2021-01-13 16:20:41 +00:00
Nuno Diegues
9ed536c990
TUN-3738: Consume UI events even when UI is disabled
...
Not doing so was causing cloudflared to become stuck after
some time. This would happen because the Observer pattern
was sending events to the UI channel (that has 16 slots) but
no one was consuming those when the UI is not enabled (which
is the default case).
Hence, events (such as connection disconnect / reconnect) would
cause that buffer to be full and cause cloudflared to become
apparently stuck, in the sense that the connections would not be
reconnected.
2021-01-13 13:10:30 +00:00
Adam Chalmers
94ca4f98dd
Review from Igor
2021-01-11 19:36:31 +00:00
Adam Chalmers
b601b24f52
Adam's suggestions
2021-01-11 19:36:31 +00:00
TownLake
b40d8557cf
TUN-3691: Edit Teamnet help text
2021-01-11 19:36:31 +00:00
Adam Chalmers
78ffb1b846
TUN-3688: Subcommand for users to check which route an IP proxies through
2021-01-07 15:31:26 +00:00
Areg Harutyunyan
55bf904689
TUN-3471: Add structured log context to logs
2021-01-05 20:21:16 +00:00
Adam Chalmers
b855e33327
TUN-3706: Quit if any origin service fails to start
2020-12-30 13:48:19 -06:00
Adam Chalmers
32336859f8
TUN-3689: Delete routes via cloudflared CLI
2020-12-29 13:53:48 -06:00
Adam Chalmers
94c639d225
TUN-3669: Teamnet commands to add/show Teamnet routes.
2020-12-29 17:39:08 +00:00
Areg Harutyunyan
2ea491b1d0
TUN-3607: Set up single-file logger with zerolog
2020-12-23 14:15:39 -06:00
Areg Harutyunyan
870f5fa907
TUN-3470: Replace in-house logger calls with zerolog
2020-12-23 14:15:17 -06:00
Sudarsan Reddy
1c0dac77d7
TUN-3599: improved delete if credentials isnt found.
...
Tunnel delete is successful even if we don't find the credentials
file in the user's filesystem. We no longer "error" indicating this
is a problem. This fix also enables chaining of the delete command
by removing a pre-mature return if the credentials file is not found.
2020-12-04 11:44:13 +00:00
Adam Chalmers
38fb0b28b6
TUN-3593: /ready endpoint for k8s readiness. Move tunnel events out of UI package, into connection package.
2020-12-02 15:22:59 -06:00
Adam Chalmers
69fd502db3
TUN-3581: Tunnels can be run by name using only --credentials-file, no
...
origin cert necessary.
2020-11-25 09:54:28 -06:00
Michael Borkenstein
fcc393e2f0
AUTH-3221: Saves org token to disk and uses it to refresh the app token
2020-11-24 21:38:59 +00:00
Areg Harutyunyan
cad58b9b57
TUN-3561: Unified logger configuration
2020-11-23 16:49:07 +00:00
Adam Chalmers
a08a7030d1
TUN-3578: cloudflared tunnel route dns should allow wildcard subdomains
2020-11-23 09:37:46 -06:00
Adam Chalmers
b7e91466f5
TUN-3558: cloudflared allows empty config files
2020-11-18 21:13:06 +00:00
Adam Chalmers
029f7e0378
TUN-3555: Single origin service should default to localhost:8080
2020-11-17 23:12:32 +00:00
cthuang
c40cb7dc56
TUN-3514: Stop setting --is-autoupdated flag after autoupdate because it can break named tunnel running in k8s
2020-11-16 09:40:38 +00:00
Adam Chalmers
1475cf61ee
TUN-3534: Specific error message when credentials file is a .pem not .json
2020-11-12 16:38:24 +00:00
cthuang
ebc003d478
TUN-3514: Transport logger write to UI when UI is enabled
2020-11-11 15:21:00 +00:00
cthuang
5974fb4cfd
TUN-3500: Integrate replace h2mux by http2 work with multiple origin support
2020-11-11 15:20:57 +00:00
cthuang
a490443630
TUN-3458: Upgrade to http2 when available, fallback to h2mux when we reach max retries
2020-11-11 15:11:42 +00:00
cthuang
b5cdf3b2c7
TUN-3456: New protocol option auto to automatically select between http2 and h2mux
2020-11-11 15:11:42 +00:00
cthuang
9ac40dcf04
TUN-3462: Refactor cloudflared to separate origin from connection
2020-11-11 15:11:42 +00:00
cthuang
8d7b2575ba
TUN-3400: Use Go HTTP2 library as transport to connect with the edge
2020-11-11 15:11:42 +00:00
cthuang
d7498b0c03
TUN-3449: Use flag to select transport protocol implementation
2020-11-11 15:11:42 +00:00
Adam Chalmers
196762d9d3
TUN-3527: More specific error for invalid YAML/JSON
2020-11-10 21:42:26 +00:00
Adam Chalmers
4698ec8dee
TUN-3461: Show all origin services in the UI
2020-11-10 14:25:37 +00:00
Igor Postelnik
8c6181db9f
TUN-3524: Don't ignore errors from app-level action handler ( #248 )
2020-11-10 13:06:49 +00:00
Adam Chalmers
64d3836645
TUN-3522: ingress validate checks that the config file exists
2020-11-09 12:31:50 -06:00
Adam Chalmers
87e2679744
TUN-3516: Better error message when parsing invalid YAML config
2020-11-09 10:35:28 -06:00
Adam Chalmers
d01770107e
TUN-3492: Refactor OriginService, shrink its interface
2020-11-04 21:28:33 +00:00
Adam Chalmers
e933ef9e1a
TUN-2640: Users can configure per-origin config. Unify single-rule CLI
...
flow with multi-rule config file code.
2020-10-30 07:42:20 -05:00
cthuang
ea71b78e6d
TUN-3478: Increase download timeout to 60s
2020-10-22 10:38:18 +01:00
Igor Postelnik
b6cd54d854
TUN-3459: Make service install on linux use named tunnels
2020-10-21 10:46:29 -05:00
cthuang
f0cfad8efa
TUN-3476: Fix conversion to string and int slice
2020-10-21 16:03:25 +01:00
Igor Postelnik
ed54d150fe
Move raw ingress rules to config package
2020-10-20 12:00:34 -05:00
Igor Postelnik
ca4887fb19
Split out typed config from legacy command-line switches; refactor ingress commands and fix tests
2020-10-20 10:10:19 -05:00
Igor Postelnik
eaf03305bd
TUN-3475: Unify config file handling with typed config for new fields
2020-10-20 08:55:30 -05:00
Igor Postelnik
051908aaef
TUN-3463: Let users run a named tunnel via config file setting
2020-10-19 12:27:18 +00:00
Adam Chalmers
c96b9e8d8f
TUN-3464: Newtype to wrap []ingress.Rule
2020-10-15 12:48:14 -05:00
Adam Chalmers
4a4a1bb6b1
TUN-3441: Multiple-origin routing via ingress rules
2020-10-13 08:55:17 -05:00
Adam Chalmers
0eebc7cef9
TUN-3438: move ingress into own package, read into TunnelConfig
2020-10-12 16:33:22 +00:00
Igor Postelnik
53a1fa46a8
TUN-3452: Fix loading of flags from config file for tunnel run subcommand. This change also cleans up building of tunnel subcommand list, hides deprecated subcommands and improves help.
2020-10-09 12:07:17 -05:00
Adam Chalmers
86a7af3dc4
TUN-3451: Cloudflared tunnel ingress command
2020-10-08 22:06:40 +00:00
Adam Chalmers
407c9550d7
TUN-3440: 'tunnel rule' command to test ingress rules
2020-10-08 22:06:40 +00:00
Adam Chalmers
2319003e10
TUN-3439: 'tunnel validate' command to check ingress rules
2020-10-08 22:06:40 +00:00
Adam Chalmers
b05d826d22
TUN-3436, TUN-3437: Parse ingress from YAML, ensure last rule catches everything
2020-10-07 16:36:28 +00:00
Dalton
be7b7c7149
AUTH-2993 cleaned up worker service tests
2020-10-02 13:01:05 -05:00
cthuang
03d7320a44
TUN-3430: Copy flags to configure proxy to run subcommand, print relevant tunnel flags in help
2020-10-01 21:44:27 +00:00
Dalton
ba4c8d8849
AUTH-2993 added workers updater logic
2020-10-01 14:41:58 -05:00
Lee Valentine
8e8513e325
TRAFFIC-448: allow the user to specify the proxy address and port to bind to, falling back to 127.0.0.1 and random port if not specified
2020-09-25 09:54:40 -05:00
Bojan Zelic
fa061ab54e
updater service exit code should be 11
2020-09-22 18:26:56 +04:00
cthuang
197d65659a
TUN-3291: cloudflared tunnel run -h explains how to use flags from parent command
2020-09-21 19:07:30 +00:00
Igor Postelnik
85d0afd3b0
TUN-3295: Show route command results
2020-09-21 16:32:08 +00:00
Areg Harutyunyan
747427f816
TUN-3216: UI improvements
2020-09-17 13:22:08 +04:00
Rachel Williams
f99b6c6421
TUN-3335: Dynamically set connection table size for UI
2020-09-17 11:52:10 +04:00
Rachel Williams
250bc54110
TUN-3333: Add text to UI explaining how to exit
2020-09-17 11:52:10 +04:00
Rachel Williams
02587c1edc
TUN-3321: Add box around logs on UI
2020-09-17 11:52:10 +04:00
Rachel Williams
26fc20d406
TUN-3198: Handle errors while running tunnel UI
2020-09-17 11:52:10 +04:00
Rachel Williams
fee13dc62f
TUN-3255: Update UI to display URL instead of hostname
2020-09-17 11:52:10 +04:00
Rachel Williams
094e0c7592
TUN-3238: Update UI when connection re-connects
2020-09-17 11:52:10 +04:00
Rachel Williams
b57a953caa
TUN-3200: Add connection information to UI
2020-09-17 11:52:10 +04:00
Rachel Williams
d8ebde37ca
TUN-3201: Create base cloudflared UI structure
2020-09-17 11:52:07 +04:00
Igor Postelnik
cb6d424765
TUN-3395: Improve help for list command
2020-09-16 16:48:43 +00:00
Igor Postelnik
5753aa9f18
TUN-3294: Perform basic validation on arguments of route command; remove default pool name which wasn't valid
2020-09-16 16:48:43 +00:00
Igor Postelnik
bfae12008d
TUN-3395: Improve help for list command
2020-09-16 08:30:24 -05:00
Igor Postelnik
c52e0dc8ef
TUN-3395: Unhide named tunnel subcommands, tweak help
2020-09-15 12:41:15 +00:00
Adam Chalmers
3be2545ad4
TUN-3292: Mention cleanup in tunnel run help.
2020-09-10 11:02:31 -05:00
cthuang
22d771b51d
TUN-3284: Use cloudflared/<version> as user agent of tunnelstore client
2020-09-09 10:34:26 +01:00
cthuang
5fb938d6d6
TUN-3345: tunnel run accepts name of tunnel as argument
2020-09-05 09:32:50 +00:00
Adam Chalmers
218ee30206
TUN-3377: Tunnel route should check dns/lb before checking tunnel ID
2020-09-04 18:44:06 +00:00
Adam Chalmers
1a96889141
TUN-3286: Use either ID or name in Named Tunnel subcommands.
2020-08-19 14:39:45 +00:00
Dalton Cherry
60de05bfc1
AUTH-2712 added MSI build for a windows agent
2020-08-17 14:44:28 -05:00
cthuang
3deef6197f
TUN-3213: Create, route and run named tunnels in one command
2020-08-17 19:38:38 +00:00
Dalton
5499c77e62
AUTH-2975 don't check /etc on windows
2020-08-17 12:40:36 -05:00
cthuang
292a7f07a2
TUN-3243: Refactor tunnel subcommands to allow commands to compose better
2020-08-11 10:02:52 +01:00
Adam Chalmers
1b61d699c4
TUN-3237: By default, don't show connections that are pending reconnect
2020-08-07 10:16:13 -05:00
cthuang
a7562dff68
TUN-3233: List tunnels support filtering by deleted, name, existed at and id
2020-08-07 10:09:26 +01:00
cthuang
1cbc8fb8ac
TUN-3220: tunnel route reports created route
2020-07-31 17:48:58 +01:00
Igor Postelnik
d61e3fb130
TUN-3190: Initialize logger using command line flags in tunnels subcommands
2020-07-21 17:25:48 +00:00
Dalton
ca7d6797e1
AUTH-2902 redirect with just the root host on curl commands
2020-07-21 11:08:31 -05:00
cthuang
8836ee1dda
TUN-3156: Add route subcommand under tunnel
2020-07-17 05:51:24 +08:00
Michael Borkenstein
7afde79600
AUTH-2890: adds error handler to cli actions
2020-07-15 14:33:36 +00:00
Rachel Williams
3d782f7162
TUN-3048: Handle error when user tries to delete active tunnel
2020-07-14 15:32:46 +00:00
Michael Borkenstein
28d556b8d4
AUTH-2858: Set file to disable autoupdate
2020-07-10 18:03:07 +00:00
Rachel Williams
f7ff41f1dc
TUN-3150: cloudflared tunnel list's table should use intelligent column width
2020-07-07 15:48:56 +00:00
cthuang
f5c8ff77e9
TUN-3008: Implement cloudflared tunnel cleanup command
2020-07-07 21:56:46 +08:00
cthuang
87e06100df
TUN-3131: Allow user to specify tunnel credentials path, and remove it in tunnel delete command
2020-07-07 14:22:08 +08:00
Dalton
92765b4261
AUTH-2850 log config file path
2020-07-06 16:32:57 +00:00
Igor Postelnik
2a3d486126
TUN-3007: Implement named tunnel connection registration and unregistration.
...
Removed flag for using quick reconnect, this logic is now always enabled.
2020-07-01 04:19:30 +00:00
Dalton
0c65daaa7d
AUTH-2712 mac package build script and better config file handling when started as a service
2020-06-25 16:44:57 -05:00
Adam Chalmers
4d3ebaf984
TUN-3106: Pass NamedTunnel config to StartServer
2020-06-17 23:20:37 +00:00
Dalton
4f9cfa6542
TUN-3100 make updater report the right text
2020-06-17 17:33:19 +00:00
Adam Chalmers
a1a8645294
TUN-3066: Command line action for tunnel run
2020-06-17 17:25:23 +00:00
Adam Chalmers
b95b289a8c
TUN-3101: Tunnel list command should only show non-deleted, by default
2020-06-16 17:55:33 -05:00
Dalton
425554077f
AUTH-2815 flag check was wrong. stupid oversight
2020-06-16 16:19:38 -05:00
Dalton
6e5ccd7c85
AUTH-2815 add the log file to support the config.yaml file
...
added small delay to handle the possiblity of the server not being started yet
2020-06-16 17:48:12 +00:00
Adam Chalmers
3ec500bdbb
TUN-3084: Generate and store tunnel_secret value during tunnel creation
2020-06-16 11:45:27 -05:00
Dalton
1a6403b2fd
AUTH-2694 added destination header support to config file
2020-06-15 10:10:22 -05:00
Dalton
55acf7283c
AUTH-2810 added warn for backwards compatibility sake
2020-06-12 22:15:28 +00:00
Adam Chalmers
acb7d604fd
TUN-3038: Add connections to tunnel list table
2020-06-12 11:43:06 -05:00
Dalton
ae8d784e36
AUTH-2763 don't redirect from curl command
2020-06-11 15:38:11 -05:00
Dalton
c716dd273c
AUTH-2648 updated usage text
2020-06-11 11:08:05 -05:00
Dalton
0d87279b2f
AUTH-2785 service token flag fix and logger fix
2020-06-09 11:00:56 -05:00
Dalton
f8638839c0
AUTH-2729 added log file and level to cmd flags to match config file settings
2020-06-08 19:42:34 +00:00
Dalton
2f70b05c64
AUTH-2169 make access login page more generic
2020-06-08 11:20:30 -05:00
Dalton
9e76e42e3c
AUTH-2687 don't copy config unnecessarily
2020-06-08 15:24:36 +00:00
Dalton
e376a13025
AUTH-2645 protect against user mistaken flag input
2020-06-05 15:10:09 -05:00
cthuang
fb82b2ced5
TUN-3019: Remove declarative tunnel entry code
2020-05-30 05:54:17 +08:00
Michael Fornaro
be0514c5c9
Adding support for multi-architecture images and binaries ( #184 )
...
* Allow Dockerfile --build-args to override GOOS and GOARCH defaults
Allow Dockerfile --build-args to override GOOS and GOARCH defaults
Support building multi architecture binaries
remove default OS and ARCH to avoid tag confusion when compiling image through Makefile
Tag image with corrosponding OS and ARCH build variables
updating Makefile
Signed-off-by: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>
* remove duplicate import on windows_service.go
Signed-off-by: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>
2020-05-29 02:06:27 +01:00
Dalton
046be63253
AUTH-2596 added new logger package and replaced logrus
2020-05-27 17:07:19 -05:00
Igor Postelnik
a908453aa4
TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service
2020-05-21 15:36:49 -05:00
Michael Borkenstein
b89cc22896
AUTH-2369: RDP Bastion prototype
2020-05-19 21:10:50 -05:00
Michael Borkenstein
6a7418e1af
AUTH-2686: Added error handling to tunnel subcommand
2020-05-18 15:36:25 -05:00
Dalton
df3ad2b223
AUTH-2529 added deprecation text to db-connect command
2020-05-14 10:26:09 -05:00
Dalton
8c870c19a6
AUTH-2505 added aliases
2020-05-13 15:15:08 -05:00
Dalton
2b7fbbb7b7
AUTH-2588 add DoH to service mode
2020-05-11 17:09:16 +00:00
Michael Borkenstein
2c878c47ed
AUTH-2564: error handling and minor fixes
2020-05-11 15:42:35 +00:00
Igor Postelnik
8cc69f2a95
TUN-2860: Enable quick reconnect feature by default
2020-05-07 14:41:55 -05:00
cthuang
c3fa4552aa
TUN-2872: Exit with non-0 status code when the binary is updated so launchd will restart the service
2020-05-06 05:53:14 +08:00
Igor Postelnik
dd0881f32b
TUN-2940: Added delay parameter to stdin reconnect command.
2020-05-01 15:58:19 +00:00
Dalton
41c358147c
AUTH-2587 add config watcher and reload logic for access client forwarder
2020-04-29 11:07:35 -05:00
Austin Cherry
f18209af7d
ARES-899: Fixes DoH client as system resolver. Fixes #91
2020-04-14 12:37:59 -05:00
Elvin Tan
6d63f84a75
AUTH-2235 GetTokenIfExists now parses JWT payload for json expiry field to detect if the cached access token is expired
2020-04-14 15:29:30 +00:00
Dalton
a37da2b165
AUTH-2394 added socks5 proxy
2020-04-07 13:30:28 -05:00
Areg Harutyunyan
ae374c0463
TUN-2846: Trigger debug reconnects from stdin commands, not SIGUSR1
2020-03-27 17:04:21 +00:00
Dalton
a368fbbe9b
AUTH-2394 fixed header for websockets. Added TCP alias
2020-03-23 10:27:53 -05:00
Adam Chalmers
6dcf3a4cbc
TUN-2819: cloudflared should close its connections when a signal is sent
2020-03-19 21:02:15 +00:00
Adam Chalmers
1b2a96f96b
TUN-2755: ReconnectTunnel RPC now transmits ConnectionDigest
2020-03-06 14:48:16 -06:00
Adam Chalmers
6b3e2b020b
TUN-2785: Use reconnect token by default
2020-03-05 16:12:49 +00:00
Roman Iuvshyn
29f4650e25
do not terminate tunnel if origin is not reachable on start-up ( #177 )
2020-02-27 23:03:00 +00:00
Adam Chalmers
a83b6a2155
TUN-2725: Specify in code that --edge is for internal testing only
2020-02-19 16:18:48 -06:00
Adam Chalmers
a60c0273f5
TUN-2714: New edge discovery. Connections try to reconnect to the same edge IP.
2020-02-14 19:49:54 +00:00
Adam Chalmers
dfe61fda88
TUN-2645: Revert "TUN-2645: Turn on reconnect tokens"
...
This reverts commit 053b2c17f1
.
2020-01-27 14:59:07 -06:00
Adam Chalmers
053b2c17f1
TUN-2645: Turn on reconnect tokens
2020-01-13 15:23:42 -06:00
Tyler Cook
87102a2646
Fix timer scheduling for systemd update service ( #159 )
2019-12-19 20:53:06 +04:00
Rueian
cc2a1d1204
bug(cloudflared): Set the MaxIdleConnsPerHost of http.Transport to proxy-keepalive-connections ( #155 )
...
Setting the MaxIdleConns is not enough, the MaxIdleConnsPerHost must be set as well.
Otherwise, http.Transport will use the DefaultMaxIdleConnsPerHost, which is 2,
and then the connection pool will have only 2 connection hold.
2019-12-17 05:02:28 +04:00
Nick Vollmar
5e7ca14412
TUN-2555: origin/supervisor.go calls Authenticate
2019-12-06 11:26:54 -06:00
Ashcon Partovi
43babbc2f9
Fix "happy eyeballs" not being disabled since Golang 1.12 upgrade
...
* The Dialer.DualStack setting is now ignored and deprecated; RFC 6555 Fast Fallback ("Happy Eyeballs") is now enabled by default. To disable, set Dialer.FallbackDelay to a negative value.
2019-11-25 17:54:20 +00:00
Ashcon Partovi
759cd019be
Add db-connect, a SQL over HTTPS server
2019-11-12 20:34:39 +00:00
Michael Borkenstein
ad9559c66a
AUTH-2173: Prepends access login url with scheme if one doesnt exist
2019-10-23 20:35:12 +00:00
Michael Borkenstein
28cc1c65af
AUTH-2167: Adds CLI option for host key directory
2019-10-17 16:31:43 -05:00
Michael Borkenstein
8b6e3bc1d1
AUTH-2159: Moves shutdownC close into error handling
...
AUTH-2161: Lowers size of preamble length
AUTH-2160: Fixes url parsing logic
2019-10-16 11:41:51 -05:00
Michael Borkenstein
95704b11fb
AUTH-2114: Uses short lived cert auth for outgoing client connection
2019-10-15 14:35:15 -05:00
Michael Borkenstein
a4b3ee5959
AUTH-2105: Dont require --destination arg
2019-10-11 12:26:23 -05:00
Michael Borkenstein
91d9dca34e
AUTH-2105: Adds support for local forwarding. Refactor auditlogger creation.
...
AUTH-2088: Adds dynamic destination routing
2019-10-10 15:25:03 -05:00
Michael Borkenstein
dbde3870da
AUTH-2089: Revise ssh server to function as a proxy
2019-10-07 13:04:04 -05:00
Michael Borkenstein
133e6fdc88
AUTH-2077: Quotes open browser command in windows
2019-09-24 18:27:37 +00:00
Michael Borkenstein
1d5cc45ac7
AUTH-2055: Verifies token at edge on access login
2019-09-24 18:22:33 +00:00
Michael Borkenstein
979e5be8ab
AUTH-2067: Log commands correctly
2019-09-23 20:42:41 +00:00
Adam Chalmers
4f23da2a6d
TUN-2315: Replace Scope with IntentLabel
2019-09-18 15:11:46 -05:00
Michael Borkenstein
ff795a7beb
AUTH-2056: Writes stderr to its own stream for non-pty connections
2019-09-16 14:43:05 -05:00
Michael Borkenstein
c2a71c5a51
AUTH-2037: Adds support for ssh port forwarding
2019-09-11 10:41:09 -05:00
Michael Borkenstein
d3b254f9ae
AUTH-2036: Refactor user retrieval, shutdown after ssh server stops, add custom version string
2019-09-09 17:31:23 +00:00
Dalton
ee588eeeaa
AUTH-1943 hooked up uploader to logger, added timestamp to session logs, add tests
2019-09-06 15:57:32 -05:00
Adam Chalmers
dd521aba29
TUN-2280: Revert "TUN-2260: add name/group to CapnpConnectParameters, remove Scope"
...
This reverts commit 817c3be9da5465043c2a2fda6c48f7ada760682e.
2019-09-06 15:59:32 +00:00
Adam Chalmers
a06390a078
TUN-2201: change SRV records used by cloudflared
...
This changes cloudflarewarp.com to argotunnel.com and _warp to
_origintunneld. We've changed which zone we host the SRV records
for Argo Tunnel on.
2019-09-06 15:01:58 +00:00
Nick Vollmar
dc730615f2
TUN-2260: add name/group to CapnpConnectParameters, remove Scope
2019-09-05 15:36:16 +00:00
Austin Cherry
5e85a8bd16
AUTH-1943: Adds session logging
2019-09-03 13:54:29 -05:00
Michael Borkenstein
7abbe91d41
AUTH-2030: Support both authorized_key and short lived cert authentication simultaniously without specifiying at start time
2019-08-30 19:23:10 +00:00
Areg Harutyunyan
ff97fb6dc8
Merge branch 'master' of github.com:cloudflare/cloudflared
2019-08-30 13:45:40 -05:00
David Barr
dc48cdce1a
Fix #111 : Add support for specifying a specific HTTP Host: header on the origin. ( #114 )
2019-08-29 22:55:54 -05:00
Dalton
f130e6d4d7
AUTH-2021 - s3 bucket uploading for SSH logs
2019-08-29 16:54:54 -05:00
Michael Borkenstein
858ef29868
AUTH-2022: Adds ssh timeout configuration
2019-08-28 15:22:35 -05:00
Michael Borkenstein
baec3e289e
AUTH-2018: Adds support for authorized keys and short lived certs
2019-08-28 09:58:42 -05:00
Adam Chalmers
df25ed9bde
TUN-2244: Add NO_AUTOUPDATE env var
2019-08-27 15:53:28 -05:00
Adam Chalmers
4e1df1a211
TUN-2243: Revert "STOR-519: Add db-connect, a SQL over HTTPS server"
...
This reverts commit 5da2109811
.
2019-08-26 16:50:12 -05:00
Austin Cherry
30c9e2af9b
AUTH-1941: Adds initial SSH server implementation
2019-08-21 15:49:03 -05:00
Michael Borkenstein
47254113ee
Revert "AUTH-1941: Adds initial SSH server implementation"
...
This reverts commit e9c9bf3cbd
.
2019-08-20 17:20:48 -05:00
Austin Cherry
e9c9bf3cbd
AUTH-1941: Adds initial SSH server implementation
2019-08-20 16:18:37 -05:00
Ashcon Partovi
5da2109811
STOR-519: Add db-connect, a SQL over HTTPS server
2019-08-20 13:13:29 -05:00
Michael Borkenstein
8d1ea7202a
Merge branch 'mike/AUTH-1972-delete-token-lockfile' of ssh://bitbucket.cfdata.org:7999/tun/cloudflared
2019-08-06 08:12:02 -05:00
Michael Borkenstein
9adbab96af
AUTH-1972: Deletes token lock file if backoff retry attempts exceeded and intercepts signals until lock is released
2019-08-06 08:07:48 -05:00
Chung-Ting Huang
bdd70e798a
TUN-2110: Implement custom deserialization logic for OriginConfig
2019-08-05 19:28:51 -05:00
Nick Vollmar
74f3a55c57
TUN-2117: read group/system-name from CLI, send it to edge
2019-08-01 22:04:05 +00:00
Austin Cherry
8f25704a90
AUTH-1736: Better handling of token revocation
...
We removed all token validation from cloudflared and now rely on
the edge to do the validation. This is better because the edge is
the only thing that fully knows about token revocation. So if a user
logs out or the application revokes all it's tokens cloudflared will
now handle that process instead of barfing on it.
When we go to fetch a token we will check for the existence of a
lock file. If the lock file exists, we stop and poll every half
second to see if the lock is still there. Once the lock file is
removed, it will restart the function to (hopefully) go pick up
the valid token that was just created.
2019-07-10 21:35:46 +00:00
Chung-Ting Huang
4858ce79d0
TUN-1977: Validate OriginConfig has valid URL, and use scheme to determine if a HTTPOriginService is expecting HTTP or Unix
2019-07-01 15:31:58 -05:00
Chung-Ting Huang
0a742feb98
TUN-1885: Reconfigure cloudflared on receiving new ClientConfig
2019-06-20 19:07:59 -05:00
Chung-Ting Huang
80a15547e3
TUN-1961: Create EdgeConnectionManager to maintain outbound connections to the edge
2019-06-18 16:37:38 -05:00
Chung-Ting Huang
d32fb8e82c
TUN-1913: Define OriginService for each type of origin
2019-06-04 17:02:34 -05:00
Austin Cherry
1ca841d220
AUTH-1811: ssh-gen config fixes
2019-06-04 16:25:34 +00:00
Austin Cherry
713a2d689e
AUTH-1802: Fixed ssh-config templating
2019-05-30 15:25:08 +00:00
Christoph Blecker
a1403fe968
Handle exit code on err
...
fixes #96 .
This change checks the err returned from the StartServer function, and
if it exists, passes a non-zero error code through to the urfave/cli
framework. This should allow processes like launchd to detect if
cloudflared exited gracefully or with an error.
2019-05-29 12:59:19 -05:00
Austin Cherry
25cfffd0d1
AUTH-1781: fixed race condition for short lived certs, doc required config
2019-05-23 10:17:43 -05:00
Chung-Ting Huang
4662e40068
TUN-1880: Save debug and warn level log to logfile
2019-05-22 11:05:24 -05:00
Austin Cherry
fa17b0200f
AUTH-1557: Short Lived Certs
2019-05-07 11:21:11 -05:00
Nick Vollmar
945320880a
TUN-1786: Remove low-level Windows service logging
2019-04-30 11:00:35 -05:00
Nick Vollmar
28f890a701
TUN-1669: Update license message in help text. Also fix test
2019-04-18 10:42:48 -05:00
Chung-Ting Huang
102b364cc9
TUN-1619: Add flag to test declarative tunnels.
2019-04-05 10:35:23 -05:00
Adam Chalmers
6804a5ff9d
TUN-1648: ConnectionID is now a UUID
2019-03-28 15:03:30 -05:00