Nuno Diegues
7607ead143
TUN-6503: Fix transport fallback from QUIC in face of dial error "no network activity"
2022-07-06 13:05:45 +01:00
Devin Carr
ae7fbc14f3
TUN-6373: Add edge-ip-version to remotely pushed configuration
...
(cherry picked from commit 8e9091cc48
)
2022-06-23 16:55:03 +00:00
Silver
ee87c43eb9
Merge pull request #656 from nikr-canva/http2-origins
...
Add Http2Origin option to force HTTP/2 origin connections
2022-06-16 12:23:07 -05:00
Devin Carr
b9453b84bb
Revert "TUN-6373: Add edge-ip-version to remotely pushed configuration"
...
This reverts commit 8e9091cc48
.
2022-06-14 16:07:37 -07:00
Igor Postelnik
f2339a7244
TUN-6380: Enforce connect and keep-alive timeouts for TCP connections in both WARP routing and websocket based TCP proxy.
...
For WARP routing the defaults for these new settings are 5 seconds for connect timeout and 30 seconds for keep-alive timeout. These values can be configured either remotely or locally. Local config lives under "warp-routing" section in config.yaml.
For websocket-based proxy, the defaults come from originConfig settings (either global or per-service) and use the same defaults as HTTP proxying.
2022-06-14 21:36:40 +00:00
Devin Carr
8e9091cc48
TUN-6373: Add edge-ip-version to remotely pushed configuration
2022-06-14 15:41:16 +00:00
Devin Carr
e3aad7799e
TUN-6357: Add connector id to ready check endpoint
2022-06-08 17:35:23 +00:00
Devin Carr
2b0d704777
TUN-6341: Fix default config value for edge-ip-version
2022-06-02 20:12:15 -07:00
Devin Carr
ee80e55833
TUN-6339: Add config for IPv6 support
2022-06-02 16:04:26 -07:00
Niklas Rehfeld
7d4afd4ae0
Add Http2Origin option to force HTTP/2 origin connections
...
If `http2Origin` is set, it will set `ForceAttemptHTTP2` in the transport config of the `OriginService`.
2022-06-01 12:57:29 +12:00
Nuno Diegues
5e6f606f4e
TUN-6293: Update yaml v3 to latest hotfix
...
This addresses https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557
by updating yaml v3 to latest version.
It also stops using yaml v2 directly (we were using both v2 and v3 mixed).
We still rely on yaml v2 indirectly, via urfave cli, though.
Note that the security vulnerability does not affect v2.
2022-05-30 17:38:55 +00:00
João Oliveirinha
99d4e48656
TUN-6016: Push local managed tunnels configuration to the edge
2022-05-06 15:43:24 +00:00
João Oliveirinha
3254d08173
TUN-6014: Add remote config flag as default feature
2022-04-28 12:00:47 +01:00
Nuno Diegues
7a6ab54fcb
TUN-6043: Allow UI-managed Tunnels to fallback from QUIC but warn about that
2022-04-12 09:46:07 +01:00
Nuno Diegues
a0f6eb9d5e
TUN-5992: Use QUIC protocol for remotely managed tunnels when protocol is unspecified
2022-04-05 23:07:10 +01:00
Nuno Diegues
c5d1662244
TUN-5960: Do not log the tunnel token or json credentials
2022-03-28 10:54:39 +01:00
Nuno Diegues
98736a03e1
TUN-5915: New cloudflared command to allow to retrieve the token credentials for a Tunnel
2022-03-23 10:35:16 +00:00
Nuno Diegues
470e6c35c5
TUN-5918: Clean up text in cloudflared tunnel --help
2022-03-22 18:52:28 +00:00
Devin Carr
e2a8302bbc
TUN-5869: Add configuration endpoint in metrics server
2022-03-22 08:11:59 -07:00
Nuno Diegues
057a0cc758
TUN-5833: Send feature `allow_remote_config` if Tunnel is run with --token
2022-03-16 14:07:03 +00:00
João Oliveirinha
706523389c
TUN-5679: Add support for service install using Tunnel Token
2022-03-03 18:59:03 +00:00
Nuno Diegues
a1d485eca5
TUN-5823: Warn about legacy flags that are ignored when ingress rules are used
2022-03-02 10:48:03 +00:00
João Oliveirinha
b6d7076400
TUN-5681: Add support for running tunnel using Token
2022-02-23 10:09:45 +00:00
João Oliveirinha
22cd8ceb8c
TUN-5682: Remove name field from credentials
2022-02-23 10:08:29 +00:00
Sudarsan Reddy
9909e9d63c
TUN-5754: Allow ingress validate to take plaintext option
...
Ingress validate currently validates config from a file. This PR adds a
new --json/-j flag to provide the ingress/config data as a plaintext
command line argument.
2022-02-22 16:56:22 +00:00
cthuang
d68ff390ca
TUN-5698: Make ingress rules and warp routing dynamically configurable
2022-02-16 09:38:28 +00:00
cthuang
e22422aafb
TUN-5749: Refactor cloudflared to pave way for reconfigurable ingress
...
- Split origin into supervisor and proxy packages
- Create configManager to handle dynamic config
2022-02-14 15:37:09 +00:00
Sudarsan Reddy
a84cbcde7e
TUN-5669: Change network command to vnet
2022-01-24 11:26:16 +00:00
Sudarsan Reddy
1a92f1acfe
TUN-5477: Unhide vnet commands
2022-01-21 12:41:58 +00:00
Nuno Diegues
a39d95d5f7
TUN-5551: Show whether the binary was built for FIPS compliance
...
This is shown in 3 ways:
- the version output with `cloudflared version` and alike commands
- the build_info prometheus metric
- a logging message
2021-12-28 19:03:16 +00:00
Nuno Diegues
6822e4f8ab
TUN-5482: Refactor tunnelstore client related packages for more coherent package
2021-12-28 17:17:49 +00:00
Nuno Diegues
70e675f42c
TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries
...
This is a cherry-pick of 157f5d1412
followed by build/CI changes so that amd64/linux FIPS compliance is
provided by new/separate binaries/artifacts/packages.
The reasoning being that FIPS compliance places excessive requirements
in the encryption algorithms used for regular users that do not care
about that. This can cause cloudflared to reject HTTPS origins that
would otherwise be accepted without FIPS checks.
This way, by having separate binaries, existing ones remain as they
were, and only FIPS-needy users will opt-in to the new FIPS binaries.
2021-12-20 21:50:42 +00:00
Nuno Diegues
571380b3f5
TUN-5362: Adjust route ip commands to be aware of virtual networks
2021-12-03 09:10:20 +00:00
Nuno Diegues
eec6b87eea
TUN-5361: Commands for managing virtual networks
2021-12-03 08:48:52 +00:00
Silver
36479ef11f
Merge pull request #478 from echtish/secret-flag
...
Add flag to 'tunnel create' subcommand to specify a base64-encoded secret
2021-11-02 16:21:01 -05:00
Nuno Diegues
958650be1f
TUN-5262: Improvements to `max-fetch-size` that allow to deal with large number of tunnels in account
...
* `max-fetch-size` can now be set up in the config YAML
* we no longer pass that to filter commands that filter by name
* flag changed to signed int since altsrc does not support UInt flags
* we now look up each non UUID (to convert it to a UUID) when needed, separately
2021-10-19 18:28:29 +01:00
Nuno Diegues
eb51ff0a6d
TUN-5262: Allow to configure max fetch size for listing queries
...
This can be useful/important for accounts with many tunnels that exceed
the 1000 default page size.
There are various tunnel subcommands that use listing underneath, so we make
that flag a tunnel one, rather than adding it to each subcommand.
2021-10-18 11:07:02 +01:00
Nuno Diegues
6cbf90883d
TUN-5255: Fix potential panic if Cloudflare API fails to respond to GetTunnel(id) during delete command
2021-10-14 15:18:34 +00:00
Sudarsan Reddy
ceb509ee98
TUN-5138: Switch to QUIC on auto protocol based on threshold
2021-10-14 09:18:20 +01:00
Sudarsan Reddy
2822fbe3db
TUN-5249: Revert "TUN-5138: Switch to QUIC on auto protocol based on threshold"
...
This reverts commit e445fd92f7
2021-10-13 19:06:31 +01:00
Sudarsan Reddy
5148d00516
TUN-5246: Use protocol: quic for Quick tunnels if one is not already set
2021-10-13 08:04:21 +00:00
Sudarsan Reddy
e445fd92f7
TUN-5138: Switch to QUIC on auto protocol based on threshold
2021-10-11 11:05:20 +00:00
Jeremy Teale
1239006e96
Add flag to 'tunnel create' subcommand to specify a base64-encoded secret
2021-09-29 18:56:38 -05:00
Nuno Diegues
cbdf88ea28
TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead)
2021-09-29 08:27:47 +00:00
Nuno Diegues
f985ed567f
TUN-5128: Enforce maximum grace period
...
This maximum grace period will be honored by Cloudflare edge such that
either side will close the connection after unregistration at most
by this time (3min as of this commit):
- If the connection is unused, it is already closed as soon as possible.
- If the connection is still used, it is closed on the cloudflared configured grace-period.
Even if cloudflared does not close the connection by the grace-period time,
the edge will do so.
2021-09-21 16:48:37 +00:00
Riley Flynn
6968b714d0
Add support for taking named tunnel credentials from an environment variable
2021-09-13 13:51:37 -02:30
cthuang
98c3957d30
TUN-5010: --region should be a string flag
2021-08-30 14:40:07 +00:00
cthuang
27cd83c2d3
Revert "TUN-4926: Implement --region configuration option"
...
This reverts commit d0a1daac3b
.
2021-08-28 16:42:55 +01:00
Areg Harutyunyan
d0a1daac3b
TUN-4926: Implement --region configuration option
2021-08-27 09:11:10 +00:00
Nuno Diegues
2afa307765
TUN-4981: Improve readability of prepareTunnelConfig method
2021-08-26 18:15:36 +01:00
Rishabh Bector
a4a9f45b0a
TUN-4821: Make quick tunnels the default in cloudflared
2021-08-26 15:53:02 +00:00
Sudarsan Reddy
071d595371
TUN-4940: Fix cloudflared not picking up correct NextProtos for quic
2021-08-23 15:30:45 +00:00
Sudarsan Reddy
12ad264eb3
TUN-4866: Add Control Stream for QUIC
...
This commit adds support to Register and Unregister Connections via RPC
on the QUIC transport protocol
2021-08-17 14:50:32 +00:00
Nuno Diegues
8527d03a29
TUN-4847: Allow to list tunnels by prefix name or exclusion prefix name
2021-07-30 12:00:26 +01:00
Nuno Diegues
aa24338225
TUN-4832: Prevent tunnel from running accidentally when only proxy-dns should run
2021-07-29 11:05:12 +00:00
Nuno Diegues
0924549efd
TUN-4811: Publish quick tunnels' hostname in /metrics under `userHostname` for backwards-compatibility
2021-07-29 10:20:43 +01:00
Sudarsan Reddy
ed1389ef08
TUN-4814: Revert "TUN-4699: Make quick tunnels the default in cloudflared"
...
This reverts commit 18992efa0c
.
2021-07-28 10:02:55 +01:00
Rishabh Bector
18992efa0c
TUN-4699: Make quick tunnels the default in cloudflared
2021-07-26 15:57:36 +00:00
Rishabh Bector
59cae0f622
TUN-4698: Add cloudflared metrics endpoint to serve quick tunnel hostname
2021-07-12 09:26:07 +00:00
Rishabh Bector
3eb9efd9f0
TUN-4521: Modify cloudflared to use zoneless-tunnels-worker for free tunnels
2021-06-29 09:39:18 +01:00
Nuno Diegues
f88732277a
TUN-4502: Make `cloudflared tunnel route` subcommands described consistently
2021-06-07 09:20:11 +01:00
Michael Borkenstein
235897ba21
AUTH-3426: Point to new transfer service URL and eliminate PUT /ok
2021-05-19 19:39:56 +00:00
Adam Chalmers
4c5ebccacc
TUN-4425: --overwrite-dns flag for in adhoc and route dns cmds
2021-05-19 18:22:01 +00:00
cthuang
6526211a69
TUN-4421: Named Tunnels will automatically select the protocol to connect to Cloudflare's edge network
2021-05-17 15:57:44 +01:00
Nuno Diegues
ae460b340b
TUN-4342: Fix false positive warning about unused hostname property
2021-05-13 02:05:19 +01:00
Adam Chalmers
4bd17766a9
TUN-4359: Warn about unused keys in 'tunnel ingress validate'
2021-05-13 02:05:19 +01:00
Areg Harutyunyan
4d43a70a38
Setup a Github action for checking the cloudflared build
2021-05-04 14:31:22 +01:00
Areg Harutyunyan
1073f8db40
TUN-2853: rename STDIN-CONTROL env var to STDIN_CONTROL
2021-04-09 16:43:01 +01:00
Nuno Diegues
b25d38dd72
TUN-4177: Running with proxy-dns should not prevent running Named Tunnels
2021-04-05 11:28:05 +01:00
Adam Chalmers
5afa3251dd
TUN-4150: Only show the connector table in 'tunnel info' if there are connectors. Don't show rows with zero connections.
2021-03-30 20:13:00 +00:00
Adam Chalmers
ebf5292bf9
TUN-4146: Unhide and document grace-period
2021-03-29 16:29:18 -05:00
Adam Chalmers
f9062ab473
TUN-4141: Better error messages for tunnel info subcommand.
2021-03-26 14:45:35 -05:00
Igor Postelnik
da4d0b2bae
TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future.
2021-03-24 10:53:29 -05:00
Igor Postelnik
50435546c5
TUN-4118: Don't overwrite existing file with tunnel credentials. For ad-hoc tunnels, this means tunnel won't start if there's a file in the way.
2021-03-24 08:26:22 -05:00
Igor Postelnik
9018ee5d5e
TUN-4116: Ingore credentials-file setting in configuration file during tunnel create and delete opeations.
...
This change has two parts:
1. Update to newer version of the urfave/cli fork that correctly sets flag value along the context hierarchy while respecting config file overide behavior of the most specific instance of the flag.
2. Redefine --credentials-file flag so that create and delete subcommand don't use value from the config file.
2021-03-24 08:15:36 -05:00
Nuno Diegues
8250b67a9f
TUN-4111: Warn the user if both properties "tunnel" and "hostname" are used
2021-03-23 20:14:29 +00:00
Nuno Diegues
4a7763e497
TUN-3998: Allow to cleanup the connections of a tunnel limited to a single client
2021-03-23 08:48:54 +00:00
Nuno Diegues
89d0e45d62
TUN-3993: New `cloudflared tunnel info` to obtain details about the active connectors for a tunnel
2021-03-17 14:08:18 +00:00
Igor Postelnik
a34099724e
TUN-4094: Don't read configuration file for access commands
2021-03-16 17:36:46 -05:00
Igor Postelnik
8c5498fad1
TUN-3715: Only read config file once, right before invoking the command
2021-03-16 17:22:13 -05:00
Adam Chalmers
2c746b3361
TUN-4081: Update log severities to use Zerolog's levels
2021-03-16 19:04:49 +00:00
Adam Chalmers
aa5ebb817a
TUN-4075: Dedup test should not compare order of list
2021-03-10 13:48:59 -06:00
Igor Postelnik
39065377b5
TUN-4063: Cleanup dependencies between packages.
...
- Move packages the provide generic functionality (such as config) from `cmd` subtree to top level.
- Remove all dependencies on `cmd` subtree from top level packages.
- Consolidate all code dealing with token generation and transfer to a single cohesive package.
2021-03-09 14:02:59 +00:00
Adam Chalmers
ded9dec4f0
TUN-3819: Remove client-side check that deleted tunnels have no connections
2021-03-05 21:21:10 +00:00
Adam Chalmers
4f88982584
TUN-3994: Log client_id when running a named tunnel
2021-03-03 17:27:23 +00:00
Nuno Diegues
bcd71b56e9
TUN-3989: Check in with Updater service in more situations and convey messages to user
2021-03-03 13:57:04 +00:00
Adam Chalmers
5c7b451e17
TUN-3995: Optional --features flag for tunnel run.
...
These features will be included in the ClientInfo.Features field when
running a named tunnel.
2021-03-02 16:21:17 -06:00
cthuang
b73c039070
TUN-3988: Log why it cannot check if origin cert exists
2021-03-01 21:37:44 +00:00
Nuno Diegues
f1ca2de515
TUN-3978: Unhide teamnet commands and improve their help
2021-03-01 11:59:46 +00:00
Adam Chalmers
27507ab192
TUN-3970: Route ip show has alias route ip list
2021-02-26 17:15:43 +00:00
Nuno Diegues
5ba3b3b309
TUN-3939: Add logging that shows that Warp-routing is enabled
2021-02-23 14:19:47 +00:00
Nuno Diegues
6681d179dc
TUN-3809: Allow routes ip show to output as JSON or YAML
...
It also fixes the marshelling of CIDR into JSON since otherwise
it would show garbled characters as the mask.
2021-02-23 14:19:47 +00:00
cthuang
2146f71b45
TUN-3753: Select http2 protocol when warp routing is enabled
2021-02-23 14:19:47 +00:00
Sudarsan Reddy
b4700a52e3
TUN-3725: Warp-routing is independent of ingress
...
- Changed warp-routing configuration to its own yaml.
- Ingress Rules host matching is indepedent of warp-routing.
2021-02-23 14:19:47 +00:00
cthuang
e2262085e5
TUN-3617: Separate service from client, and implement different client for http vs. tcp origins
...
- extracted ResponseWriter from proxyConnection
- added bastion tests over websocket
- removed HTTPResp()
- added some docstrings
- Renamed some ingress clients as proxies
- renamed instances of client to proxy in connection and origin
- Stream no longer takes a context and logger.Service
2021-02-23 14:19:44 +00:00
Igor Postelnik
a8ae6de213
TUN-3924: Removed db-connect command. Added a placeholder handler for this command that informs users that command is no longer supported.
2021-02-17 20:13:51 -06:00
David Jimenez
d7c4a89106
Add max upstream connections dns-proxy option ( #290 )
...
* Add max upstream connections dns-proxy option
Allows defining a limit to the number of connections that can be
established with the upstream DNS host.
If left unset, there may be situations where connections fail to
establish, which causes the Transport to create an influx of connections
causing upstream to throttle our requests and triggering a runaway
effect resulting in high CPU usage. See https://github.com/cloudflare/cloudflared/issues/91
* Code review with proposed changes
* Add max upstream connections flag to tunnel flags
* Reduce DNS proxy max upstream connections default value
Reduce the default value of maximum upstream connections on the DNS
proxy to guarantee it works on single-core and other low-end hardware.
Further testing could allow for a safe increase of this value.
* Update dns-proxy flag name
Also remove `MaxUpstreamConnsFlag` const as it's no longer referenced in more than one place and to make things more consistent with how the other flags are referenced.
Co-authored-by: Adam Chalmers <achalmers@cloudflare.com>
2021-02-12 21:32:29 +04:00
Adam Chalmers
dbd90f270e
TUN-3864: Users can choose where credentials file is written after creating a tunnel
2021-02-05 11:20:51 -06:00
Adam Chalmers
dca77ee13e
TUN-3854: cloudflared tunnel list flags to sort output
2021-02-03 23:47:49 +00:00
Adam Chalmers
0d22106416
TUN-3848: Use transport logger for h2mux
2021-02-03 17:31:16 -06:00