From 4ae902ee32a1c60255aaddd6bedbb32d5bad96ed Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Sun, 11 Dec 2022 00:59:31 -0800 Subject: infra: add cloudflare argo tunnel route rules --- jinwei.me/infra/.terraform.lock.hcl | 32 +++++++++++++++++--------------- jinwei.me/infra/cloudflare.tf | 24 ++++++++++++++++++++++++ jinwei.me/infra/outputs.tf | 4 +--- jinwei.me/infra/versions.tf | 2 +- 4 files changed, 43 insertions(+), 19 deletions(-) diff --git a/jinwei.me/infra/.terraform.lock.hcl b/jinwei.me/infra/.terraform.lock.hcl index e16e9bd..26d65b6 100644 --- a/jinwei.me/infra/.terraform.lock.hcl +++ b/jinwei.me/infra/.terraform.lock.hcl @@ -2,22 +2,24 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/cloudflare/cloudflare" { - version = "2.19.2" - constraints = "2.19.2" + version = "3.29.0" + constraints = "~> 3.29" hashes = [ - "h1:gcgDf0Ltyopd5j30oCcnjceCyRpJmSBhTTwldOFnJEc=", - "zh:35a4d37c7601b537e156a032730e2987f137017e38c9a1a383f75cfeccb1975e", - "zh:3bdb1544aef7469813a699ba8d322248c96ffa05573c2bb990e1297aa95473d0", - "zh:41a322d3eeeb0dde185ea7a9cafe952c445a683a6a372089f8d003d8d2f4b722", - "zh:447ec6386879ff56cd3a97fc5d20b428451a445f8846a0127f5788de9e213b3c", - "zh:4a1fa7c6c9e28916009fe3c7a9f7f944e8b4e307ab3d97a34d81ba66769160f6", - "zh:5a2cb0e8ddc725c78ba09a817105136f564c7f4fe0173633d82bc3f8005dc15a", - "zh:83c0edc0ddd6ad8e3c140dcecafccad69edd199d2526cc9be10d857316f3859e", - "zh:a5a1917943a9e8486dc3d0eb315bc899944fe67888e38b35999b6a79907ec762", - "zh:a5cfcd8ec0fd3d0c80de8c519ee07b1e899b8f86d5f6f5800bc959190df9eb93", - "zh:be3a37ef3f0991989a4e51e5fe16d9cf71571cb1ecb7a41b31d91c2ae2a3313d", - "zh:ef1155fd12e3528f686b6a59fc732e35265f8d08450bc27baf8ccebbcd4cff0c", - "zh:f3a2293a7ccb14fa16472c7948498d5a19cb5f26e3aeb1b59756c7f9045c277b", + "h1:iGDvVJ6kdlopyhR3ONeoh8gZWZg8+M/seP7VM7gOp1I=", + "zh:0947f7f9e0234aaeb6b5f344de4148a6379d05370937e1c255872697803c17cc", + "zh:17abb230abd852e0e4ed9921cd9aaf03336ad4a13a25b1040ed86cdbddf05123", + "zh:2ddf550dbdf5c58bbb8d14de6b2dc76627bb92787b99328300fb312c51e12d1f", + "zh:4645758bdefe52c1aa260368522aff6fcb4e508c918e9b2c263c9debd7d71684", + "zh:6047320a05d07045f7fb4b24c2540600473a94fc15a24ef99339a6690ab47dfe", + "zh:6db2d4e4bc3ab8b6107aec80a8041388c2a7722472c5efa6caf8435a453b1f33", + "zh:8b6b75a75567ae44a788128aebcbb59cebd9a9dbc4ddc1b05f4455734363d55a", + "zh:90c51deb4e96690ed73d8b8498d5ab2d7bb78597861bbef23fab18764371deb0", + "zh:9b0f89952afb5d00e31fb745f1ebb4ef677591ca62c002c744d23bcaa0d51e9a", + "zh:9cfe38d8ef5515d164f59b5f4ddc14bb8817051ea4efed54cb7834c66492dd79", + "zh:acf89e44b8643d52186ef5155c8889845681471abb60a933017cda9bc38d86ef", + "zh:c09205c6f1e39994c2f707cce0758a2cd16949b33566a724644593d2a616ea41", + "zh:c5412f2868592db091b91361b7a85fa3a1a97282e9e6e1c5883dd5f6b5f2e86c", + "zh:ff93702ca9a99863914718ae4214acffa1a72d481c8e1d3254ccf5930a2d7e10", ] } diff --git a/jinwei.me/infra/cloudflare.tf b/jinwei.me/infra/cloudflare.tf index aa94568..4f23b40 100644 --- a/jinwei.me/infra/cloudflare.tf +++ b/jinwei.me/infra/cloudflare.tf @@ -26,3 +26,27 @@ resource "cloudflare_argo_tunnel" "tunnel" { name = "${var.name}-aws-tunnel" secret = random_id.argo_secret.b64_std } + +resource "cloudflare_record" "tunnel_dns" { + zone_id = data.cloudflare_zones.domain.zones[0].id + name = "next.${var.site_domain}" + value = "${cloudflare_argo_tunnel.tunnel.id}.cfargotunnel.com" + type = "CNAME" + proxied = true +} + +resource "cloudflare_tunnel_config" "tunnel_route" { + account_id = var.cloudflare_account_id + tunnel_id = cloudflare_argo_tunnel.tunnel.id + + config { + ingress_rule { + hostname = "next.jinwei.me" + path = "/" + service = "http://127.0.0.1:30080" + } + ingress_rule { + service = "http_status:404" + } + } +} diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf index 9962113..46c9486 100644 --- a/jinwei.me/infra/outputs.tf +++ b/jinwei.me/infra/outputs.tf @@ -37,8 +37,6 @@ output "s3" { } output "tunnel" { - value = { - tunnel_secret = cloudflare_argo_tunnel.tunnel.secret - } + value = cloudflare_argo_tunnel.tunnel sensitive = true } diff --git a/jinwei.me/infra/versions.tf b/jinwei.me/infra/versions.tf index 3200530..62b3386 100644 --- a/jinwei.me/infra/versions.tf +++ b/jinwei.me/infra/versions.tf @@ -6,7 +6,7 @@ terraform { } cloudflare = { source = "cloudflare/cloudflare" - version = "2.19.2" + version = "~> 3.29" } } } -- cgit v1.2.3