Setting up DNS over HTTPS using cloudflared

I thought this would be a simple task, and it was now that I'm looking back on it. However the cloudflare documentation isn't clear when deploying to a dedicated server/container. So here's how I did it.

Install

This section is going to walk you through installing the cloudflared client as a service. The documentation is a bit vague and shows you how to spin up the client but leaves out some important info regarding running it as a service.
  • Install the package, as root, for your OS here.
  • Create /etc/cloudflared/config.yml (see below for contents)
  • Run the client to generate the .pem certs.
    • `cloudflared proxy-dns`
    • The certs won't be put in `/etc/cloudflared` by default. Instead they can be found in roots home dir `/root/.cloudflared`.
    • Move the `cert.pem` to `/etc/cloudflared`.
  •  Now you can install the service
    • `cloudflared service install`
  • Ensure that the service enabled and running via systemctl.
    • `systemctl status cloudflared.service`

config.yml:

Yes this is a '.yml' file. The docs show a config.yaml when running the app, but the service has have a config.yml file. Also all configs need to be in `/etc/cloudflared/` not in `/usr/local/etc/..`. That is another dependency they don't really point out.

proxy-dns: true
proxy-dns-address: 0.0.0.0
proxy-dns-port: 53
proxy-dns-upstream:
  - https://1.1.1.1/dns-query
  - https://1.0.0.1/dns-query
loglevel: debug
logfile: /var/log/cloudflared/cloudflared.log
pidfile: /run/cloudflared.pid

Saltstack sls and configs necessary to automate everything above:

Download Here

References:

https://developers.cloudflare.com/1.1.1.1/dns-over-https/

Comments

Post a Comment

Popular posts from this blog

pfSense DHCP: Dynamic DNS Updates to a Windows DNS server over a Site-to-Site VPN.

Image
Scenario: Remote site running on pfSense SG-1000 (or other appliance) isn't updating DNS with hosts obtained via pfSense DHCP. Site1 : AD/DNS/DHCP pfSense firewall Site to Site VPN connection to site2 Site2: pfSense firewall appliance running DHCP Site to Site VPN connection to site1 Prerequisites: DHCP: Credentials for DNS Forward and reverse lookup zones Allow DNS secure/non-secure updates DHCP > IPV4/6 > Properties DNS > domain > properties Solution: On the pfSense box in Site2, enable DNS Dynamic Updates. Services > DHCP Server > Dynamic DNS > Advanced Options Resources : DHCP: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server
Read more

Python Flask: Web apps in seconds

Flask is a python microframework that makes creating web apps easy. It reminds me a lot of AngularJS, but I find it easier to set up and use. Their site is a great live demo  http://flask.pocoo.org/. Create a frontend using this, deploy with docker, app engine, beanstalk, etc... and you have a scalable app that can be used anywhere. Excerpt from their site: Flask is a microframework for Python based on Werkzeug, Jinja 2 and good intentions. And before you ask: It's  BSD licensed ! Latest Version:  0.12.2 Flask  is Fun from flask import Flask app = Flask(__name__) @app.route("/") def hello(): return "Hello World!" And Easy to Setup $ pip install Flask $ FLASK_APP=hello.py flask run * Running on http://localhost:5000/
Read more