February 1, 2021

Setting up Cloudflare

The final step is Setting up Cloudflare to proxy traffic to your pi. It requires running another script on your pi and a couple of browser tabs.

The script is run by doing sudo setupcf.sh which starts off by checking the version of the "cloudflared" program and offering to try and download a new one

server@micronetia:~/blog $ sudo setupcf.sh 
Current Cloudflared version
cloudflared version 2021.1.5 (built 2021-01-18-1215 UTC)
Do you want to try to download a newer version of cloudflared?

If you see "Segment fault" at this point you have an older pi and will need to see the pizero discussion in the Hardware page for how to get the right cloudflared. If the version is fairly recent there's no need to try downloading a new one.

Then it runs cloudflared to print out a link that you copy into your browser

Do you want to try to download a newer version of cloudflared?n
Connecting to cloudflare to log this device into your account, copy the URL into your browser
Please open the following URL and log in with your Cloudflare account:


Leave cloudflared running to download the cert automatically.
2:34AM INF Waiting for login...

In the browser, if you are not already logged in to your account you will need to log in and are then redirected to a page like the one below, if not it shows up immediately.

Select the domain (for most people there is only one)

Confirm that it is what you want and see the following message in the browser:

If your browser offers to download a file called cert.pem at this point you can ignore this.

Going back to the terminal session you should see the following.

You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
Creating Cloudflared tunnel, routing it to this pi and so on.

Blog hostname (e.g. blog.mydomain.com):

Answer the question and then once you've checked that it is correct hit Y (or hit N and re-enter). Please make sure before you do this that the hostname is not currently pointing to anything. Also it needs to not be the domain you registered. i.e. if you registered mydomain.com your blog can be blog.mydomain.com or www.mydomain.com or somethingverylong.mydomain.com. It cannot be plain mydomain.com (we can point mydomain.com to the ghost hostname later if you want to do that)

You can choose any name you want, in the example below I use "example.devtru.st"

Blog hostname (e.g. blog.mydomain.com): example.devtru.st
Blog to be hosted at https://example.devtru.st/
Is this correct? (Y/N): y
2:35AM INF Tunnel credentials written to /root/.cloudflared/0f7a1303-c386-dead-beef-e78385062e4f.json. cloudflared chose this file based on where your origin certificate was found. Keep this file secret. To revoke these credentials, delete the tunnel.
2:35AM INF Created tunnel example-tunnel with id 0f7a1303-c386-4159-a865-e78385062e4f
2:35AM INF Added CNAME example.devtru.st which will route to this tunnel tunnelID=0f7a1303-c386-dead-beef-e78385062e4f
2:35AM INF Starting tunnel tunnelID=0f7a1303-c386-4159-a865-e78385062e4f
2:35AM INF Version 2021.1.5
2:35AM INF GOOS: linux, GOVersion: go1.15.6, GoArch: arm
2:35AM INF Settings: map[hello-world:true hostname:example.devtru.st]
2:35AM INF cloudflared will not automatically update when run from the shell. To enable auto-updates, run cloudflared as a service: https://developers.cloudflare.com/argo-tunnel/reference/service/
2:35AM INF Initial protocol h2mux
2:35AM INF Starting metrics server on
2:35AM INF Starting Hello World server at
2:35AM INF Connection 8ab130fa-861f-4046-8333-a0b8d36cc889 registered connIndex=0 location=SIN
2:35AM INF Connection 0b11f5d4-bfa9-4c1e-809c-c8ab607f86f7 registered connIndex=1 location=NRT
2:35AM INF Connection e84a4d59-065b-4c05-a971-0ca79b4bbd2d registered connIndex=2 location=SIN
2:35AM INF Connection 767ff141-e4fd-4b40-9468-0e678fe77374 registered connIndex=3 location=NRT

Assuming no errors you can now go visit your blog hostname (whatever you entered above) in a browser and hopefully you have a page like this:

Then go back to the terminal and press CRTL-C to end the tunnel

^C2:36AM INF Initiating graceful shutdown due to signal interrupt ...
2:36AM INF Quitting...
2:36AM INF mux - metrics: Stopping mux metrics updater
2:36AM INF Metrics server stopped
2:36AM INF mux - metrics: Stopping mux metrics updater
2:36AM INF mux - metrics: Stopping mux metrics updater
Check to make sure no errors

hostname: example.devtru.st
url: http://localhost:2368
tunnel: 0f7a1303-c386-dead-beef-e78385062e4f
credentials-file: /root/.cloudflared/0f7a1303-c386-dead-beef-e78385062e4f.json
\n 0f7a1303-c386-dead-beef-e78385062e4f.json
{"AccountTag":"14a7a3c4fJHGKJHG1c7fce5ab140fb05","TunnelSecret":"iOVih5N7OGmmfg/pyPVdU5nHASHHASJHAS=","TunnelID":"0f7a1303-c386-dead-beef-e78385062e4f","TunnelName":"example-tunnel"}Install as service?

Assuming the "You create a tunnel" page showed up and the text in your terminal looks similar to the above answer Y to make it a service that starts up automatically when the pi boots up and runs all the time.

If it doesn't enter N and refer to the (currently non-existent) troubleshooting section

Install as service?y
2:37AM INF Using Systemd
2:37AM INF systemctl daemon-reload
updating the ghost config to use https://example.devtru.st/
✔ Restarting Ghost
server@micronetia:~ $ 

The Pi is now up and serving your blog. So go check that by going to the url in the terminal (https://example.devtru.st/ in this case) and seeing that it displays your blog. Finally go to the /ghost/ url on the domain (i.e. https://example.devtru.st/ghost/ ) and login write your first real post.

Congratulations. You have set up your micronetia node. If you want to link it to others drop me a line (micronetia AT devtru  DOT st ) and I'll add it to the links page on this blog