DEV Community

Anim Mouse
Anim Mouse

Posted on

Expose your web server on GitHub Actions to the internet using Cloudflare Tunnel

#actionshackathon21 #cloudflare #webdev #tunnel

My Workflow

GitHub Actions runners are firewalled from the internet, so you can't test your web server outside of the runners. What if you need to test your web server on GitHub Actions interactively?

This GitHub Action installs the cloudflared Cloudflare Tunnel client and allows you to tunnel connections so that you can now access your server inside the GitHub Actions runners to the internet.

This is an example workflow that tunnels the Python Simple HTTP server so that it is accessible over the internet.

name: Test setup-cloudflared on: push: paths: - .github/workflows/test.yml jobs: test: runs-on: ubuntu-latest steps: - name: Setup cloudflared using setup-cloudflared uses: AnimMouse/setup-cloudflared@v1 with: cloudflare_tunnel_certificate: ${{ secrets.CLOUDFLARE_TUNNEL_CERTIFICATE }} cloudflare_tunnel_credential: ${{ secrets.CLOUDFLARE_TUNNEL_CREDENTIAL }} cloudflare_tunnel_configuration: ${{ secrets.CLOUDFLARE_TUNNEL_CONFIGURATION }} cloudflare_tunnel_id: ${{ secrets.CLOUDFLARE_TUNNEL_ID }} - name: Test cloudflared installed by setup-cloudflared using Python HTTP server for 5 minutes run: timeout 5m python -m http.server 8000 || true - name: Shutdown cloudflared using setup-cloudflared/shutdown if: always() uses: AnimMouse/setup-cloudflared/shutdown@v1
Enter fullscreen mode Exit fullscreen mode

Submission Category:

Maintainer Must-Haves

Yaml File or Link to Code 

name: Setup cloudflared description: Setup/Install Cloudflare Tunnel client for GitHub Actions branding: icon: cloud color: orange inputs: cloudflare_tunnel_certificate: description: Cloudflare Tunnel Certificate (cert.pem) required: true cloudflare_tunnel_credential: description: Cloudflare Tunnel Credential encoded in base64 (deadbeef-1234-4321-abcd-123456789ab.json) required: true cloudflare_tunnel_configuration: description: Cloudflare Tunnel Configuration encoded in base64 (config.yml) required: true cloudflare_tunnel_id: description: Cloudflare Tunnel ID (deadbeef-1234-4321-abcd-123456789ab) required: true autostart: description: Autostart Cloudflare Tunnel required: false default: true runs: using: composite steps: - name: Download cloudflared for Linux shell: bash working-directory: ${{ runner.temp }} run: aria2c -x 16 "https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64" - name: Install cloudflared shell: bash working-directory: ${{ runner.temp }} run: | chmod +x cloudflared-linux-amd64 mv cloudflared-linux-amd64 /usr/local/bin/cloudflared - name: Login to Cloudflare Tunnel client shell: bash env: cloudflare_tunnel_certificate: ${{ inputs.cloudflare_tunnel_certificate }} cloudflare_tunnel_credential: ${{ inputs.cloudflare_tunnel_credential }} cloudflare_tunnel_configuration: ${{ inputs.cloudflare_tunnel_configuration }} cloudflare_tunnel_id: ${{ inputs.cloudflare_tunnel_id }} run: | mkdir ~/.cloudflared/ echo $cloudflare_tunnel_certificate > ~/.cloudflared/cert.pem echo $cloudflare_tunnel_credential | base64 -d > ~/.cloudflared/${cloudflare_tunnel_id}.json echo $cloudflare_tunnel_configuration | base64 -d > ~/.cloudflared/config.yml - name: Run Cloudflare Tunnel if: inputs.autostart == 'true' shell: bash env: cloudflare_tunnel_id: ${{ inputs.cloudflare_tunnel_id }} run: | nohup cloudflared tunnel run > ${RUNNER_TEMP}/cloudflared.log 2>&1 & echo $! > ${RUNNER_TEMP}/cloudflared.pid
Enter fullscreen mode Exit fullscreen mode

GitHub logo AnimMouse / setup-cloudflared

Setup/Install Cloudflare Tunnel client for GitHub Actions

Setup cloudflared for GitHub Actions

Setup Cloudflare Tunnel client for GitHub Actions.

This action installs cloudflared for use in actions by installing it on tool cache using AnimMouse/tool-cache.

This GitHub action participated in the GitHub Actions Hackathon 2021, but sadly, it lost.

Test page for setup-cloudflared: https://setup-cloudflared.44444444.xyz (This will only work when the test action is running.)

Usage

To use cloudflared, run this action before cloudflared.

steps: - name: Setup cloudflared uses: AnimMouse/setup-cloudflared@v2 - name: Check cloudflared version run: cloudflared -v
Enter fullscreen mode Exit fullscreen mode

Cloudflare Tunnel Usage

Use Cloudflare Tunnel to expose servers running inside GitHub Actions to the Internet.

  1. Encode the JSON credential in Base64 using this command base64 -w 0 <cloudflare-tunnel-id>.json and paste it to CLOUDFLARE_TUNNEL_CREDENTIAL secret.
  2. Inside the config.yaml, set credentials-file: to
    1. Ubuntu: /home/runner/.cloudflared/<cloudflare-tunnel-id>.json
    2. Windows: C:\Users\runneradmin\.cloudflared\<cloudflare-tunnel-id>.json
    3. macOS: /Users/runner/.cloudflared/<cloudflare-tunnel-id>.json
  3. Encode the config.yaml in Base64 using this command base64 -w 0 config.yaml and…


View on GitHub


Additional Resources / Info

GitHub logo cloudflare / cloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)

Cloudflare Tunnel client

Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs. All usages related with proxying to your origins are available under cloudflared tunnel help.

You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic at Layer 4 (i.e., not HTTP/websocket), which is relevant for use cases such as SSH, RDP, etc. Such usages are available under cloudflared access help.

You can instead use WARP client to access private origins behind…

View on GitHub

Used by:

GitHub logo AnimMouse / SOCKS5-proxy-actions

SOCKS5 proxy running on GitHub Actions using Chisel

SOCKS5 Proxy Actions

SOCKS5 Proxy hosted on GitHub Actions.

Proof of concept Chisel's SOCKS5 Proxy running on GitHub Actions.

As GitHub Actions runner does not have a public IP address, we use Cloudflare Tunnel to have a tunnel to GitHub Actions runner.

This GitHub action participated on GitHub Actions Hackathon 2021, but sadly, it lost.

Your Computer > Cloudflare > GitHub Actions runner > GitHub Actions' Internet

Deprecation

This workflow is deprecated as this may potentially violate the GitHub Actions Terms of Service, please use AnimMouse/SOCKS5-Proxy-Codespaces instead.

Actions should not be used for:

  • cryptomining;
  • disrupting, gaining, or attempting to gain unauthorized access to, any service, device, data, account, or network (other than those authorized by the GitHub Bug Bounty program);
  • the provision of a stand-alone or integrated application or service offering the Actions product or service, or any elements of the Actions product or service, for commercial purposes;
View on GitHub

Top comments (0)