Update dns-over-https.md #186
Conversation
|
BTW ideally we should list an official way to uninstall cloudflared but I had trouble with the service removal on my test system. EDIT: Now that I think about it, maybe it'd be better if we had both ways listed. I'll update the patch tomorrow. |
|
Alright, I added the changes. I'd like a couple more confirmations in case I missed something, but this feels a lot simpler. |
May be worth adding in a note at the bottom that says to uninstall use the Out of interest, what troubles did you face when trying to remove it? Personally I've gone the route of |
|
I couldn't get the service removed but maybe I missed something because I was tired when I tried it :P Other than that, I'm not 100% sure about the potential security issues because in the original implementation the user has limited rights. I can add a new paragraph about uninstalling cloudflared for both ways; for the manual way I've done quite a few times with 100% success. |
|
Alright, I added a few more info. Please someone else try this before merging. |
| Now install the service via `cloudflared`'s [service command](https://developers.cloudflare.com/argo-tunnel/reference/arguments/#service-command): | ||
|
|
||
| ```sh | ||
| sudo cloudflared service install |
There was a problem hiding this comment.
I tried doing this but got an error about the cert.pem file. That said, it is likely I did something wrong. In any case, time for a reflash of my Pi. I will try again later (and on a droplet, this time...)
There was a problem hiding this comment.
I will also try it tomorrow on my Pi, but being I don't currently have it backed up, you know, I'm extra careful :)
Oh, BTW when using this command, there's an extra option being passed which I think we should probably have it in the manual way too. --no-autoupdate=true https://developers.cloudflare.com/argo-tunnel/reference/arguments/#no-autoupdate
|
@PromoFaux I had the path wrong for the automatic way. Now it works, I just tested it again. |
|
I've been using the automatic install method for weeks now without any issues. As long as we make sure we don't mind cloudflared running as root, I think it's way simpler to use this way as the recommended way |
|
Nothing should really run as |
|
I'm not sure about it. Here are their docs https://developers.cloudflare.com/argo-tunnel/reference/service/ |
|
They probably don't care about such (actually not even that subtle) security measures. I have not found anything indicating a drop of privileges there. |
|
Is this ready for merge? |
|
I don't think so. See the above comments. We could still offer the official solution and highlight the fact that cloudflared will run as root. |
|
Probably the only option. I don't think there's a canonical way to run without root priv. Might be able to do it with systemd service files but it's a problem for CF to solve. |
|
Deploy preview for pihole-docs ready! Built with commit 3d0c1dc |
Recent versions of cloudflared include a service install/uninstall command which saves some manual steps. Also add uninstall and update steps.
|
Builds seem to be stalled. There was a GitHub glitch a hour or so ago. |
Recent versions of cloudflared include a service install/uninstall command which saves some manual steps
I only tested this on Raspbian buster and not for a long time, but it does seem to work. Let me know what you think
sudo systemctl disable cloudflaredandsudo systemctl daemon-reloadPreview: https://deploy-preview-186--pihole-docs.netlify.com/guides/dns-over-https/