Cloudflare offers (amongst it's rich services) a tunnel daemon that can expose your a specified port to your customers while hiding your CAS server IP and protecting your system. The “cloudflared” daemon is used for this purpose.
This tunnel is useful for exposing the REST API (port 7743) required by:
Veriff,
Lightning’s LNURL,
Onfido,
Morphis,
Operator Extensions.
...
You must have a Cloudflare account (free) and their DNS services (paid) to use this option.
...
Create your Cloudflare tunnel
Navigate to: https://one.dash.cloudflare.com/
Create a tunnel.
...
Enter a name:
...
Save it:
...
Select your Environment:
...
OS: Debian,
Architecture: 64-bit
Copy the installation command:
...
Paste it into a SSH window on your CAS system, and
press Enter.
...
Enter the tunnel endpoints.
All tunnel configuration is performed at this web page (no further changes at the CAS server).
...
Click on “TLS”, and
enable the option “No TLS Verify”. Self-signed certificates cannot be TLS verified.
...
Finally:
Save it (click “Save tunnel” in the bottom right corner).
...
The tunnel will now be active and should be “live”, forwarding the REST API from CAS to your subdomain.
Test the tunnel
Using a browser, navigate to this test URL: https://cas-rest-api.yourcasdomain.com/extensions/lnurl
...
| Tip |
|---|
The browser should display this simple line of text: “BATM LNURL REST Service" |
...
Troubleshooting
You may start the Cloudflared daemon in the foreground to watch live activity.
Stop the daemon:
sudo systemctl stop cloudflaredStart it manually:
| Code Block |
|---|
/usr/bin/cloudflared --no-autoupdate tunnel run --token insert_your_token_here |
Look at the logs.
Working directory for the daemon using this article:
/usr/local/etc/cloudflared
...