Versions Compared

Old Version 30

changes.mady.by.user Charles Wernicke

Saved on

compared with

New Version Current

changes.mady.by.user Charles Wernicke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Cloudflare offers (amongst it's rich services) a tunnel daemon that can expose your a specified port to your customers while hiding your CAS server IP and protecting your system. The “cloudflared” cloudflareddaemon is used for this purpose.

This tunnel is useful for exposing the REST API (port 7743) required by:

  • Veriff,

  • Lightning’s LNURL,

  • Onfido,

  • Morphis,

  • Operator Extensions.

The tunnel may not currently work with Veriff.The essential idea is that these CAS services can thus be mapped to a subdomain on your website while utilizing the Cloudflare DNS to hide your server IP.

...

.

  • This is a suitable replacement for an NGINX proxy server.

  • The tunnel will enjoy the same certification of as your website.

  • Configuration is much simpler (no firewalls or proxy server manipulation required).

You must have a Cloudflare account (free) and their DNS services (paid) to use this option.

...

Create your Cloudflare tunnel

Navigate to: https://one.dash.cloudflare.com/

Create a tunnel.

...

Enter a name:

...

Save it:

...

Select your

...

Environment:

...

  • OS: Debian,

  • Architecture: 64-bit

...

...

Copy the installation command:

...

  • Paste it into your a SSH window on your CAS system, and

  • press Enter.

...

Enter the tunnel endpoints.

  • All tunnel configuration is performed at this web page (none no further changes at the CAS server).

...

  • Any Subdomain is fine - but customers may see it - so don’t get crazy or use something that might cause you security issuesVeriff requires the Subdomain to be RFC 952 compliant (only letters, digits, and hyphens).

  • Choose your Domain (it should already be listed in the dropdown box).

  • Type must be HTTPS.

  • The URL for the CAS port is determined by the “Master IP” setting using batm-manage info.

    • The URL in this example (and most cases): 10.3.2.1:7743

    • The internal port for CAS extensions is always: 7743.

Open/expand “Additional application settings” towards the bottom:

...

  • Click on “TLS”, and

  • enable the option “No TLS Verify”. Self-signed certificates cannot be TLS verified.

...

Finally:

  • Save it (click “Save tunnel” in the bottom right corner).

...

The tunnel will now be active and should be “live”, forwarding the REST API from CAS to your subdomain.

Test the tunnel

Using a browser, navigate to this test URL: https://agent86.yourdomaincas-rest-api.yourcasdomain.com/extensions/lnurl

  • Replace cas-rest-api.yourcasdomain.com with your actual domain.

Tip

The browser should show display this simple line of text: “BATM BATM LNURL REST Service"

...

Troubleshooting

You may start the Cloudflared daemon in the foreground to watch live activity.

  1. Stop the daemon: sudo systemctl stop cloudflared

  2. Start it manually:

Code Block
/usr/bin/cloudflared --no-autoupdate tunnel run --token insert_your_token_here

Look at the logs.

...