-
Notifications
You must be signed in to change notification settings - Fork 69
Advanced Setups
The following guide will help you setup Cloudflare's Zero Trust application service tunnel called cloudflared. Typically this is used to secure internal applications using the Zero Trust authentication system, of which you can utilize Google/Microsoft authentication.
Another reason is to expose your applications from within your home network where your service provider might block port 80/443.
You'll need a Cloudflare account, and you will also need a domain name setup on cloudflare.
Ensure you have access Zero Trust section so that it's setup in your account.
The cloudflared service needs to be configured in your docker-compose.yml file.
tunnel:
container_name: cloudflared-tunnel
image: cloudflare/cloudflared
restart: unless-stopped
command: tunnel run
environment:
- TUNNEL_TOKEN=mytokengoeshere
This needs to be written up but here's quick guide.
https://fossengineer.com/selfhosting-cloudflared-tunnel-docker/
This needs to be written up but here's quick guide.
Create a directory called traefik and create a file called docker-compose.yml
version: '3'
services:
traefik:
image: traefik:v2.2
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- traefik-proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /srv/traefik/traefik.yml:/traefik.yml:ro
- /srv/traefik/acme.json:/acme.json
- /srv/traefik/logs:/var/log/traefik
- /srv/traefik/configuration:/configuration
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
# This is the domain to use for traefik status interface
- "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
# # Generate password using bcrypt - https://bcrypt-generator.com/
- "traefik.http.middlewares.traefik-auth.basicauth.users=user:$$apr1$$WysFYSH.$$Melp8/Th0Lam3B/LkiMVl."
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
traefik-proxy:
external: true
Edit the docker-compose.yml for CRCON and add the following labels to the frontend service under networks
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.rcon.rule=Host(`rcon.domain.com`)"
- "traefik.http.middlewares.rcon-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.rcon.middlewares=rcon-https-redirect"
- "traefik.http.routers.rcon-secure.entrypoints=https"
- "traefik.http.routers.rcon-secure.rule=Host(`rcon.domain.com`)"
- "traefik.http.routers.rcon-secure.tls=true"
- "traefik.http.routers.rcon-secure.tls.certresolver=http"
- "traefik.http.routers.rcon-secure.service=rcon"
- "traefik.http.services.rcon.loadbalancer.server.port=80"
- "traefik.docker.network=traefik-proxy"
- "traefik.http.routers.stats.rule=Host(`stats.domain.com`)"
- "traefik.http.middlewares.stats-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.stats.middlewares=stats-https-redirect"
- "traefik.http.routers.stats-secure.entrypoints=https"
- "traefik.http.routers.stats-secure.rule=Host(`stats.domain.com`)"
- "traefik.http.routers.stats-secure.tls=true"
- "traefik.http.routers.stats-secure.tls.certresolver=http"
- "traefik.http.routers.stats-secure.service=stats"
- "traefik.http.services.stats.loadbalancer.server.port=7010"
This ensures that traefik can access the frontend docker instance.
frontend_1: &frontend
image: ${FRONTEND_DOCKER_REPOSITORY}:${TAGGED_VERSION}
ports:
- ${RCONWEB_PORT}:80
- ${RCONWEB_PORT_HTTPS}:443
- ${PUBLIC_STATS_PORT}:81
- ${PUBLIC_STATS_PORT_HTTPS}:444
restart: always
environment:
RCONWEB_EXTERNAL_ADDRESS: ${RCONWEB_EXTERNAL_ADDRESS}
HLL_HOST: ${HLL_HOST}
volumes:
- ./static:/static/
- ./certs:/certs/
depends_on:
backend_1:
condition: service_healthy
networks:
- server1
- traefik-proxy
- common
Find the networks section at the top of the docker-compose.yml file and add traefik-proxy
networks:
server1:
server2:
server3:
common:
traefik-proxy:
external: true
HLL Advanced RCON - Join the discord
Getting Started
Additional Setup
- Discord Integration
- Manual backup
- Update or downgrade
- Migrate CRCON to another VPS
- Replace the game server managed in CRCON
- Adding a game server to manage in CRCON
- Automated database backup
- Multiple CRCON Installs
Server Provider Setups
User Guide
- Navigation
- Views tab
- Records tab
-
Settings Tab
- Settings ‐ Settings
- Map manager
- Audit webhooks
- Admin ping webhooks
- Watchlist webhooks
- Camera webhooks
- Chat webhooks
- Kill/TK webhooks
- Level auto mod
- No leader auto mod
- Seeding auto mod
- No solo tank auto mod
- RCON game server configuration
- CRCON settings
- Chat Commands
- Scorebot
- Steam API
- VAC/Game bans
- TK ban on connect
- Name kicks
- Log Line Webhooks
- Expired VIP
- GTX server name change
- Log stream
- Stats Tab
- Login/Logout
User Guide : Autosettings
User Guide : Admin interface
Developer Guides
- CRCON API
- Miscellaneous
- HLL RCON Commands
- v9 to v10 API Changes
- Variables and Names
- Remotely connect to the PostgreSQL database
Help
- Hell Let Loose Server
- Hell Let Loose FAQ
- CRCON FAQ
- CRCON Troubleshooting
- CRCON Support
- Submitting Github Issues
- HLL Community RCON Discord
Other