consultoria-as/ATLAS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0dfce3ce20a6ec0a3efc839d82ab375fac3ac5d3
ATLAS/deploy/cloudflare/config.yml
FlotillasGPS Developer 6d24ad6f61 Renombrar FlotillasGPS a ADAN en todo el proyecto
2026-01-21 08:26:01 +00:00

136 lines
4.0 KiB
YAML
Raw Blame History

# ============================================
# Cloudflare Tunnel - Configuracion
# ============================================
# Documentacion: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
#
# Para usar esta configuracion:
# 1. Instalar cloudflared: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation
# 2. Autenticarse: cloudflared tunnel login
# 3. Crear tunnel: cloudflared tunnel create adan
# 4. Obtener el UUID del tunnel y actualizar este archivo
# 5. Crear registros DNS: cloudflared tunnel route dns adan adan.tudominio.com
# 6. Copiar credenciales a /etc/cloudflared/
# ============================================
# ID del tunnel (reemplazar con tu UUID)
tunnel: TUNNEL_UUID_AQUI
# Archivo de credenciales
credentials-file: /etc/cloudflared/TUNNEL_UUID_AQUI.json
# Configuracion de logging
loglevel: info
logfile: /var/log/cloudflared.log
# Metricas (opcional)
metrics: localhost:60123
# No auto-actualizar
no-autoupdate: true
# Configuracion de ingress (rutas)
ingress:
# ----------------------------------------
# API Backend - /api/* y /docs
# ----------------------------------------
- hostname: adan.tudominio.com
path: /api/*
service: http://localhost:8000
originRequest:
connectTimeout: 30s
noTLSVerify: false
- hostname: adan.tudominio.com
path: /docs
service: http://localhost:8000
- hostname: adan.tudominio.com
path: /redoc
service: http://localhost:8000
- hostname: adan.tudominio.com
path: /openapi.json
service: http://localhost:8000
# ----------------------------------------
# WebSocket - /ws/*
# ----------------------------------------
- hostname: adan.tudominio.com
path: /ws/*
service: http://localhost:8000
originRequest:
# Importante para WebSocket
noTLSVerify: false
# Mantener conexion abierta
keepAliveConnections: 100
keepAliveTimeout: 90s
# ----------------------------------------
# Video Streaming - WebRTC/HLS
# ----------------------------------------
- hostname: stream.adan.tudominio.com
path: /*
service: http://localhost:8889
originRequest:
noTLSVerify: false
- hostname: hls.adan.tudominio.com
path: /*
service: http://localhost:8888
# ----------------------------------------
# API de MediaMTX (interno/admin)
# ----------------------------------------
- hostname: mediamtx-api.adan.tudominio.com
path: /*
service: http://localhost:9997
originRequest:
# Solo acceso interno
noTLSVerify: false
# ----------------------------------------
# Frontend Web - Todo lo demas
# ----------------------------------------
- hostname: adan.tudominio.com
service: http://localhost:3000
originRequest:
noTLSVerify: false
# ----------------------------------------
# Catch-all (requerido)
# ----------------------------------------
- service: http_status:404
# ============================================
# Notas de configuracion
# ============================================
#
# DOMINIOS RECOMENDADOS:
# - adan.tudominio.com -> Frontend + API
# - stream.adan.tudominio.com -> Video WebRTC
# - hls.adan.tudominio.com -> Video HLS
#
# INSTALACION RAPIDA CON TOKEN:
# Si prefieres usar token en lugar de archivo de config:
# 1. Ir a Cloudflare Zero Trust Dashboard
# 2. Access -> Tunnels -> Crear tunnel
# 3. Copiar token
# 4. Ejecutar: cloudflared tunnel run --token TU_TOKEN
#
# PUERTOS EXPUESTOS A TRAVES DEL TUNNEL:
# - 3000: Frontend (serve)
# - 8000: Backend API (uvicorn)
# - 8889: MediaMTX WebRTC
# - 8888: MediaMTX HLS
# - 9997: MediaMTX API (admin)
#
# PUERTO NO EXPUESTO (acceso directo):
# - 5055: Traccar GPS (dispositivos GPS se conectan directamente)
#
# SEGURIDAD ADICIONAL:
# Configura Access Policies en Cloudflare Zero Trust para:
# - Proteger /docs y /redoc (solo administradores)
# - Proteger mediamtx-api (solo interno)
# - Requerir autenticacion para rutas sensibles
# ============================================
Reference in New Issue View Git Blame Copy Permalink