fix cloudflare tunnels (#1076)

The Server didn't have correct permissions to create the directory for the cloudflare config. Have docker do it instead. Also the credentials file key was incorrect.
2026-06-21 16:10:53 +00:00 · 2025-06-06 16:13:05 -07:00
parent fcc2574ffc
commit 8192fe1cfe
6 changed files with 14 additions and 12 deletions
@@ -59,5 +59,8 @@ COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 COPY startup.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/startup.sh

+RUN mkdir -p /tmp/.cloudflared && chmod 777 /tmp/.cloudflared
+ENV CF_CONFIG_DIR=/tmp/.cloudflared
+
 # Use the startup script as the entrypoint
 ENTRYPOINT ["/usr/local/bin/startup.sh"]
@@ -60,6 +60,7 @@ export interface ServerConfig {
  subdomain(): string;
  cloudflareAccountId(): string;
  cloudflareApiToken(): string;
+  cloudflareConfigDir(): string;
 }

 export interface NukeMagnitude {
@@ -78,6 +78,9 @@ export abstract class DefaultServerConfig implements ServerConfig {
  cloudflareApiToken(): string {
    return process.env.CF_API_TOKEN ?? "";
  }
+  cloudflareConfigDir(): string {
+    return process.env.CF_CONFIG_DIR ?? "";
+  }
  private publicKey: JWK;
  abstract jwtAudience(): string;
  jwtIssuer(): string {
@@ -1,7 +1,6 @@
 import { spawn } from "child_process";
 import { promises as fs } from "fs";
 import yaml from "js-yaml";
-import { homedir } from "os";
 import { join } from "path";
 import { logger } from "./Logger";

@@ -36,7 +35,7 @@ interface DNSRecordResponse {

 interface CloudflaredConfig {
  tunnel: string;
-  credentials_file: string;
+  "credentials-file": string;
  ingress: Array<{
    hostname?: string;
    service: string;
@@ -45,17 +44,12 @@ interface CloudflaredConfig {

 export class Cloudflare {
  private baseUrl = "https://api.cloudflare.com/client/v4";
-  private configDir: string;

  constructor(
    private accountId: string,
    private apiToken: string,
-    configDir: string = "~/.cloudflared",
+    private configDir: string,
  ) {
-    this.configDir = configDir.startsWith("~")
-      ? join(homedir(), configDir.slice(1))
-      : configDir;
-
    log.info(`Using config directory: ${this.configDir}`);
  }

@@ -155,9 +149,6 @@ export class Cloudflare {
  ): Promise<string> {
    log.info(`Creating local config for tunnel ${subdomain}.${domain}...`);

-    // Ensure config directory exists
-    await fs.mkdir(this.configDir, { recursive: true });
-
    const configPath = join(this.configDir, `${tunnelName}.yml`);
    const credentialsFile = join(this.configDir, `${tunnelId}.json`);

@@ -181,7 +172,7 @@ export class Cloudflare {

    const tunnelConfig: CloudflaredConfig = {
      tunnel: tunnelId,
-      credentials_file: credentialsFile,
+      "credentials-file": credentialsFile,
      ingress: [
        ...Array.from(subdomainToService.entries()).map(
          ([subdomain, service]) => ({
@@ -36,6 +36,7 @@ async function setupTunnels() {
  const cloudflare = new Cloudflare(
    config.cloudflareAccountId(),
    config.cloudflareApiToken(),
+    config.cloudflareConfigDir(),
  );

  const domainToService = new Map<string, string>().set(
@@ -4,6 +4,9 @@ import { GameMapType } from "../../src/core/game/Game";
 import { GameID } from "../../src/core/Schemas";

 export class TestServerConfig implements ServerConfig {
+  cloudflareConfigDir(): string {
+    throw new Error("Method not implemented.");
+  }
  domain(): string {
    throw new Error("Method not implemented.");
  }