Exactly as you said and I like it… too speculative and to shallow. Ask users what they think? Be it pro or GPL. Don’t get me wrong, I make enough but I think open source does not mean it’s free. Additional services to keep up to date with numbers like 4 Devs doing already opensource big favour for ,free, is not for me. Those things have to be properly think beforehand so you don’t end up with nonfunctional crap supporting those who paid support already, you know even start this will have costs included, unless you provide generosity and set this thing on your end for your own time and costs - yes I can see this as plugin maybe otherwise it’s another pull a leg on team. - why don’t you do same thing for your wiki censored by some kind of regime already? Do you? I’m not here to fight with you, I’m here to tell you, many of GPL and pro have in house ip scripts for this. Also you forgot that I told you on that long call, that virtualmin is perfect for your wiki…yes been years now 
anyways I think it needs to be think how you deploying this and how it will be managed by admins and users also the costs. Right now I see and feel your hype same as the conman Elon? - I see no blood in body regards those critical points, unless you going to run this on your home broadband. Sorry to be brutal, it’s life and we all grown up now. Ask users, create some vote with questions like how much you would pay and then come back here with results publicly. I believe vmin guys will be happy to assist you with this. Unless that happens I rather support Illia with monthly donations or virtualmin project it self without using licence. Once again not fighting anyone, but overloaded positivity and MLM palava will put you to 11 chapter. That’s my 2p for you. Vmin guys doing great even without additional palava on top of the head. - have nice day everyone.
Also ask users what on earth will happen when one day your beloved pagekit will just pull the plug, it happening all the times…
Validate idea (Do the various stakeholders like the idea?) - stakeholders? Really? - you’re delusional mate.
Clearly you are a bit behind… ask virtualmin user gpl and pro and come back public here…
@unborn man, sorry, tried to read twice but I still don’t get it, except that you are quite aggravated with @marclaporte
Fine. But… this is in the blue skies section, probably the last area where one should set everything on fire. Can’t burn the cloud man…
This free service Argo Tunnel from Cloudflare looks like it should do the self hosting without static IP address, and/or behind your ISP double NAT which was impossible before without this as incoming ports would be blocked by your ISP double NAT so traffic couldn’t have normally ever reached your localhost.
Has anyone tried the PageKite and got it working?
Not yet. The Argo Tunnel looks very interesting as well. Any chance you can try?
Thanks!
Tor does that without much fuzz.
Argo tunnel seems to do a similar thing as pagekite.
after a small read, it seems it’s just an ssh tunnel using a clouflare domain to reach your site. (brrrr) some bug reports of blocking/restricting access to that subdomain, also available on github… anyway, something you could DIY, why hand over your data over at Cloudflare?
better use Pagekite in that case.
ps. and yes, i had pagekite running a decade ago, thought it was dead by now…
Busy today, if anyone on this thread has a localhost web server on your laptop/PC, you should try to install pagekite by following the quickstart guide, and see how it performs, when you browse your web server using your pagekite subdomain name! Pagekite - QuickStart Guide - pagekite.py v0.4.x
I made a basic Cloudflare “Quick tunnel”, for your local Debian/Ubuntu Linux computer to host Virtualmin with a temporary URL from cloudflare.
If you have your local Virtualmin running on port 10000, you can try this.
NOTE it prints your temporary URL on the terminal.
You have to copy paste that URL into a browser to try connecting to your local Virtualmin:
wget -O - https://github.com/chris001/CGNAThome/raw/main/start-tunnel.sh | bash
Virtualmin is giving this error message, almost there!:
Error — Document follows
This web server is running in SSL mode. Trying to redirect to
https://localhost:10000/instead …
Yup, you are almost there.
We see this message from Virtualmin when we access the web interface on port 10000 on http instead of https.
From this I can infer that whatever Cloudflare is doing with its quick tunnel, the end result is that the Virtualmin web interface is being accessed via http. If you could use https, all will be well I think.
Almost there…
502 Bad Gateway
Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared
Minor success, it works when you turn off SSL ssl=0 in minserv.conf however that’s an unacceptable risk! I’ll continue to work to get it to run with Virtualmin’s self signed cert.
Thanks, Chris. As I understand the main tool here would be cloudflared, that will run a daemon to proxy connections to Cloudflare?
Yes and No with the daemon. There is 2 types of tunnel. 1. This Quick Tunnel, runs that binary, when user presses Ctrl-C, it exits and closes the tunnel. 2. The persistent tunnel, uses same binary, plus systemd daemon service, with unit files (provided by CF) which we have to install with our script code with details provided by CF, this persistent tunnel requires user register a CF account (free), buy a domain name from any registrar (cheapest online now is $3/3 years), with domain DNS hosted at CF (free) so CF can update the IP address in DNS when the tunnel notifies it moved to a new IP, also user might want to create a subdomain in their CF hosted DNS to dedicate to the tunnel, click in CF to create a named tunnel associated with their domain or subdomain name, and copy Tunnel ID and other data for input to script to pass to binary to securely login to CF, plus set maybe one or two other settings in CF tunnel panel.
EDIT: they have a Cloudflared Tunnel API to do the above thru a web service instead of command line
Ideally would be nice to support both Quick (temporary) and persistent Tunnel.
Maybe persistent tunnel with user’s custom domain name should be Pro only feature!
I continue to explore adding this persistent tunnel code to script in most easy way and with least possible demands on user to go enter settings in their CF panel although it is one time only, not so bad.
Both tunnel types require the self signed cert have the subjectAltName as far as I know.
The localhost is probably not required to include on the cert, you can use the Virtualmin hostname provided by the user, it’s OK if it’s not a valid resolving DNS hostname.
Example: Four Commands to make a self signed cert and key pair which CF will allow to connect (has subjectAltName in correct way).
$ openssl genrsa -out ca.key 2048
$ openssl req -new -x509 -days 365 -key ca.key -subj "/C=IN/ST=KA/L=BL/O=Chris001, Inc./CN=Chris001 Root CA" -out ca.crt
$ openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=IN/ST=KA/L=BL/O=Chris001, Inc./CN=localhost" -out server.csr
............+..+.+.........+...+.....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.....+...+....+.........+............+.....+...+....+..+....+.....+.+.........+.....+.......+............+..+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.....+.............+..+...+............+...+.+.....+.+........+.......+..+.......+........+...+...+.+...+...+.....+........................+...+.............+..+...+....+......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+....................+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
$ openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
Certificate request self-signature ok
subject=C = IN, ST = KA, L = BL, O = "Chris001, Inc.", CN = localhost
$
I got it working with a custom domain name!
Next is to make it a service daemon with the provided systemd unit files.
UPDATE: Testing the systemd service daemon with user provided custom domain name
Bump! To keep this topic open.
Thanks, I hope there is a how-to about this. It could be a useful feature to have. The largest ISP in India operates behind a double NAT and if we could get Virtualmin to run on it, there is sure to be interest.
My goal is to make it work as simple as possible for the average user, with the most basic or no skills required. Preferably no skills.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.