Contents

Preface

In the previous article, I used Cloudflare Tunnel to implement the "load balancing", "multi-active", and "automatic redundancy" functions of multi-node WordPress. However, this method is not suitable for me, because my requirement is that when my home data center is normal, all access traffic goes to the main WordPress site in the home data center, and only when the home data center is out of power or network, it automatically goes to the WordPress site in the disaster recovery center (Tencent Cloud Server).

Demand Analysis

Currently I have 2 different tunnle:

顾名思义，”tencentcloud”是连接腾讯云服务器的，有单独的几个域名(不同tunnel里不能有重复的域名)，”wudihome”是连接我的家庭数据中心的，”blog.tangwudi.com“就在这个tunnel里。所以现在腾讯云服务器上本来就运行了一个tunnel，那么我们首先要解决的问题是用什么方式能够在腾讯云服务器上既运行”tencentcloud” tunnel，又运行”wudihome”这个tunnel。

在我另一篇文章(参见：Cloudflare tutorial series for home data centers (Part 9) Introduction to common Zero Trust functions and multi-scenario usage tutorials)里提过：同一个位置只能运行同一个tunnel下的1个connector，但是却可以运行不同tunnel的connector，也就是说腾讯云服务器上本来就可以同时运行2个tunnel的connector，唯一的注意点只是需要采用不同的部署方式，比如：”tencentcloud”我是采用的service的方式部署，那么”wudihome”就要采用不同于service的方式部署，这里我采用了docker的方式。

然后的难点在于，平时正常的时候访问博客的请求只从”wudihome” tunnel连接家庭数据中心的connector进行访问，只有当家庭数据中心出问题的时候才自动切换到连接腾讯云的connector，换句话说，正常的时候”wudihome” tunnel在腾讯云服务器上的connector是关闭的，否则访问请求平时也会从腾讯云服务器访问wordpress站点，这就和我的需求冲突了。

Solution

以docker方式部署”wudihome” tunnel的connector

To fully realize my needs, I first need to deploy the connector in Docker mode on the Tencent Cloud server. The command is similar to the following:

docker run --name cloudflare -d --restart=always \ cloudflare/cloudflared:latest tunnel run --token xxxxxxxxxx #token replaced with your own

Then use the commanddocker stop cloudflareTo disconnect this connector, when you need it in the future, just rundocker start cloudflareYou can enable the connector.

Regularly detect the accessibility of the home data center

Then I need a way to quickly detect whether the home network is normal. At this time, I have to rely on Tailscale: directly use the Tailscale address of the WordPress main site (macmini) as the detection target (assuming it is 100.100.100.100).

Note: Why not ping the wan port's IPv4 public network address directly? Actually, it is possible, but because the telecom's IPv4 public network addresses are dynamic public network IPs, they change every few days. When they change, it is hard to say how long it will take to use the wan port's dynamic domain name detection (the influence of DNS cache). Tailscale's fixed private IP will quickly adjust according to the changes of the public network IP to maintain reachability, so it will definitely recover faster than pinging the wan port's public network IP.

Then, I just need to write a script and run it at a scheduled time (for example, 3 minutes), so I can detect when my home data center is disconnected from the Internet within 3 minutes.

如何让腾讯云的wordpress能使用”wudihome” tunnel里配置的访问方式

这个问题也很重要，在文章(Cloudflare tutorial series for home data centers (Part 9) Introduction to common Zero Trust functions and multi-scenario usage tutorials)中我说过，单tunnel、多connector环境要配置多个站点的”多活”、”相互冗余”、”负载均衡”功能，需要正确配置域名和应用的对应关系，一般是需要connector是直接部署在wordpress站点所在的主机上，因为这样才能统一用http://localhost:80way to access.

不过我现在的情况就是不一般了，因为我的家庭数据中心的拓扑比较特殊，public hostname里，我的”blog.tangwudi.com“指向的是我的waf的50080端口：

Tencent Cloud definitely cannot have this IP, so what can I do? It is actually very easy to do, just use the loopback address. Just add a loopback interface on the Tencent Cloud server, and then configure the IP address to be the same as the IP of my home data center waf (then the Tencent Cloud server will think that 192.168.1.1 is also its own address, and will accept the request packet with the target address as this address, otherwise it will be directly discarded). Just run the following command:

ifconfig lo:1 192.168.1.1/32 up # Assume that 192.168.1.1 is my waf address

When it is not needed, just run the following command:

ifconfig lo:1 down

Here I want to complain about Alibaba Cloud Debian 12. By default, nmcli is used. The /etc/network/interfaces file that I am most used to is gone. I originally wanted to add a loopback interface once and for all, but I couldn’t figure out how to do it after studying it for a long time. You know, what I hate most is spending a lot of time studying how to add interfaces and how to change IP addresses, which are operations that do not require any technical skills. I remember that some previous version of Ubuntu also suddenly cancelled this, which made me very uncomfortable, and then I switched to Debian~~.

Now that we have an IP, what should we do with port 50080? It is also simple. Just create a website blog.tangwudi.com:50080 and then use a reverse proxy to point to it.http://localhost:80That's it. I'm being lazy here and just use the pagoda panel to do it:

Add a reverse proxy:

Automatically enable the connector when a home data center is detected to be offline

Now there is only one step left: how to automatically start the connector and add the loobpack address when the home data center is detected to be disconnected from the Internet. This is achieved by shell scripts:


#!/bin/bash

# 定义目标 IP 地址
TARGET_IP="100.100.100.100"
# 定义 Cloudflare 进程名称
CLOUDFLARE_PROCESS_NAME="cloudflare"
# 定义日志文件路径
LOG_FILE="/root/log/runcloudflare.log"

# 进行 ping 测试
if ping -c 1  $TARGET_IP &> /dev/null; then # 如果 ping 通 # 统计包含 cloudflare 关键字的进程数量 PROCESS_COUNT=$ (pgrep -f  $CLOUDFLARE_PROCESS_NAME | wc -l) if [$ PROCESS_COUNT -eq 1 ]; then
        # 如果进程数量等于 1，停止 cloudflare 容器并关闭网络接口
        docker stop  $CLOUDFLARE_PROCESS_NAME ifconfig lo:1 down echo "$ (date) - Stopped cloudflare container" >>  $LOG_FILE fi else # 如果 ping 不通 # 统计包含 cloudflare 关键字的进程数量 PROCESS_COUNT=$ (pgrep -f  $CLOUDFLARE_PROCESS_NAME | wc -l) if [$ PROCESS_COUNT -lt 1 ]; then
        # 如果进程数量小于 1，启动 cloudflare 容器并启用网络接口
        docker start  $CLOUDFLARE_PROCESS_NAME ifconfig lo:1 192.168.1.1/32 up echo "$ (date) - Started cloudflare container" >> $LOG_FILE
    fi
fi

逻辑很简单：如果能ping通而进程中又有cloudflared，说明是之前家庭数据中心down而现在又通了，所以禁用”wudihome” tunnel的connector并禁用loopback接口；如果ping不通，则说明家庭数据中心现在down了，那么启用connector并启用loopback接口。

In order to clarify the format and ideas of this script, I also spent a day studying the basics of bash shell.

Finally, just set this script to run every 3 minutes. Whether to use cron or other methods depends on your habits. Because I have the pagoda panel, I am lazy again:

Advanced Requirements (New)

因为我做实验的时候是在阿里云新撸的服务器上做的，上面本来没有跑tunnel，所以上一节的脚本是可以直接用的，但是，后来我用到腾讯云服务器上就不合适了，因为腾讯云上本来就已经运行了一条tencentcloud的tunnel了，所以需要进一步判断进程中名为”cloudflared”的进程的数量，如果等于2(或者大于1)，则说明进程中2个tunnel都是启用的(说明主站点已经down过导致了切换)，其他的情况(等于1)就是正常的，所以脚本修改如下：


#!/bin/bash

# 定义目标 IP 地址
TARGET_IP="100.100.100.100"
# 定义 Cloudflare 进程名称
CLOUDFLARE_PROCESS_NAME="cloudflare"
# 定义日志文件路径
LOG_FILE="/root/log/runcloudflare.log"

# 进行 ping 测试
if ping -c 10  $TARGET_IP &> /dev/null; then # 如果 ping 通 # 统计包含 cloudflare 关键字的进程数量 PROCESS_COUNT=$ (pgrep -f  $CLOUDFLARE_PROCESS_NAME | wc -l) if [$ PROCESS_COUNT -gt 1 ]; then
        # 如果进程数量大于 1，停止 cloudflare 容器并关闭网络接口
        docker stop  $CLOUDFLARE_PROCESS_NAME ifconfig lo:1 down echo "$ (date) - Stopped cloudflare container" >>  $LOG_FILE fi else # 如果 ping 不通 # 统计包含 cloudflare 关键字的进程数量 PROCESS_COUNT=$ (pgrep -f  $CLOUDFLARE_PROCESS_NAME | wc -l) if [$ PROCESS_COUNT -eq 1 ]; then
        # 如果进程数量等于 1，启动 cloudflare 容器并启用网络接口
        docker start  $CLOUDFLARE_PROCESS_NAME ifconfig lo:1 192.168.1.1/32 up echo "$ (date) - Started cloudflare container" >> $LOG_FILE
    fi
fi

In fact, if more tunnels are running on the same host, you can also modify the above script directly as an example. You just need to consider how many are normal and how many are abnormal. However, there is a premise that the tunnel process runs normally. If some are disconnected, the above judgment logic will have problems.

Afterword

Because this is relatively simple, I will not provide the verification process. Anyway, just temporarily disconnect tailscale on the macmini, and then observe whether the scheduled script on Tencent Cloud can start the cloudflare container and correctly enable the lo:1 interface and set the IP; then restore tailscale on the macmini, and observe whether the scheduled script on Tencent Cloud can disable the cloudflare container and disable lo:1.

另：这篇文章中的方案和”使用cloueflare tunnel为动态博客搭建流量负载均衡的多活冗余站点”的想法其实是2种不同的方案(参见文章：Cloudflare tutorial series for home data centers (Part 9) Introduction to common Zero Trust functions and multi-scenario usage tutorials中的多场景描述)，分别对应于”本地数据中心+同城灾备数据中心”以及”本地+同城双活数据中心”，这2个方案的基础都是Home Data Center Series WordPress Multi-node "semi-automatic" and "nearly" real-time synchronization solution.

I have always wanted to write this series, but I didn’t have enough knowledge before. Now I have finally completed it, and it can be regarded as a wish come true. However, I guess not many people will be interested in these three articles.