===== Installing and Configuring Cloudflared on an LXC =====

==== 1. Download and Install Cloudflared ====
  * Download the `.deb` package:
<code>
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
</code>

  * Install the package using `dpkg`:
<code>
sudo dpkg -i cloudflared-linux-amd64.deb
</code>

  * Verify the installation:
<code>
cloudflared --version
</code>

==== 2. Authenticate Cloudflared with Cloudflare ====
  * Run the following command to log in and create a tunnel:
<code>
cloudflared tunnel login
</code>
  * The authentication process will prompt you to open a URL in your browser to log in with your Cloudflare account.

==== 3. Create a New Tunnel ====
  * Create the tunnel and give it a name:
<code>
cloudflared tunnel create my-tunnel
</code>

  * Note the tunnel ID and the location of the `cert.pem` file, which will be used for routing traffic.

==== 4. Configure the Tunnel to Route Traffic ====
  * Create a configuration file:
<code>
sudo nano /etc/cloudflared/config.yml
</code>
  * Example configuration:
<code>
tunnel: 72a29ddd==== TUNNEL ====cc4d8e3fc2ba
credentials-file: /home/facundo/.cloudflared/72a29ddd-7ef4-46e3-97ef-cc4d8e3fc2ba.json

ingress:
    - hostname: *.facundoitest.space
      service: http://192.168.88.250:443
    - service: http_status:404
</code>

==== 5. Run the Tunnel ====
  * Start the tunnel:
<code>
sudo cloudflared tunnel run my-tunnel
</code>
  * Ensure the tunnel is active and routing traffic correctly.

==== 6. Configure NGINX on Raspberry Pi ====
  * Update the NGINX configuration on your Raspberry Pi to handle requests coming from the tunnel.

==== 7. Set Up Cloudflared as a Systemd Service ====
  * Create a systemd service file:
<code>
sudo nano /etc/systemd/system/cloudflared.service
</code>
  * Add the following configuration:
<code>
[Unit]
Description=Cloudflare Tunnel
After=network.target

[Service]
Type=simple
User=facundo
ExecStart=/usr/local/bin/cloudflared tunnel run my-tunnel
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target
</code>

  * Enable and start the service:
<code>
sudo systemctl daemon-reload
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
</code>
  * Check the status of the service:
<code>
sudo systemctl status cloudflared
</code>

==== 8. Verify Tunnel Operation ====
  * Ensure that the tunnel is running and NGINX is properly handling requests by checking the logs and testing the subdomains.

===== Conclusion =====
Following these steps will ensure that your `cloudflared` tunnel is correctly set up on your LXC and that it integrates smoothly with your existing reverse proxy setup on your Raspberry Pi.