cloudflared: improve init script for tunnel management

Resolved conflict between remotely-managed tunnel and locally-managed
tunnel configurations.

- Bumped PKG_RELEASE to 2
- Commented out 'config' and 'origincert' options in default
  configuration file
- Preserved options as comments for user reference

Signed-off-by: Akihiro Nagai <bashing.tremors_0f@icloud.com>

net/cloudflared/Makefile

@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=cloudflared
 PKG_VERSION:=2025.10.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)?
@@ -31,7 +31,7 @@ define Package/cloudflared
   CATEGORY:=Network
   SUBMENU:=Web Servers/Proxies
   TITLE:=Cloudflare Tunnel client
-  URL:=https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide
+  URL:=https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/get-started/
   DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle
 endef
 

net/cloudflared/files/cloudflared.config

@@ -2,8 +2,8 @@
 config cloudflared 'config'
 	option enabled '0'
 	option token ''
-	option config '/etc/cloudflared/config.yml'
-	option origincert '/etc/cloudflared/cert.pem'
+#	option config '/etc/cloudflared/config.yml'
+#	option origincert '/etc/cloudflared/cert.pem'
 	option edge_bind_address ''
 	option edge_ip_version ''
 	option grace_period ''

net/cloudflared/files/cloudflared.init

@@ -9,6 +9,7 @@ PROG="/usr/bin/cloudflared"
 
 append_param_arg() {
 	local value
+
 	config_get value "config" "$1" $2
 	[ -n "$value" ] && procd_append_param command "--${1//_/-}" "$value"
 }
@@ -17,15 +18,26 @@ start_service() {
 	config_load "$CONF"
 
 	local enabled
+	local token
+
 	config_get_bool enabled "config" "enabled"
 	[ "$enabled" -eq "1" ] || return 1
 
 	procd_open_instance "$CONF"
 	procd_set_param command "$PROG" "tunnel"
 	procd_append_param command "--no-autoupdate"
+	procd_append_param command "run"
+
+	config_get token "config" "token"
+	if [ -n "$token" ]; then
+		# Remotely-managed tunnel (recommended by Cloudflare)
+		procd_append_param command "--token" "$token"
+	else
+		# Locally-managed tunnels
+		append_param_arg "config" "/etc/cloudflared/config.yml"
+		append_param_arg "origincert" "/etc/cloudflared/cert.pem"
+	fi
 
-	append_param_arg "config" "/etc/cloudflared/config.yml"
-	append_param_arg "origincert" "/etc/cloudflared/cert.pem"
 	append_param_arg "edge_bind_address"
 	append_param_arg "edge_ip_version"
 	append_param_arg "grace_period"
@@ -37,9 +49,6 @@ start_service() {
 	append_param_arg "loglevel"
 	append_param_arg "logfile"
 
-	procd_append_param command "run"
-	append_param_arg "token"
-
 	procd_set_param respawn
 	procd_set_param stderr 1
 

net/cloudflared/files/sample_config.yml

@@ -1,3 +1,11 @@
+# https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/do-more-with-tunnels/local-management/configuration-file/
+
+# NOTICE
+# Cloudflare recommends setting up a remotely-managed tunnel.
+# Remotely-managed configurations are stored on Cloudflare,
+# which allows you to manage the tunnel from any machine
+# using the dashboard, API, or Terraform.
+
 #tunnel: <Tunnel-UUID>
 #credentials-file: /etc/cloudflared/<Tunnel-UUID>.json
 #