Refactor code for improved readability and performance
This commit is contained in:
defiQUG
124
CLOUDFLARE_API_SETUP.md
Normal file
124
CLOUDFLARE_API_SETUP.md
Normal file
@@ -0,0 +1,124 @@
|
||||
# Cloudflare API Setup - Quick Start
|
||||
|
||||
## Automated Configuration via API
|
||||
|
||||
This will configure both tunnel routes and DNS records automatically using the Cloudflare API.
|
||||
|
||||
---
|
||||
|
||||
## Step 1: Get Cloudflare API Credentials
|
||||
|
||||
### Option A: API Token (Recommended)
|
||||
|
||||
1. Go to: https://dash.cloudflare.com/profile/api-tokens
|
||||
2. Click **Create Token**
|
||||
3. Use **Edit zone DNS** template OR create custom token with:
|
||||
- **Zone** → **DNS** → **Edit**
|
||||
- **Account** → **Cloudflare Tunnel** → **Edit**
|
||||
4. Copy the token
|
||||
|
||||
### Option B: Global API Key (Legacy)
|
||||
|
||||
1. Go to: https://dash.cloudflare.com/profile/api-tokens
|
||||
2. Scroll to **API Keys** section
|
||||
3. Click **View** next to "Global API Key"
|
||||
4. Copy your Email and Global API Key
|
||||
|
||||
---
|
||||
|
||||
## Step 2: Set Up Credentials
|
||||
|
||||
**Interactive Setup:**
|
||||
```bash
|
||||
cd /home/intlc/projects/proxmox
|
||||
./scripts/setup-cloudflare-env.sh
|
||||
```
|
||||
|
||||
**Or manually create `.env` file:**
|
||||
```bash
|
||||
cat > .env <<EOF
|
||||
CLOUDFLARE_API_TOKEN="your-api-token-here"
|
||||
DOMAIN="d-bis.org"
|
||||
TUNNEL_TOKEN="eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9"
|
||||
EOF
|
||||
|
||||
chmod 600 .env
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Step 3: Run Configuration Script
|
||||
|
||||
```bash
|
||||
cd /home/intlc/projects/proxmox
|
||||
./scripts/configure-cloudflare-api.sh
|
||||
```
|
||||
|
||||
**What it does:**
|
||||
1. ✅ Gets zone ID for `d-bis.org`
|
||||
2. ✅ Gets account ID
|
||||
3. ✅ Extracts tunnel ID from token
|
||||
4. ✅ Configures 4 tunnel routes (rpc-http-pub, rpc-ws-pub, rpc-http-prv, rpc-ws-prv)
|
||||
5. ✅ Creates/updates 4 DNS CNAME records
|
||||
6. ✅ Enables proxy on all DNS records
|
||||
|
||||
---
|
||||
|
||||
## What Gets Configured
|
||||
|
||||
### Tunnel Routes:
|
||||
- `rpc-http-pub.d-bis.org` → `https://192.168.11.251:443`
|
||||
- `rpc-ws-pub.d-bis.org` → `https://192.168.11.251:443`
|
||||
- `rpc-http-prv.d-bis.org` → `https://192.168.11.252:443`
|
||||
- `rpc-ws-prv.d-bis.org` → `https://192.168.11.252:443`
|
||||
|
||||
### DNS Records:
|
||||
- All 4 endpoints → CNAME → `<tunnel-id>.cfargotunnel.com` (🟠 Proxied)
|
||||
|
||||
---
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### "Could not determine account ID"
|
||||
Add to `.env`:
|
||||
```
|
||||
CLOUDFLARE_ACCOUNT_ID="your-account-id"
|
||||
```
|
||||
|
||||
Get account ID from: Cloudflare Dashboard → Right sidebar → Account ID
|
||||
|
||||
### "API request failed"
|
||||
- Verify API token has correct permissions
|
||||
- Check token is not expired
|
||||
- Verify domain is in your Cloudflare account
|
||||
|
||||
### "Zone not found"
|
||||
- Verify domain `d-bis.org` is in your Cloudflare account
|
||||
- Or set `CLOUDFLARE_ZONE_ID` in `.env`
|
||||
|
||||
---
|
||||
|
||||
## Verify Configuration
|
||||
|
||||
After running the script:
|
||||
|
||||
1. **Check Tunnel Routes:**
|
||||
- Zero Trust → Networks → Tunnels → Your Tunnel → Configure
|
||||
- Should see 4 public hostnames
|
||||
|
||||
2. **Check DNS Records:**
|
||||
- DNS → Records
|
||||
- Should see 4 CNAME records (🟠 Proxied)
|
||||
|
||||
3. **Test Endpoints:**
|
||||
```bash
|
||||
curl https://rpc-http-pub.d-bis.org/health
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Files Created
|
||||
|
||||
- `.env` - Your API credentials (keep secure!)
|
||||
- Scripts are in: `scripts/configure-cloudflare-api.sh`
|
||||
|
||||
Reference in New Issue
Block a user