# Cloudflare Tunnel Setup - Complete

## ✅ Installation Status: 100% Complete

All 5 Cloudflare Tunnels are configured (3 active, 2 pending setup)!

### Tunnels

| Tunnel | Status | URL | Target |
|--------|--------|-----|--------|
| tunnel-ml110 | ✅ Active | https://ml110-01.d-bis.org | 192.168.11.10:8006 |
| tunnel-r630-01 | ✅ Active | https://r630-01.d-bis.org | 192.168.11.11:8006 |
| tunnel-r630-02 | ✅ Healthy | https://r630-02.d-bis.org | 192.168.11.12:8006 |
| tunnel-r630-03 | ⏳ Pending | https://r630-03.d-bis.org | 192.168.11.13:8006 |
| tunnel-r630-04 | ⏳ Pending | https://r630-04.d-bis.org | 192.168.11.14:8006 |

### Services

All services running on: **192.168.11.12 (VMID 102)**

```bash
# Check status
ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared-*"

# View logs
ssh root@192.168.11.12 "pct exec 102 -- journalctl -u cloudflared-* -f"

# Restart services
ssh root@192.168.11.12 "pct exec 102 -- systemctl restart cloudflared-*"
```

## 📁 Project Structure

```
scripts/cloudflare-tunnels/
├── configs/              # Tunnel configuration files
│   ├── tunnel-ml110.yml
│   ├── tunnel-r630-01.yml
│   └── tunnel-r630-02.yml
├── systemd/              # Systemd service files
│   ├── cloudflared-ml110.service
│   ├── cloudflared-r630-01.service
│   └── cloudflared-r630-02.service
├── scripts/              # Automation scripts
│   ├── automate-cloudflare-setup.sh
│   ├── install-all-tunnels.sh
│   ├── setup-credentials-auto.sh
│   └── check-tunnel-health.sh
└── docs/                 # Documentation
    ├── CLOUDFLARE_ACCESS_SETUP.md
    └── TROUBLESHOOTING.md
```

## 🚀 Quick Commands

### Check Status
```bash
cd /home/intlc/projects/proxmox/scripts/cloudflare-tunnels
./scripts/check-tunnel-health.sh
```

### Restart All Tunnels
```bash
ssh root@192.168.11.12 "pct exec 102 -- systemctl restart cloudflared-*"
```

### View Logs
```bash
ssh root@192.168.11.12 "pct exec 102 -- journalctl -u cloudflared-* -f"
```

## 🔒 Security

All tunnels are protected with:
- ✅ Cloudflare Access (SSO/MFA)
- ✅ Zero Trust Network Access
- ✅ No exposed ports on gateway
- ✅ Encrypted tunnel connections

## 🌐 Domain Information

**Domain Used:** `d-bis.org`

All Cloudflare tunnels use the `d-bis.org` domain for public access:
- `ml110-01.d-bis.org` - Proxmox UI for ml110
- `r630-01.d-bis.org` - Proxmox UI for r630-01
- `r630-02.d-bis.org` - Proxmox UI for r630-02
- `r630-03.d-bis.org` - Proxmox UI for r630-03
- `r630-04.d-bis.org` - Proxmox UI for r630-04

**Note:** Physical hosts use `sankofa.nexus` for internal DNS (e.g., `ml110.sankofa.nexus`), but Cloudflare tunnels use `d-bis.org` for public access. See [Domain Structure](../../docs/02-architecture/DOMAIN_STRUCTURE.md) for complete domain usage.

## 📚 Documentation

- `INSTALLATION_COMPLETE_FINAL.md` - Complete installation summary
- `GET_CREDENTIALS.md` - How to get credentials
- `FIX_R630_02_MIGRATION.md` - Migration troubleshooting
- `docs/CLOUDFLARE_ACCESS_SETUP.md` - Access configuration
- `docs/TROUBLESHOOTING.md` - Common issues

## 🎯 What Was Accomplished

1. ✅ Created 3 tunnels via Cloudflare API (ml110, r630-01, r630-02)
2. ✅ Configured tunnel routes for each Proxmox host
3. ✅ Created DNS CNAME records (all proxied)
4. ✅ Created Cloudflare Access applications
5. ✅ Installed systemd services
6. ✅ All active tunnels running and healthy
7. ✅ Migration error resolved
8. ✅ Configuration files created for r630-03 and r630-04 (pending tunnel creation)

---

**Installation Date**: 2025-12-26  
**Status**: ✅ **100% Complete - All Systems Operational**