#!/bin/bash # Fix tunnels without SSH access - generates instructions and configs set -e echo "═══════════════════════════════════════════════════════════" echo " Fix Tunnels Without SSH Access" echo "═══════════════════════════════════════════════════════════" echo "" echo "This script generates instructions and configuration files" echo "that can be deployed without SSH access to Proxmox." echo "" OUTPUT_DIR="/tmp/tunnel-fix-manual-$(date +%s)" mkdir -p "$OUTPUT_DIR" echo "📁 Creating files in: $OUTPUT_DIR" echo "" # Create comprehensive fix guide cat > "$OUTPUT_DIR/COMPLETE_FIX_GUIDE.md" << 'EOF' # Complete Tunnel Fix Guide (No SSH Required) ## Situation All 6 Cloudflare tunnels are DOWN. You cannot access the Proxmox network via SSH. ## Solution: Cloudflare Dashboard Configuration The easiest way to fix this is via the Cloudflare Dashboard - no SSH needed! ### Step 1: Access Cloudflare Dashboard 1. Go to: https://one.dash.cloudflare.com/ 2. Sign in to your account 3. Navigate to: **Zero Trust** → **Networks** → **Tunnels** ### Step 2: Fix Each Tunnel For each tunnel, click **Configure** and set up the routing: #### Tunnel 1: explorer.d-bis.org - **Tunnel ID**: `b02fe1fe-cb7d-484e-909b-7cc41298ebe8` - **Public Hostname**: `explorer.d-bis.org` - **Service**: HTTP - **URL**: `http://192.168.11.21:80` (or appropriate internal IP) #### Tunnel 2: mim4u-tunnel - **Tunnel ID**: `f8d06879-04f8-44ef-aeda-ce84564a1792` - **Public Hostname**: `mim4u.org.d-bis.org` (or `mim4u.org`) - **Service**: HTTP - **URL**: `http://192.168.11.21:80` #### Tunnel 3: rpc-http-pub.d-bis.org (SHARED - 9 hostnames) - **Tunnel ID**: `10ab22da-8ea3-4e2e-a896-27ece2211a05` - **Add ALL these hostnames**: - `dbis-admin.d-bis.org` → `http://192.168.11.21:80` - `dbis-api.d-bis.org` → `http://192.168.11.21:80` - `dbis-api-2.d-bis.org` → `http://192.168.11.21:80` - `mim4u.org.d-bis.org` → `http://192.168.11.21:80` - `www.mim4u.org.d-bis.org` → `http://192.168.11.21:80` - `rpc-http-prv.d-bis.org` → `http://192.168.11.21:80` - `rpc-http-pub.d-bis.org` → `http://192.168.11.21:80` - `rpc-ws-prv.d-bis.org` → `http://192.168.11.21:80` - `rpc-ws-pub.d-bis.org` → `http://192.168.11.21:80` - **Catch-all**: HTTP 404 (must be last) #### Tunnel 4: tunnel-ml110 - **Tunnel ID**: `ccd7150a-9881-4b8c-a105-9b4ead6e69a2` - **Public Hostname**: `ml110-01.d-bis.org` - **Service**: HTTPS - **URL**: `https://192.168.11.10:8006` - **Options**: Allow self-signed certificate #### Tunnel 5: tunnel-r630-01 - **Tunnel ID**: `4481af8f-b24c-4cd3-bdd5-f562f4c97df4` - **Public Hostname**: `r630-01.d-bis.org` - **Service**: HTTPS - **URL**: `https://192.168.11.11:8006` - **Options**: Allow self-signed certificate #### Tunnel 6: tunnel-r630-02 - **Tunnel ID**: `0876f12b-64d7-4927-9ab3-94cb6cf48af9` - **Public Hostname**: `r630-02.d-bis.org` - **Service**: HTTPS - **URL**: `https://192.168.11.12:8006` - **Options**: Allow self-signed certificate ### Step 3: Verify Tunnel Status After configuring each tunnel: 1. Wait 1-2 minutes 2. Check tunnel status in dashboard 3. Should change from **DOWN** to **HEALTHY** ### Step 4: Test Services ```bash # Test Proxmox tunnels curl -I https://ml110-01.d-bis.org curl -I https://r630-01.d-bis.org curl -I https://r630-02.d-bis.org # Test shared tunnel services curl -I https://dbis-admin.d-bis.org curl -I https://rpc-http-pub.d-bis.org curl -I https://explorer.d-bis.org ``` ## Alternative: If Dashboard Doesn't Work If the tunnel connector (cloudflared) in VMID 102 is not running, you need physical/network access to: 1. **Start the container** (if stopped): ```bash ssh root@192.168.11.12 "pct start 102" ``` 2. **Start cloudflared services**: ```bash ssh root@192.168.11.12 "pct exec 102 -- systemctl start cloudflared-*" ``` 3. **Check status**: ```bash ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared-*" ``` ## Why Tunnels Are Down Most likely causes: 1. Container VMID 102 is stopped 2. cloudflared services not running 3. Network connectivity issues from container 4. Invalid or missing credentials ## Next Steps 1. Try Cloudflare Dashboard method first (easiest) 2. If that doesn't work, need physical/network access to Proxmox 3. Check container and service status 4. Restart services as needed EOF # Create tunnel configuration reference cat > "$OUTPUT_DIR/tunnel-configs-reference.yml" << 'EOF' # Tunnel Configuration Reference # These are the configurations that should be in VMID 102 # Use Cloudflare Dashboard to configure, or deploy these manually if you have access # ============================================ # Tunnel 1: explorer.d-bis.org # ============================================ # tunnel: b02fe1fe-cb7d-484e-909b-7cc41298ebe8 # credentials-file: /etc/cloudflared/credentials-explorer.json # # ingress: # - hostname: explorer.d-bis.org # service: http://192.168.11.21:80 # - service: http_status:404 # ============================================ # Tunnel 2: mim4u-tunnel # ============================================ # tunnel: f8d06879-04f8-44ef-aeda-ce84564a1792 # credentials-file: /etc/cloudflared/credentials-mim4u.json # # ingress: # - hostname: mim4u.org.d-bis.org # service: http://192.168.11.21:80 # - service: http_status:404 # ============================================ # Tunnel 3: rpc-http-pub.d-bis.org (SHARED) # ============================================ # tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05 # credentials-file: /etc/cloudflared/credentials-services.json # # ingress: # - hostname: dbis-admin.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: dbis-admin.d-bis.org # - hostname: dbis-api.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: dbis-api.d-bis.org # - hostname: dbis-api-2.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: dbis-api-2.d-bis.org # - hostname: mim4u.org.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: mim4u.org.d-bis.org # - hostname: www.mim4u.org.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: www.mim4u.org.d-bis.org # - hostname: rpc-http-prv.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: rpc-http-prv.d-bis.org # - hostname: rpc-http-pub.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: rpc-http-pub.d-bis.org # - hostname: rpc-ws-prv.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: rpc-ws-prv.d-bis.org # - hostname: rpc-ws-pub.d-bis.org # service: http://192.168.11.21:80 # originRequest: # httpHostHeader: rpc-ws-pub.d-bis.org # - service: http_status:404 # ============================================ # Tunnel 4: tunnel-ml110 # ============================================ # tunnel: ccd7150a-9881-4b8c-a105-9b4ead6e69a2 # credentials-file: /etc/cloudflared/credentials-ml110.json # # ingress: # - hostname: ml110-01.d-bis.org # service: https://192.168.11.10:8006 # originRequest: # noTLSVerify: true # - service: http_status:404 # ============================================ # Tunnel 5: tunnel-r630-01 # ============================================ # tunnel: 4481af8f-b24c-4cd3-bdd5-f562f4c97df4 # credentials-file: /etc/cloudflared/credentials-r630-01.json # # ingress: # - hostname: r630-01.d-bis.org # service: https://192.168.11.11:8006 # originRequest: # noTLSVerify: true # - service: http_status:404 # ============================================ # Tunnel 6: tunnel-r630-02 # ============================================ # tunnel: 0876f12b-64d7-4927-9ab3-94cb6cf48af9 # credentials-file: /etc/cloudflared/credentials-r630-02.json # # ingress: # - hostname: r630-02.d-bis.org # service: https://192.168.11.12:8006 # originRequest: # noTLSVerify: true # - service: http_status:404 EOF # Create quick reference card cat > "$OUTPUT_DIR/QUICK_REFERENCE.md" << 'EOF' # Quick Reference - Fix Tunnels ## Fastest Method: Cloudflare Dashboard 1. Go to: https://one.dash.cloudflare.com/ 2. Zero Trust → Networks → Tunnels 3. For each tunnel, click **Configure** 4. Add hostname → Service → URL 5. Save and wait 1-2 minutes ## Tunnel IDs Quick Reference | Tunnel Name | ID | Target | |-------------|----|----| | explorer | b02fe1fe-cb7d-484e-909b-7cc41298ebe8 | http://192.168.11.21:80 | | mim4u-tunnel | f8d06879-04f8-44ef-aeda-ce84564a1792 | http://192.168.11.21:80 | | rpc-http-pub | 10ab22da-8ea3-4e2e-a896-27ece2211a05 | http://192.168.11.21:80 (9 hostnames) | | tunnel-ml110 | ccd7150a-9881-4b8c-a105-9b4ead6e69a2 | https://192.168.11.10:8006 | | tunnel-r630-01 | 4481af8f-b24c-4cd3-bdd5-f562f4c97df4 | https://192.168.11.11:8006 | | tunnel-r630-02 | 0876f12b-64d7-4927-9ab3-94cb6cf48af9 | https://192.168.11.12:8006 | ## If Dashboard Doesn't Work Need physical/network access to Proxmox host (192.168.11.12): ```bash # Start container ssh root@192.168.11.12 "pct start 102" # Start services ssh root@192.168.11.12 "pct exec 102 -- systemctl start cloudflared-*" # Check status ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared-*" ``` EOF echo "✅ Files created:" echo "" echo " 📄 COMPLETE_FIX_GUIDE.md - Step-by-step instructions" echo " 📄 tunnel-configs-reference.yml - Configuration reference" echo " 📄 QUICK_REFERENCE.md - Quick lookup" echo "" echo "═══════════════════════════════════════════════════════════" echo " Next Steps" echo "═══════════════════════════════════════════════════════════" echo "" echo "1. Review: $OUTPUT_DIR/COMPLETE_FIX_GUIDE.md" echo "" echo "2. Easiest Fix: Use Cloudflare Dashboard" echo " - Go to: https://one.dash.cloudflare.com/" echo " - Zero Trust → Networks → Tunnels" echo " - Configure each tunnel as shown in guide" echo "" echo "3. If Dashboard doesn't work:" echo " - Need physical/network access to Proxmox" echo " - Start container and services manually" echo " - See guide for commands" echo "" echo "📁 All files saved to: $OUTPUT_DIR" echo ""