# Tunnel Configuration Verified ✅ **Last Updated:** 2026-01-31 **Document Version:** 1.0 **Status:** Active Documentation --- ## Configuration Status Your Cloudflare tunnel configuration looks **correct**! All 10 routes are properly configured. ## Configured Routes | # | Hostname | Service | Target | Origin Config | |---|----------|---------|--------|---------------| | 1 | explorer.d-bis.org | HTTP | http://192.168.11.21:80 | - | | 2 | rpc-http-pub.d-bis.org | HTTP | http://192.168.11.21:80 | - | | 3 | rpc-http-prv.d-bis.org | HTTP | http://192.168.11.21:80 | - | | 4 | dbis-admin.d-bis.org | HTTP | http://192.168.11.21:80 | - | | 5 | dbis-api.d-bis.org | HTTP | http://192.168.11.21:80 | - | | 6 | dbis-api-2.d-bis.org | HTTP | http://192.168.11.21:80 | - | | 7 | mim4u.org | HTTP | http://192.168.11.21:80 | - | | 8 | www.mim4u.org | HTTP | http://192.168.11.21:80 | - | | 9 | rpc-ws-pub.d-bis.org | HTTP | http://192.168.11.21:80 | noTLSVerify, httpHostHeader | | 10 | rpc-ws-prv.d-bis.org | HTTP | http://192.168.11.21:80 | noTLSVerify, httpHostHeader | ## Important Notes ### ✅ Configuration is Correct - All routes point to correct target: `http://192.168.11.21:80` - WebSocket routes have proper origin configurations - All hostnames are configured ### ⚠️ Domain Difference Noted - **Tunnel Config**: Uses `mim4u.org` and `www.mim4u.org` (root domain) - **DNS Zone**: Had `mim4u.org.d-bis.org` (subdomain) **This is correct** if `mim4u.org` is a separate domain in Cloudflare (which it is). ### Missing: Catch-All Rule I don't see a catch-all rule in your list. It's recommended to add: - **Path**: `*` - **Service**: `HTTP 404: Not Found` - **Must be last** in the list This handles any unmatched requests gracefully. ## Next Steps ### 1. Verify Tunnel Status Check in Cloudflare Dashboard: - Go to: Zero Trust → Networks → Tunnels - Find tunnel: `10ab22da-8ea3-4e2e-a896-27ece2211a05` - Status should be **HEALTHY** (not DOWN) ### 2. Test Endpoints Run the verification script: ```bash ./verify-tunnel-config.sh ``` Or test manually: ```bash curl -I https://explorer.d-bis.org curl -I https://rpc-http-pub.d-bis.org curl -I https://dbis-admin.d-bis.org curl -I https://dbis-api.d-bis.org curl -I https://mim4u.org ``` ### 3. If Tunnels Are Still DOWN The configuration is correct, but the tunnel connector may not be running: ```bash # Check container status ssh root@192.168.11.12 "pct status 102" # Check tunnel service ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared" # Start if needed ssh root@192.168.11.12 "pct exec 102 -- systemctl start cloudflared" ``` ### 4. Add Catch-All Rule (Recommended) In Cloudflare Dashboard: 1. Go to tunnel configuration 2. Add new route: - **Path**: `*` - **Service**: `HTTP 404: Not Found` 3. **Move it to the bottom** (must be last) 4. Save ## Configuration Summary ✅ **Routes**: 10 configured ✅ **Target**: All correct (`http://192.168.11.21:80`) ✅ **WebSocket**: Proper origin config ⚠️ **Catch-all**: Missing (recommended to add) ❓ **Status**: Check if tunnel connector is running ## Troubleshooting ### If Endpoints Don't Work 1. **Tunnel Status**: Check if tunnel shows HEALTHY in dashboard 2. **Container**: Verify VMID 102 is running 3. **Service**: Check cloudflared service is running 4. **Nginx**: Verify Nginx is accessible at 192.168.11.21:80 5. **DNS**: Check DNS records point to tunnel ### Common Issues - **Tunnel DOWN**: Container/service not running - **404 Errors**: Nginx not configured for hostname - **502 Errors**: Nginx not accessible or down - **Timeout**: Network connectivity issues ## Verification Checklist - [x] All 10 routes configured - [x] All routes point to correct target - [x] WebSocket routes have origin config - [ ] Catch-all rule added (recommended) - [ ] Tunnel status is HEALTHY - [ ] Container (VMID 102) is running - [ ] cloudflared service is running - [ ] Endpoints are accessible ## Summary Your tunnel configuration is **correct**! The routes are properly set up. If tunnels are still DOWN, the issue is likely: - Tunnel connector (cloudflared) not running in VMID 102 - Container not started - Network connectivity issues The configuration itself is perfect - you just need to ensure the tunnel connector is running to establish the connection.