# Install Tunnel with Token

**Last Updated:** 2026-01-31  
**Document Version:** 1.0  
**Status:** Active Documentation

---

## Token Provided

You have a Cloudflare tunnel token for the shared tunnel:
- **Tunnel ID**: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
- **Token**: `eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9`

## Installation Methods

### Method 1: Automated Script (If SSH Access Available)

```bash
# If you have SSH access to Proxmox network:
./install-shared-tunnel-token.sh

# Or via SSH tunnel:
./setup_ssh_tunnel.sh
PROXMOX_HOST=localhost ./install-shared-tunnel-token.sh
```

### Method 2: Manual Installation (Direct Container Access)

If you can access the container directly:

```bash
# 1. Access container
ssh root@192.168.11.12
pct exec 102 -- bash

# 2. Install cloudflared (if needed)
apt update
apt install -y cloudflared

# 3. Install tunnel service with token
cloudflared service install eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9

# 4. Create configuration file
cat > /etc/cloudflared/config.yml << 'EOF'
tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05
credentials-file: /root/.cloudflared/10ab22da-8ea3-4e2e-a896-27ece2211a05.json

ingress:
  - hostname: dbis-admin.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-admin.d-bis.org
  - hostname: dbis-api.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-api.d-bis.org
  - hostname: dbis-api-2.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-api-2.d-bis.org
  - hostname: mim4u.org.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: mim4u.org.d-bis.org
  - hostname: www.mim4u.org.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: www.mim4u.org.d-bis.org
  - hostname: rpc-http-prv.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-http-prv.d-bis.org
  - hostname: rpc-http-pub.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-http-pub.d-bis.org
  - hostname: rpc-ws-prv.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-ws-prv.d-bis.org
  - hostname: rpc-ws-pub.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-ws-pub.d-bis.org
  - service: http_status:404

metrics: 127.0.0.1:9090
loglevel: info
gracePeriod: 30s
EOF

chmod 600 /etc/cloudflared/config.yml

# 5. Restart service
systemctl daemon-reload
systemctl restart cloudflared
systemctl status cloudflared
```

### Method 3: Cloudflare Dashboard Configuration

After installing with token, configure ingress rules via dashboard:

1. Go to: https://one.dash.cloudflare.com/
2. Zero Trust → Networks → Tunnels
3. Find tunnel: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
4. Click **Configure**
5. Add all 9 hostnames (see list below)
6. Save

## Hostnames to Configure

All these hostnames should route to `http://192.168.11.21:80`:

1. `dbis-admin.d-bis.org`
2. `dbis-api.d-bis.org`
3. `dbis-api-2.d-bis.org`
4. `mim4u.org.d-bis.org`
5. `www.mim4u.org.d-bis.org`
6. `rpc-http-prv.d-bis.org`
7. `rpc-http-pub.d-bis.org`
8. `rpc-ws-prv.d-bis.org`
9. `rpc-ws-pub.d-bis.org`

**Important**: Add catch-all rule (HTTP 404) as the LAST entry.

## Verification

After installation:

```bash
# Check service status
systemctl status cloudflared

# Check logs
journalctl -u cloudflared -f

# Test endpoints (wait 1-2 minutes first)
curl -I https://dbis-admin.d-bis.org
curl -I https://rpc-http-pub.d-bis.org
curl -I https://dbis-api.d-bis.org
```

## What the Token Does

The token:
- Authenticates the tunnel connector to Cloudflare
- Associates the connector with tunnel ID `10ab22da-8ea3-4e2e-a896-27ece2211a05`
- Creates systemd service automatically
- Stores credentials in `/root/.cloudflared/`

## Troubleshooting

### Service Not Starting

```bash
# Check logs
journalctl -u cloudflared -n 50

# Check if credentials file exists
ls -la /root/.cloudflared/10ab22da-8ea3-4e2e-a896-27ece2211a05.json

# Verify config file
cat /etc/cloudflared/config.yml
```

### Tunnel Still DOWN

1. Wait 1-2 minutes for connection
2. Check Cloudflare Dashboard
3. Verify network connectivity from container
4. Check if Nginx is accessible at `192.168.11.21:80`

## Summary

✅ **Token**: Provided and ready to use  
✅ **Tunnel ID**: `10ab22da-8ea3-4e2e-a896-27ece2211a05`  
✅ **Hostnames**: 9 hostnames need configuration  
✅ **Target**: All route to `http://192.168.11.21:80`  

**Next**: Install using one of the methods above, then configure ingress rules.