# Fix Tunnel - Alternative Methods

**Last Updated:** 2026-01-31  
**Document Version:** 1.0  
**Status:** Active Documentation

---

## Problem

The `fix-shared-tunnel.sh` script cannot connect because your machine is on `192.168.1.0/24` and cannot directly reach `192.168.11.0/24`.

## Solution Methods

### Method 1: Use SSH Tunnel ⭐ Recommended

```bash
# Terminal 1: Start SSH tunnel
./setup_ssh_tunnel.sh

# Terminal 2: Run fix with localhost
PROXMOX_HOST=localhost ./fix-shared-tunnel.sh
```

### Method 2: Manual File Deployment

The script automatically generates configuration files when connection fails:

**Location**: `/tmp/tunnel-fix-10ab22da-8ea3-4e2e-a896-27ece2211a05/`

**Files**:
- `tunnel-services.yml` - Tunnel configuration
- `cloudflared-services.service` - Systemd service
- `DEPLOY_INSTRUCTIONS.md` - Deployment guide

**Deploy from Proxmox host**:
```bash
# Copy files to Proxmox host
scp -r /tmp/tunnel-fix-* root@192.168.11.12:/tmp/

# SSH to Proxmox host
ssh root@192.168.11.12

# Deploy to container
pct push 102 /tmp/tunnel-fix-*/tunnel-services.yml /etc/cloudflared/tunnel-services.yml
pct push 102 /tmp/tunnel-fix-*/cloudflared-services.service /etc/systemd/system/cloudflared-services.service
pct exec 102 -- chmod 600 /etc/cloudflared/tunnel-services.yml
pct exec 102 -- systemctl daemon-reload
pct exec 102 -- systemctl enable cloudflared-services.service
pct exec 102 -- systemctl start cloudflared-services.service
```

### Method 3: Cloudflare Dashboard ⭐ Easiest

1. Go to: https://one.dash.cloudflare.com/
2. Navigate to: **Zero Trust** → **Networks** → **Tunnels**
3. Find tunnel: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
4. Click **Configure**
5. Add all hostnames:

| Hostname | Service | URL |
|----------|---------|-----|
| dbis-admin.d-bis.org | HTTP | 192.168.11.21:80 |
| dbis-api.d-bis.org | HTTP | 192.168.11.21:80 |
| dbis-api-2.d-bis.org | HTTP | 192.168.11.21:80 |
| mim4u.org.d-bis.org | HTTP | 192.168.11.21:80 |
| www.mim4u.org.d-bis.org | HTTP | 192.168.11.21:80 |
| rpc-http-prv.d-bis.org | HTTP | 192.168.11.21:80 |
| rpc-http-pub.d-bis.org | HTTP | 192.168.11.21:80 |
| rpc-ws-prv.d-bis.org | HTTP | 192.168.11.21:80 |
| rpc-ws-pub.d-bis.org | HTTP | 192.168.11.21:80 |

6. Add catch-all rule: **HTTP 404: Not Found** (must be last)
7. Save configuration
8. Wait 1-2 minutes for tunnel to reload

### Method 4: Run from Proxmox Network

If you have access to a machine on `192.168.11.0/24`:

```bash
# Copy script to that machine
scp fix-shared-tunnel.sh user@192.168.11.x:/tmp/

# SSH to that machine and run
ssh user@192.168.11.x
cd /tmp
chmod +x fix-shared-tunnel.sh
./fix-shared-tunnel.sh
```

### Method 5: Direct Container Access

If you can access the container directly:

```bash
# Create config file inside container
pct exec 102 -- bash << 'EOF'
cat > /etc/cloudflared/tunnel-services.yml << 'CONFIG'
tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05
credentials-file: /etc/cloudflared/credentials-services.json

ingress:
  - hostname: dbis-admin.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-admin.d-bis.org
  - hostname: dbis-api.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-api.d-bis.org
  - hostname: dbis-api-2.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-api-2.d-bis.org
  - hostname: mim4u.org.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: mim4u.org.d-bis.org
  - hostname: www.mim4u.org.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: www.mim4u.org.d-bis.org
  - hostname: rpc-http-prv.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-http-prv.d-bis.org
  - hostname: rpc-http-pub.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-http-pub.d-bis.org
  - hostname: rpc-ws-prv.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-ws-prv.d-bis.org
  - hostname: rpc-ws-pub.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-ws-pub.d-bis.org
  - service: http_status:404

metrics: 127.0.0.1:9090
loglevel: info
gracePeriod: 30s
CONFIG

chmod 600 /etc/cloudflared/tunnel-services.yml
EOF
```

## Verification

After applying any method:

```bash
# Check tunnel status in Cloudflare Dashboard
# Should change from DOWN to HEALTHY

# Test endpoints
curl -I https://dbis-admin.d-bis.org
curl -I https://rpc-http-pub.d-bis.org
curl -I https://dbis-api.d-bis.org
```

## Recommended Approach

**For Quick Fix**: Use **Method 3 (Cloudflare Dashboard)** - No SSH needed, immediate effect

**For Automation**: Use **Method 1 (SSH Tunnel)** - Scriptable, repeatable

**For Production**: Use **Method 2 (Manual Deployment)** - Most control, can review files first