d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/TUNNEL_TOKEN_INSTALL.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

4.8 KiB
Raw Permalink Blame History

Install Tunnel with Token

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Token Provided

You have a Cloudflare tunnel token for the shared tunnel:

  • Tunnel ID: 10ab22da-8ea3-4e2e-a896-27ece2211a05
  • Token: eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9

Installation Methods

Method 1: Automated Script (If SSH Access Available)

# If you have SSH access to Proxmox network:
./install-shared-tunnel-token.sh

# Or via SSH tunnel:
./setup_ssh_tunnel.sh
PROXMOX_HOST=localhost ./install-shared-tunnel-token.sh

Method 2: Manual Installation (Direct Container Access)

If you can access the container directly:

# 1. Access container
ssh root@192.168.11.12
pct exec 102 -- bash

# 2. Install cloudflared (if needed)
apt update
apt install -y cloudflared

# 3. Install tunnel service with token
cloudflared service install eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9

# 4. Create configuration file
cat > /etc/cloudflared/config.yml << 'EOF'
tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05
credentials-file: /root/.cloudflared/10ab22da-8ea3-4e2e-a896-27ece2211a05.json

ingress:
  - hostname: dbis-admin.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-admin.d-bis.org
  - hostname: dbis-api.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-api.d-bis.org
  - hostname: dbis-api-2.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: dbis-api-2.d-bis.org
  - hostname: mim4u.org.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: mim4u.org.d-bis.org
  - hostname: www.mim4u.org.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: www.mim4u.org.d-bis.org
  - hostname: rpc-http-prv.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-http-prv.d-bis.org
  - hostname: rpc-http-pub.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-http-pub.d-bis.org
  - hostname: rpc-ws-prv.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-ws-prv.d-bis.org
  - hostname: rpc-ws-pub.d-bis.org
    service: http://192.168.11.21:80
    originRequest:
      httpHostHeader: rpc-ws-pub.d-bis.org
  - service: http_status:404

metrics: 127.0.0.1:9090
loglevel: info
gracePeriod: 30s
EOF

chmod 600 /etc/cloudflared/config.yml

# 5. Restart service
systemctl daemon-reload
systemctl restart cloudflared
systemctl status cloudflared

Method 3: Cloudflare Dashboard Configuration

After installing with token, configure ingress rules via dashboard:

  1. Go to: https://one.dash.cloudflare.com/
  2. Zero Trust → Networks → Tunnels
  3. Find tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05
  4. Click Configure
  5. Add all 9 hostnames (see list below)
  6. Save

Hostnames to Configure

All these hostnames should route to http://192.168.11.21:80:

  1. dbis-admin.d-bis.org
  2. dbis-api.d-bis.org
  3. dbis-api-2.d-bis.org
  4. mim4u.org.d-bis.org
  5. www.mim4u.org.d-bis.org
  6. rpc-http-prv.d-bis.org
  7. rpc-http-pub.d-bis.org
  8. rpc-ws-prv.d-bis.org
  9. rpc-ws-pub.d-bis.org

Important: Add catch-all rule (HTTP 404) as the LAST entry.

Verification

After installation:

# Check service status
systemctl status cloudflared

# Check logs
journalctl -u cloudflared -f

# Test endpoints (wait 1-2 minutes first)
curl -I https://dbis-admin.d-bis.org
curl -I https://rpc-http-pub.d-bis.org
curl -I https://dbis-api.d-bis.org

What the Token Does

The token:

  • Authenticates the tunnel connector to Cloudflare
  • Associates the connector with tunnel ID 10ab22da-8ea3-4e2e-a896-27ece2211a05
  • Creates systemd service automatically
  • Stores credentials in /root/.cloudflared/

Troubleshooting

Service Not Starting

# Check logs
journalctl -u cloudflared -n 50

# Check if credentials file exists
ls -la /root/.cloudflared/10ab22da-8ea3-4e2e-a896-27ece2211a05.json

# Verify config file
cat /etc/cloudflared/config.yml

Tunnel Still DOWN

  1. Wait 1-2 minutes for connection
  2. Check Cloudflare Dashboard
  3. Verify network connectivity from container
  4. Check if Nginx is accessible at 192.168.11.21:80

Summary

Token: Provided and ready to use
Tunnel ID: 10ab22da-8ea3-4e2e-a896-27ece2211a05
Hostnames: 9 hostnames need configuration
Target: All route to http://192.168.11.21:80

Next: Install using one of the methods above, then configure ingress rules.

Reference in New Issue View Git Blame Copy Permalink