d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/scripts/verify/verify-cloudflare-tunnel-ingress.sh
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

133 lines
5.0 KiB
Bash
Executable File
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/usr/bin/env bash
# Verify Cloudflare Tunnel ingress targets: from inside VMID 102 (cloudflared), curl the
# current and recommended origins. Use to fix 502s: if only NPMplus responds, point tunnel to it.
#
# Usage:
# From repo (SSH to Proxmox node that has VMID 102):
# bash scripts/verify/verify-cloudflare-tunnel-ingress.sh
# bash scripts/verify/verify-cloudflare-tunnel-ingress.sh --host 192.168.11.10
# On Proxmox host that has VMID 102:
# bash scripts/verify/verify-cloudflare-tunnel-ingress.sh
#
# Requires: VMID 102 (public cloudflared) on one of the Proxmox hosts; curl inside 102.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]:-$0}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
[ -f "${PROJECT_ROOT}/config/ip-addresses.conf" ] && source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
VMID_CLOUDFLARED="${CLOUDFLARED_VMID:-102}"
PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_ML110:-192.168.11.10}}"
while [[ $# -gt 0 ]]; do
case "$1" in
--host) PROXMOX_HOST="${2:-$PROXMOX_HOST}"; shift ;;
*) ;;
esac
shift
done
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
ok() { echo -e "${GREEN}[✓]${NC} $1"; }
fail() { echo -e "${RED}[✗]${NC} $1"; }
warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }
info() { echo -e "${BLUE}[INFO]${NC} $1"; }
# Hostnames to test (NPMplus routes by Host)
TEST_HOSTS=("dbis-admin.d-bis.org" "explorer.d-bis.org")
# Targets: old central Nginx (often 502), NPMplus (recommended)
TARGET_OLD="192.168.11.21:80"
TARGET_NPMPLUS="192.168.11.167:80"
run_curl_from_102() {
local host="$1"
local target="$2"
local timeout="${3:-5}"
if command -v pct &>/dev/null; then
pct exec "$VMID_CLOUDFLARED" -- curl -s -o /dev/null -w "%{http_code}" --connect-timeout "$timeout" "http://${target}/" -H "Host: $host" 2>/dev/null || echo "000"
else
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=accept-new "root@${PROXMOX_HOST}" "pct exec $VMID_CLOUDFLARED -- curl -s -o /dev/null -w '%{http_code}' --connect-timeout $timeout 'http://${target}/' -H 'Host: $host'" 2>/dev/null || echo "000"
fi
}
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Cloudflare Tunnel ingress verification (VMID $VMID_CLOUDFLARED)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
# If not on Proxmox, check which host has VMID 102
if ! command -v pct &>/dev/null; then
info "Running from repo: using SSH to $PROXMOX_HOST"
if ! ssh -o ConnectTimeout=5 -o BatchMode=yes "root@${PROXMOX_HOST}" "exit" 2>/dev/null; then
fail "Cannot SSH to $PROXMOX_HOST. Set PROXMOX_HOST or use --host <ip>."
exit 1
fi
FOUND=$(ssh -o ConnectTimeout=5 "root@${PROXMOX_HOST}" "pct list 2>/dev/null | grep -E '^\s*${VMID_CLOUDFLARED}\s'" 2>/dev/null || true)
if [[ -z "$FOUND" ]]; then
warn "VMID $VMID_CLOUDFLARED not found on $PROXMOX_HOST. Try: bash $0 --host 192.168.11.11 (or .12)"
exit 1
fi
info "VMID $VMID_CLOUDFLARED found on $PROXMOX_HOST"
fi
# If on Proxmox, confirm 102 exists
if command -v pct &>/dev/null; then
if ! pct status "$VMID_CLOUDFLARED" &>/dev/null; then
fail "VMID $VMID_CLOUDFLARED not found on this host. Run on the Proxmox node that has the public cloudflared container."
exit 1
fi
fi
info "Testing from inside VMID $VMID_CLOUDFLARED (as cloudflared would reach origins)..."
echo ""
# Test old target (central Nginx)
echo "Target: $TARGET_OLD (old central Nginx / VMID 105)"
OLD_OK=0
for h in "${TEST_HOSTS[@]}"; do
code=$(run_curl_from_102 "$h" "$TARGET_OLD")
if [[ "$code" =~ ^[23][0-9][0-9]$ ]]; then
ok "$h$code"
OLD_OK=$((OLD_OK + 1))
else
fail "$h$code (timeout or unreachable)"
fi
done
echo ""
# Test NPMplus
echo "Target: $TARGET_NPMPLUS (NPMplus VMID 10233 recommended)"
NPM_OK=0
for h in "${TEST_HOSTS[@]}"; do
code=$(run_curl_from_102 "$h" "$TARGET_NPMPLUS")
if [[ "$code" =~ ^[23][0-9][0-9]$ ]]; then
ok "$h$code"
NPM_OK=$((NPM_OK + 1))
else
fail "$h$code (timeout or unreachable)"
fi
done
echo ""
# Summary
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
if [[ $NPM_OK -eq ${#TEST_HOSTS[@]} ]]; then
ok "NPMplus ($TARGET_NPMPLUS) responds for all test hostnames."
if [[ $OLD_OK -lt ${#TEST_HOSTS[@]} ]]; then
info "Recommendation: Point Cloudflare Tunnel Public Hostnames to http://${TARGET_NPMPLUS} (see docs/04-configuration/cloudflare/CLOUDFLARE_TUNNEL_502_FIX_RUNBOOK.md)"
fi
else
if [[ $OLD_OK -eq ${#TEST_HOSTS[@]} ]]; then
warn "Only old target ($TARGET_OLD) responds. Ensure NPMplus (10233) is running and reachable from VMID $VMID_CLOUDFLARED."
else
fail "Neither target responded from VMID $VMID_CLOUDFLARED. Check network/firewall and that NPMplus or central Nginx is listening."
fi
fi
echo ""
Reference in New Issue View Git Blame Copy Permalink