proxmox/docs/01-getting-started/THIRDWEB_RPC_CLOUDFLARE_QUICKSTART.md

# ThirdWeb RPC (VMID 2400) - Cloudflare Tunnel Quick Start

**Status:** Ready to Execute  
**VMID:** 2400  
**IP:** 192.168.11.240  
**Domain:** `defi-oracle.io`  
**FQDN:** `rpc.public-0138.defi-oracle.io`

---

## Overview

This guide will set up a Cloudflare tunnel for VMID 2400 (ThirdWeb RPC node) since we can't access pve2 where the existing tunnel is located.

---

## Step 1: Create Cloudflare Tunnel (Manual - Cloudflare Dashboard)

### 1.1 Go to Cloudflare Dashboard

1. Open: https://one.dash.cloudflare.com/
2. Login to your Cloudflare account

### 1.2 Navigate to Tunnels

1. Click on **Zero Trust** (in the left sidebar)
2. Click on **Networks** → **Tunnels**

### 1.3 Create New Tunnel

1. Click **Create a tunnel** button (top right)
2. Select **Cloudflared** as the connector type
3. Name: `thirdweb-rpc-2400`
4. Click **Save tunnel**

### 1.4 Copy the Tunnel Token

After creating the tunnel, you'll see a screen with a token. It looks like:
```
eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0Ijoi...
```

**IMPORTANT:** Copy this entire token - you'll need it in the next step.

---

## Step 2: Run the Installation Script (Automated)

### 2.1 Run the Script

```bash
cd /home/intlc/projects/proxmox

# Replace <TUNNEL_TOKEN> with the token you copied from Step 1.4
./scripts/setup-cloudflared-vmid2400.sh <TUNNEL_TOKEN>
```

**Example:**
```bash
./scripts/setup-cloudflared-vmid2400.sh eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0Ijoi...
```

The script will:
- ✅ Check SSH access to Proxmox host (192.168.11.10)
- ✅ Verify VMID 2400 is running
- ✅ Install cloudflared in the container
- ✅ Install and start the tunnel service
- ✅ Verify the setup

---

## Step 3: Configure Tunnel Route (Manual - Cloudflare Dashboard)

### 3.1 Go Back to Tunnel Configuration

1. In Cloudflare Dashboard: **Zero Trust** → **Networks** → **Tunnels**
2. Click on your tunnel name: `thirdweb-rpc-2400`
3. Click **Configure** button

### 3.2 Add Public Hostname

1. Go to **Public Hostname** tab
2. Click **Add a public hostname**

### 3.3 Configure the Route

Fill in the following:

```
Subdomain: rpc.public-0138
Domain: defi-oracle.io
Service Type: HTTP
URL: http://127.0.0.1:8545
```

**Important Notes:**
- The subdomain is `rpc.public-0138` (not just `rpc`)
- The full domain will be: `rpc.public-0138.defi-oracle.io`
- Use `http://127.0.0.1:8545` to connect directly to Besu RPC
- If you have Nginx on port 443, use `https://127.0.0.1:443` instead

### 3.4 Save Configuration

1. Click **Save hostname**
2. Wait a few seconds for the configuration to apply

---

## Step 4: Configure DNS Record (Manual - Cloudflare Dashboard)

### 4.1 Navigate to DNS

1. In Cloudflare Dashboard, go to your account overview
2. Select domain: **defi-oracle.io**
3. Click **DNS** in the left sidebar
4. Click **Records**

### 4.2 Add CNAME Record

1. Click **Add record**

2. Fill in:
   ```
   Type: CNAME
   Name: rpc.public-0138
   Target: <your-tunnel-id>.cfargotunnel.com
   Proxy: 🟠 Proxied (orange cloud)
   TTL: Auto
   ```

3. **To find your tunnel ID:**
   - Go back to **Zero Trust** → **Networks** → **Tunnels**
   - Click on your tunnel: `thirdweb-rpc-2400`
   - The tunnel ID is shown in the URL or in the tunnel details
   - Format: `xxxx-xxxx-xxxx-xxxx` (UUID format)

### 4.3 Save DNS Record

1. Click **Save**
2. Wait 1-2 minutes for DNS propagation

---

## Step 5: Verify Setup

### 5.1 Check Tunnel Status

```bash
# From your local machine, check if the tunnel is running
ssh root@192.168.11.10 "pct exec 2400 -- systemctl status cloudflared"
```

### 5.2 Test DNS Resolution

```bash
# Test DNS resolution
dig rpc.public-0138.defi-oracle.io
nslookup rpc.public-0138.defi-oracle.io

# Should resolve to Cloudflare IPs (if proxied) or tunnel endpoint
```

### 5.3 Test RPC Endpoint

```bash
# Test HTTP RPC endpoint
curl -k https://rpc.public-0138.defi-oracle.io \
  -X POST \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'

# Expected: JSON response with block number
```

### 5.4 Verify in Cloudflare Dashboard

1. Go to **Zero Trust** → **Networks** → **Tunnels**
2. Click on `thirdweb-rpc-2400`
3. Status should show **Healthy** (green)
4. You should see the hostname `rpc.public-0138.defi-oracle.io` listed

---

## Troubleshooting

### Tunnel Not Connecting

```bash
# Check cloudflared logs inside the container
ssh root@192.168.11.10 "pct exec 2400 -- journalctl -u cloudflared -f"

# Check if service is running
ssh root@192.168.11.10 "pct exec 2400 -- systemctl status cloudflared"
```

### DNS Not Resolving

- Wait a few more minutes for DNS propagation
- Verify the CNAME target matches your tunnel ID
- Check that the tunnel is healthy in Cloudflare Dashboard

### Connection Refused

```bash
# Verify Besu RPC is running
ssh root@192.168.11.10 "pct exec 2400 -- systemctl status besu-rpc"

# Test Besu RPC locally
ssh root@192.168.11.10 "pct exec 2400 -- curl -X POST http://127.0.0.1:8545 \
  -H 'Content-Type: application/json' \
  -d '{\"jsonrpc\":\"2.0\",\"method\":\"eth_blockNumber\",\"params\":[],\"id\":1}'"
```

---

## Summary

After completing all steps:

✅ Cloudflare tunnel created  
✅ Cloudflared installed on VMID 2400  
✅ Tunnel service running and connected  
✅ Tunnel route configured for `rpc.public-0138.defi-oracle.io`  
✅ DNS CNAME record created  
✅ RPC endpoint accessible at `https://rpc.public-0138.defi-oracle.io`

**Next Steps:**
- Update Thirdweb listing with the new RPC URL
- Test with Thirdweb SDK
- Monitor tunnel status

---

## Quick Reference

**Script Location:** `scripts/setup-cloudflared-vmid2400.sh`  
**Documentation:** `docs/04-configuration/THIRDWEB_RPC_CLOUDFLARE_SETUP.md`  
**VMID:** 2400  
**IP:** 192.168.11.240  
**FQDN:** `rpc.public-0138.defi-oracle.io`