d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
08c074ce101fc8fe6699a6de65799fb2bbf9d9fb
proxmox/docs/05-network/CENTRAL_NGINX_ROUTING_SETUP.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

6.5 KiB
Raw Blame History

Central Nginx Routing Setup - Complete

Last Updated: 2025-12-27
Document Version: 1.0
Status: Active Documentation

Architecture

Internet → Cloudflare → cloudflared (VMID 102) → Nginx Proxy Manager (VMID 105:80) → Internal Services

All Cloudflare tunnel traffic now routes through a single Nginx instance (VMID 105) which then routes to internal services based on hostname.

Configuration Complete

Nginx Proxy Manager (VMID 105)

IP Address: 192.168.11.21
Configuration File: /data/nginx/custom/http.conf
Status: Active and running

Services Configured:

Domain Routes To Service IP Service Port
explorer.d-bis.org http://192.168.11.280:80 192.168.11.280 80
rpc-http-pub.d-bis.org https://192.168.11.252:443 192.168.11.252 443
rpc-ws-pub.d-bis.org https://192.168.11.252:443 192.168.11.252 443
rpc-http-prv.d-bis.org https://192.168.11.251:443 192.168.11.251 443
rpc-ws-prv.d-bis.org https://192.168.11.251:443 192.168.11.251 443
dbis-admin.d-bis.org http://192.168.11.130:80 192.168.11.130 80
dbis-api.d-bis.org http://192.168.11.290:3000 192.168.11.290 3000
dbis-api-2.d-bis.org http://192.168.11.291:3000 192.168.11.291 3000
mim4u.org http://192.168.11.19:80 192.168.11.19 80
www.mim4u.org http://192.168.11.19:80 192.168.11.19 80

Cloudflare Tunnel Configuration

⚠️ Action Required: Update Cloudflare Dashboard

Since the tunnel uses token-based configuration, you need to update the tunnel ingress rules in the Cloudflare dashboard:

  1. Go to: https://one.dash.cloudflare.com/
  2. Navigate to: Zero TrustNetworksTunnels
  3. Select your tunnel (ID: b02fe1fe-cb7d-484e-909b-7cc41298ebe8)
  4. Click ConfigurePublic Hostnames
  5. Update all hostnames to route to: http://192.168.11.21:80

Required Tunnel Ingress Rules

All hostnames should route to the central Nginx:

ingress:
  # Explorer
  - hostname: explorer.d-bis.org
    service: http://192.168.11.21:80
  
  # RPC Public
  - hostname: rpc-http-pub.d-bis.org
    service: http://192.168.11.21:80
  
  - hostname: rpc-ws-pub.d-bis.org
    service: http://192.168.11.21:80
  
  # RPC Private
  - hostname: rpc-http-prv.d-bis.org
    service: http://192.168.11.21:80
  
  - hostname: rpc-ws-prv.d-bis.org
    service: http://192.168.11.21:80
  
  # DBIS Services
  - hostname: dbis-admin.d-bis.org
    service: http://192.168.11.21:80
  
  - hostname: dbis-api.d-bis.org
    service: http://192.168.11.21:80
  
  - hostname: dbis-api-2.d-bis.org
    service: http://192.168.11.21:80
  
  # Miracles In Motion
  - hostname: mim4u.org
    service: http://192.168.11.21:80
  
  - hostname: www.mim4u.org
    service: http://192.168.11.21:80
  
  # Catch-all
  - service: http_status:404

Testing

Test Nginx Routing Locally

# Test Explorer
curl -H "Host: explorer.d-bis.org" http://192.168.11.21/

# Test RPC Public HTTP
curl -H "Host: rpc-http-pub.d-bis.org" http://192.168.11.21/ \
  -X POST -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Test Through Cloudflare (After Tunnel Update)

# Test Explorer
curl https://explorer.d-bis.org/

# Test RPC Public
curl -X POST https://rpc-http-pub.d-bis.org \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Benefits

  1. Single Point of Configuration: All routing logic in one place (VMID 105)
  2. Simplified Management: No need to update multiple Nginx instances
  3. Centralized Logging: All traffic logs in one location
  4. Easier Troubleshooting: Single point to check routing issues
  5. Consistent Configuration: All services follow the same routing pattern

Maintenance

View Nginx Configuration

ssh root@192.168.11.12 "pct exec 105 -- cat /data/nginx/custom/http.conf"

Reload Nginx Configuration

ssh root@192.168.11.12 "pct exec 105 -- systemctl restart npm"

Add New Service

  1. Edit /data/nginx/custom/http.conf on VMID 105
  2. Add new server block with appropriate server_name and proxy_pass
  3. Test: nginx -t
  4. Reload: systemctl restart npm
  5. Update Cloudflare tunnel to route new hostname to http://192.168.11.21:80

Troubleshooting

Service Not Routing Correctly

  1. Check Nginx configuration: pct exec 105 -- nginx -t
  2. Check service status: pct exec 105 -- systemctl status npm
  3. Check Nginx logs: pct exec 105 -- tail -f /data/logs/fallback_error.log
  4. Verify internal service is accessible: curl http://<service-ip>:<port>

Cloudflare Tunnel Not Connecting

  1. Check tunnel status: pct exec 102 -- systemctl status cloudflared
  2. Verify tunnel configuration in Cloudflare dashboard
  3. Check tunnel logs: pct exec 102 -- journalctl -u cloudflared -n 50

Next Steps

  1. Nginx configuration deployed
  2. Update Cloudflare tunnel configuration (see above)
  3. Test all endpoints after tunnel update
  4. Monitor logs for any routing issues

Configuration File Location: /data/nginx/custom/http.conf on VMID 105

Related Documentation

Master Reference: For a consolidated view of all Cloudflare routing, see CLOUDFLARE_ROUTING_MASTER.md .

Setup Guides

Architecture Documents

Last Updated: 2025-12-27
Document Version: 1.0
Review Cycle: Quarterly

Reference in New Issue View Git Blame Copy Permalink