d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/docs/04-configuration/THIRDWEB_RPC_CLOUDFLARE_SETUP.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

438 lines
11 KiB
Markdown
Raw Blame History

# ThirdWeb RPC (VMID 2400) - Setup
**Last Updated:** 2026-02-05
**Status:** Setup Guide
**VMID:** 2400
**IP:** 192.168.11.240
**Domain:** `defi-oracle.io`
**FQDN:** `rpc.public-0138.defi-oracle.io`, `rpc.defi-oracle.io`, `wss.defi-oracle.io`
---
## Recommended: Expose via NPMplus and Fastly/Direct
**Preferred path:** Expose ThirdWeb RPC (VMID 2400) through **NPMplus** (VMID 10233 at 192.168.11.167) with edge **Fastly** (Option A) or **direct to 76.53.10.36** (Option C). No cloudflared in VMID 2400 required.
- **DNS** (Cloudflare): `rpc.defi-oracle.io`, `wss.defi-oracle.io` → CNAME to Fastly or A to 76.53.10.36
- **NPMplus:** Proxy hosts for `rpc.defi-oracle.io``http://192.168.11.240:8545` (or :443 if Nginx in 2400), `wss.defi-oracle.io``http://192.168.11.240:8546`; WebSocket enabled
- See [05-network/CLOUDFLARE_ROUTING_MASTER.md](../05-network/CLOUDFLARE_ROUTING_MASTER.md) and [04-configuration/RPC_ENDPOINTS_MASTER.md](RPC_ENDPOINTS_MASTER.md)
---
## Alternative: Cloudflare Tunnel in VMID 2400 (Deprecated)
The following describes installing Cloudflared **inside VMID 2400** for a dedicated tunnel. This approach is **deprecated** in favour of NPMplus + Fastly/direct (above). Use only if edge port 76.53.10.36:80/443 is not reachable from the internet (Option B).
**Architecture (deprecated):**
```
Internet → Cloudflare → Cloudflare Tunnel (from VMID 2400) → Nginx (port 443) → Besu RPC (8545/8546)
```
---
## Prerequisites
1. **Access to Proxmox host** where VMID 2400 is running
2. **Access to VMID 2400 container** (via `pct exec 2400`)
3. **Cloudflare account** with access to `defi-oracle.io` domain
4. **Cloudflare Zero Trust access** (free tier is sufficient)
---
## Step 1: Create Cloudflare Tunnel
### 1.1 Create Tunnel in Cloudflare Dashboard
1. Go to: https://one.dash.cloudflare.com/
2. Navigate to: **Zero Trust****Networks****Tunnels**
3. Click **Create a tunnel**
4. Select **Cloudflared** as the connector type
5. Give it a name (e.g., `thirdweb-rpc-2400`)
6. Click **Save tunnel**
### 1.2 Copy the Tunnel Token
After creating the tunnel, you'll see a token. Copy it - you'll need it in the next step.
**Token format:** `eyJhIjoi...` (long base64 string)
---
## Step 2: Install Cloudflared on VMID 2400
### 2.1 Access the Container
**If you have SSH access to the Proxmox host:**
```bash
# Replace with your Proxmox host IP
PROXMOX_HOST="192.168.11.10" # or your Proxmox host IP
# Enter the container
ssh root@${PROXMOX_HOST} "pct exec 2400 -- bash"
```
**If you have console access to the Proxmox host:**
```bash
# List containers
pct list | grep 2400
# Enter the container
pct exec 2400 -- bash
```
### 2.2 Install Cloudflared
Once inside the container, run:
```bash
# Update package list
apt update
# Install wget if not available
apt install -y wget
# Download and install cloudflared
cd /tmp
wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
dpkg -i cloudflared-linux-amd64.deb || apt install -f -y
# Verify installation
cloudflared --version
```
### 2.3 Install Tunnel Service
Replace `<TUNNEL_TOKEN>` with the token you copied from Step 1.2:
```bash
# Install tunnel service with token
cloudflared service install <TUNNEL_TOKEN>
# Enable and start service
systemctl enable cloudflared
systemctl start cloudflared
# Check status
systemctl status cloudflared
```
### 2.4 Verify Tunnel is Running
```bash
# Check service status
systemctl status cloudflared --no-pager -l
# List tunnels (should show your tunnel)
cloudflared tunnel list
# Check tunnel configuration
cat /etc/cloudflared/config.yml
```
---
## Step 3: Configure Tunnel Route in Cloudflare
### 3.1 Configure Public Hostname
1. Go back to Cloudflare Dashboard: **Zero Trust****Networks****Tunnels**
2. Click on your tunnel name (`thirdweb-rpc-2400`)
3. Click **Configure**
4. Go to **Public Hostname** tab
5. Click **Add a public hostname**
### 3.2 Add RPC Endpoint Configuration
**For HTTP RPC:**
```
Subdomain: rpc.public-0138
Domain: defi-oracle.io
Service Type: HTTP
URL: http://127.0.0.1:8545
```
**Note:** If you have Nginx configured on VMID 2400 with SSL on port 443, use:
```
URL: https://127.0.0.1:443
```
or
```
URL: http://127.0.0.1:443
```
### 3.3 Add WebSocket Support (Optional)
If you need WebSocket RPC support, you can either:
**Option A:** Use the same hostname (Cloudflare supports WebSocket on HTTP endpoints)
- The same `rpc.public-0138.defi-oracle.io` hostname will handle both HTTP and WebSocket
- Configure your Nginx to route WebSocket connections appropriately
**Option B:** Add a separate hostname for WebSocket:
```
Subdomain: rpc-ws.public-0138
Domain: defi-oracle.io
Service Type: HTTP
URL: http://127.0.0.1:8546
```
### 3.4 Save Configuration
Click **Save hostname** for each entry you add.
---
## Step 4: Configure Nginx on VMID 2400 (If Needed)
If VMID 2400 doesn't have Nginx configured yet, you'll need to set it up to handle the RPC endpoints.
### 4.1 Install Nginx
```bash
# Inside VMID 2400 container
apt install -y nginx
```
### 4.2 Configure Nginx for RPC
Create Nginx configuration:
```bash
cat > /etc/nginx/sites-available/rpc-thirdweb << 'EOF'
# HTTP to HTTPS redirect (optional)
server {
listen 80;
listen [::]:80;
server_name rpc.public-0138.defi-oracle.io;
# Redirect all HTTP to HTTPS
return 301 https://$host$request_uri;
}
# HTTPS server - HTTP RPC API (port 8545)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rpc.public-0138.defi-oracle.io;
# SSL configuration (you'll need to generate certificates)
# For Cloudflare tunnel, you can use self-signed or Cloudflare SSL
ssl_certificate /etc/nginx/ssl/rpc.crt;
ssl_certificate_key /etc/nginx/ssl/rpc.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Increase timeouts for RPC calls
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# HTTP RPC endpoint (port 8545)
location / {
proxy_pass http://127.0.0.1:8545;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# HTTPS server - WebSocket RPC API (port 8546)
server {
listen 8443 ssl http2;
listen [::]:8443 ssl http2;
server_name rpc.public-0138.defi-oracle.io;
# SSL configuration
ssl_certificate /etc/nginx/ssl/rpc.crt;
ssl_certificate_key /etc/nginx/ssl/rpc.key;
ssl_protocols TLSv1.2 TLSv1.3;
# WebSocket RPC endpoint (port 8546)
location / {
proxy_pass http://127.0.0.1:8546;
proxy_http_version 1.1;
# WebSocket headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Long timeouts for WebSocket connections
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
}
EOF
# Enable the site
ln -sf /etc/nginx/sites-available/rpc-thirdweb /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
# Test configuration
nginx -t
# Reload Nginx
systemctl reload nginx
```
**Note:** If using Cloudflare tunnel, you can point the tunnel directly to `http://127.0.0.1:8545` (bypassing Nginx) since Cloudflare handles SSL termination. In that case, Nginx is optional.
---
## Step 5: Configure DNS Record
### 5.1 Create DNS Record in Cloudflare
1. Go to Cloudflare Dashboard: **DNS****Records**
2. Select domain: `defi-oracle.io`
3. Click **Add record**
### 5.2 Configure DNS Record
**If using Cloudflare Tunnel (Recommended):**
```
Type: CNAME
Name: rpc.public-0138
Target: <your-tunnel-id>.cfargotunnel.com
Proxy: 🟠 Proxied (orange cloud)
TTL: Auto
```
**To find your tunnel ID:**
- Go to **Zero Trust****Networks****Tunnels**
- Click on your tunnel name
- The tunnel ID is shown in the URL or tunnel details
**Alternative: Direct A Record (If using public IP with port forwarding)**
If you prefer to use a direct A record with port forwarding on the ER605 router:
```
Type: A
Name: rpc.public-0138
Target: <your-public-ip>
Proxy: 🟠 Proxied (recommended) or ❌ DNS only
TTL: Auto
```
Then configure port forwarding on ER605:
- External Port: 443
- Internal IP: 192.168.11.240
- Internal Port: 443
- Protocol: TCP
---
## Step 6: Verify Setup
### 6.1 Check Tunnel Status
```bash
# Inside VMID 2400 container
systemctl status cloudflared
cloudflared tunnel list
```
### 6.2 Test DNS Resolution
```bash
# From your local machine
dig rpc.public-0138.defi-oracle.io
nslookup rpc.public-0138.defi-oracle.io
# Should resolve to Cloudflare IPs (if proxied) or your public IP
```
### 6.3 Test RPC Endpoint
```bash
# Test HTTP RPC endpoint
curl -k https://rpc.public-0138.defi-oracle.io \
-X POST \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
# Test WebSocket (using wscat)
wscat -c wss://rpc.public-0138.defi-oracle.io
```
---
## Troubleshooting
### Tunnel Not Connecting
```bash
# Check cloudflared logs
journalctl -u cloudflared -f
# Check tunnel status
cloudflared tunnel list
# Verify tunnel token
cat /etc/cloudflared/credentials.json
```
### DNS Not Resolving
1. Verify DNS record is created correctly in Cloudflare
2. Wait a few minutes for DNS propagation
3. Check if tunnel is healthy in Cloudflare Dashboard
### Connection Refused
```bash
# Check if Besu RPC is running
systemctl status besu-rpc
# Test Besu RPC locally
curl -X POST http://127.0.0.1:8545 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
# Check Nginx (if using)
systemctl status nginx
nginx -t
```
### SSL Certificate Issues
If using Nginx with SSL, you may need to generate certificates. For Cloudflare tunnel, SSL is handled by Cloudflare, so you can use HTTP internally.
---
## Summary
After completing these steps:
✅ Cloudflared installed on VMID 2400
✅ Cloudflare tunnel created and connected
✅ Tunnel route configured for `rpc.public-0138.defi-oracle.io`
✅ DNS record created (CNAME to tunnel)
✅ RPC endpoint accessible at `https://rpc.public-0138.defi-oracle.io`
**Next Steps:**
- Verify the endpoint works with Thirdweb SDK
- Update Thirdweb listing with the new RPC URL
- Monitor tunnel status and logs
---
## Related Documentation
- [RPC_DNS_CONFIGURATION.md](RPC_DNS_CONFIGURATION.md) - DNS configuration overview
- [RPC_DNS_CONFIGURATION.md](RPC_DNS_CONFIGURATION.md) - RPC and DNS setup
- [cloudflare/CLOUDFLARE_TUNNEL_CONFIGURATION_GUIDE.md](cloudflare/CLOUDFLARE_TUNNEL_CONFIGURATION_GUIDE.md) - General tunnel configuration
Reference in New Issue View Git Blame Copy Permalink