fbda1b4beb
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
3.6 KiB
Tunnel sfvalley01 — Install and run connector
Tunnel name: sfvalley01
Purpose: RPC hostnames (Option B) → NPMplus at 192.168.11.167:80
Last updated: 2026-02-06
1. Install cloudflared (Debian/Ubuntu)
Run on the host or container where the connector will run (e.g. VMID 102 or a VM that can reach 192.168.11.167):
# Add Cloudflare GPG key
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-public-v2.gpg | sudo tee /usr/share/keyrings/cloudflare-public-v2.gpg >/dev/null
# Add repo
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-public-v2.gpg] https://pkg.cloudflare.com/cloudflared any main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
# Install
sudo apt-get update && sudo apt-get install -y cloudflared
2. Install and run the connector (tunnel token)
Tunnel ID (sfvalley01): ad9eb7c4-f522-480e-b640-bfc137518c94
Service install (recommended):
sudo cloudflared service install eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiYWQ5ZWI3YzQtZjUyMi00ODBlLWI2NDAtYmZjMTM3NTE4Yzk0IiwicyI6IlpqTTFOakUyTVdFdFlqVXpOeTAwWlRBNExXSXlZalV0TkRoaFpqUXdORGRpWVRsayJ9
sudo systemctl start cloudflared
sudo systemctl enable cloudflared
# Verify
sudo systemctl status cloudflared
cloudflared tunnel list
Run manually (foreground, for testing):
cloudflared tunnel run --token eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiYWQ5ZWI3YzQtZjUyMi00ODBlLWI2NDAtYmZjMTM3NTE4Yzk0IiwicyI6IlpqTTFOakUyTVdFdFlqVXpOeTAwWlRBNExXSXlZalV0TkRoaFpqUXdORGRpWVRsayJ9
Using token from project .env: If CLOUDFLARE_TUNNEL_TOKEN is set in .env, run sudo cloudflared service install "$CLOUDFLARE_TUNNEL_TOKEN" from project root (after sourcing .env).
3. After connector is running
-
Tunnel ID:
ad9eb7c4-f522-480e-b640-bfc137518c94(or runcloudflared tunnel liston the host). -
Update
.env(for scripts)
SetCLOUDFLARE_TUNNEL_ID=ad9eb7c4-f522-480e-b640-bfc137518c94andCLOUDFLARE_TUNNEL_TOKENto the token above soscripts/set-rpc-dns-to-tunnel.shand other scripts use sfvalley01. -
Configure Public Hostnames
In Zero Trust → sfvalley01 → Public Hostnames, add the 6 RPC hostnames. Usehttps://192.168.11.167:443(with No TLS Verify /originRequest.noTLSVerify: true) to avoid 301 redirects:Hostname URL rpc-http-pub.d-bis.org https://192.168.11.167:443 rpc.d-bis.org https://192.168.11.167:443 rpc2.d-bis.org https://192.168.11.167:443 rpc-http-prv.d-bis.org https://192.168.11.167:443 rpc.public-0138.defi-oracle.io https://192.168.11.167:443 rpc.defi-oracle.io https://192.168.11.167:443 If editing via API, set
originRequest: { noTLSVerify: true }for each so cloudflared accepts NPMplus’s certificate. -
Point DNS at this tunnel
From repo root (with updatedCLOUDFLARE_TUNNEL_IDin.env):./scripts/set-rpc-dns-to-tunnel.sh -
Verify
After 1–5 minutes:bash scripts/verify/troubleshoot-rpc-failures.sh
4. Troubleshooting
- Service won’t start:
journalctl -u cloudflared -n 50 - Tunnel not in dashboard: Ensure the token was for tunnel sfvalley01 and the connector has network access to Cloudflare.
- RPC still 530: Confirm all 6 Public Hostnames are set to
http://192.168.11.167:80and DNS CNAMEs point to<tunnel-id>.cfargotunnel.com.
See also: OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md.