d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/docs/04-configuration/TUNNEL_TOKEN_INSTALL.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

183 lines
4.8 KiB
Markdown
Raw Blame History

# Install Tunnel with Token
**Last Updated:** 2026-01-31
**Document Version:** 1.0
**Status:** Active Documentation
---
## Token Provided
You have a Cloudflare tunnel token for the shared tunnel:
- **Tunnel ID**: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
- **Token**: `eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9`
## Installation Methods
### Method 1: Automated Script (If SSH Access Available)
```bash
# If you have SSH access to Proxmox network:
./install-shared-tunnel-token.sh
# Or via SSH tunnel:
./setup_ssh_tunnel.sh
PROXMOX_HOST=localhost ./install-shared-tunnel-token.sh
```
### Method 2: Manual Installation (Direct Container Access)
If you can access the container directly:
```bash
# 1. Access container
ssh root@192.168.11.12
pct exec 102 -- bash
# 2. Install cloudflared (if needed)
apt update
apt install -y cloudflared
# 3. Install tunnel service with token
cloudflared service install eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9
# 4. Create configuration file
cat > /etc/cloudflared/config.yml << 'EOF'
tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05
credentials-file: /root/.cloudflared/10ab22da-8ea3-4e2e-a896-27ece2211a05.json
ingress:
- hostname: dbis-admin.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: dbis-admin.d-bis.org
- hostname: dbis-api.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: dbis-api.d-bis.org
- hostname: dbis-api-2.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: dbis-api-2.d-bis.org
- hostname: mim4u.org.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: mim4u.org.d-bis.org
- hostname: www.mim4u.org.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: www.mim4u.org.d-bis.org
- hostname: rpc-http-prv.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: rpc-http-prv.d-bis.org
- hostname: rpc-http-pub.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: rpc-http-pub.d-bis.org
- hostname: rpc-ws-prv.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: rpc-ws-prv.d-bis.org
- hostname: rpc-ws-pub.d-bis.org
service: http://192.168.11.21:80
originRequest:
httpHostHeader: rpc-ws-pub.d-bis.org
- service: http_status:404
metrics: 127.0.0.1:9090
loglevel: info
gracePeriod: 30s
EOF
chmod 600 /etc/cloudflared/config.yml
# 5. Restart service
systemctl daemon-reload
systemctl restart cloudflared
systemctl status cloudflared
```
### Method 3: Cloudflare Dashboard Configuration
After installing with token, configure ingress rules via dashboard:
1. Go to: https://one.dash.cloudflare.com/
2. Zero Trust → Networks → Tunnels
3. Find tunnel: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
4. Click **Configure**
5. Add all 9 hostnames (see list below)
6. Save
## Hostnames to Configure
All these hostnames should route to `http://192.168.11.21:80`:
1. `dbis-admin.d-bis.org`
2. `dbis-api.d-bis.org`
3. `dbis-api-2.d-bis.org`
4. `mim4u.org.d-bis.org`
5. `www.mim4u.org.d-bis.org`
6. `rpc-http-prv.d-bis.org`
7. `rpc-http-pub.d-bis.org`
8. `rpc-ws-prv.d-bis.org`
9. `rpc-ws-pub.d-bis.org`
**Important**: Add catch-all rule (HTTP 404) as the LAST entry.
## Verification
After installation:
```bash
# Check service status
systemctl status cloudflared
# Check logs
journalctl -u cloudflared -f
# Test endpoints (wait 1-2 minutes first)
curl -I https://dbis-admin.d-bis.org
curl -I https://rpc-http-pub.d-bis.org
curl -I https://dbis-api.d-bis.org
```
## What the Token Does
The token:
- Authenticates the tunnel connector to Cloudflare
- Associates the connector with tunnel ID `10ab22da-8ea3-4e2e-a896-27ece2211a05`
- Creates systemd service automatically
- Stores credentials in `/root/.cloudflared/`
## Troubleshooting
### Service Not Starting
```bash
# Check logs
journalctl -u cloudflared -n 50
# Check if credentials file exists
ls -la /root/.cloudflared/10ab22da-8ea3-4e2e-a896-27ece2211a05.json
# Verify config file
cat /etc/cloudflared/config.yml
```
### Tunnel Still DOWN
1. Wait 1-2 minutes for connection
2. Check Cloudflare Dashboard
3. Verify network connectivity from container
4. Check if Nginx is accessible at `192.168.11.21:80`
## Summary
**Token**: Provided and ready to use
**Tunnel ID**: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
**Hostnames**: 9 hostnames need configuration
**Target**: All route to `http://192.168.11.21:80`
**Next**: Install using one of the methods above, then configure ingress rules.
Reference in New Issue View Git Blame Copy Permalink