fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
186 lines
4.7 KiB
Markdown
186 lines
4.7 KiB
Markdown
# Cloudflare Tunnel Configuration Guide
|
|
|
|
**Last Updated:** 2026-01-31
|
|
**Document Version:** 1.0
|
|
**Status:** Active Documentation
|
|
|
|
---
|
|
|
|
**Tunnel ID**: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
|
|
**Status**: Currently DOWN - Needs Configuration
|
|
**Purpose**: Route all services through central Nginx (VMID 105)
|
|
|
|
---
|
|
|
|
## Current Status
|
|
|
|
From the Cloudflare dashboard, the tunnel `rpc-http-pub.d-bis.org` is showing as **DOWN**. This tunnel needs to be configured to route all hostnames to the central Nginx.
|
|
|
|
---
|
|
|
|
## Configuration Steps
|
|
|
|
### 1. Access Tunnel Configuration
|
|
|
|
1. Go to: https://one.dash.cloudflare.com/
|
|
2. Navigate to: **Zero Trust** → **Networks** → **Tunnels**
|
|
3. Click on the tunnel: **rpc-http-pub.d-bis.org** (Tunnel ID: `10ab22da-8ea3-4e2e-a896-27ece2211a05`)
|
|
4. Click **Configure** button
|
|
|
|
### 2. Configure Public Hostnames
|
|
|
|
In the **Public Hostnames** section, configure all hostnames to route to the central Nginx:
|
|
|
|
**Target**: `http://192.168.11.21:80`
|
|
|
|
#### Required Hostname Configurations:
|
|
|
|
| Hostname | Service Type | Target |
|
|
|----------|--------------|--------|
|
|
| `explorer.d-bis.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `rpc-http-pub.d-bis.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `rpc-ws-pub.d-bis.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `rpc-http-prv.d-bis.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `rpc-ws-prv.d-bis.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `dbis-admin.d-bis.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `dbis-api.d-bis.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `dbis-api-2.d-bis.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `mim4u.org` | HTTP | `http://192.168.11.21:80` |
|
|
| `www.mim4u.org` | HTTP | `http://192.168.11.21:80` |
|
|
|
|
### 3. Configuration Details
|
|
|
|
For each hostname:
|
|
|
|
1. **Subdomain**: Enter the subdomain (e.g., `explorer`, `rpc-http-pub`)
|
|
2. **Domain**: Select `d-bis.org` (or enter `mim4u.org` for those domains)
|
|
3. **Service**: Select `HTTP`
|
|
4. **URL**: Enter `192.168.11.21:80`
|
|
5. **Save** the configuration
|
|
|
|
### 4. Add Catch-All Rule (Optional but Recommended)
|
|
|
|
Add a catch-all rule at the end:
|
|
|
|
- **Service**: `HTTP 404: Not Found`
|
|
- This handles any unmatched hostnames
|
|
|
|
---
|
|
|
|
## Expected Configuration (YAML Format)
|
|
|
|
The tunnel configuration should look like this:
|
|
|
|
```yaml
|
|
ingress:
|
|
# Explorer
|
|
- hostname: explorer.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
|
|
# RPC Public
|
|
- hostname: rpc-http-pub.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
|
|
- hostname: rpc-ws-pub.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
|
|
# RPC Private
|
|
- hostname: rpc-http-prv.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
|
|
- hostname: rpc-ws-prv.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
|
|
# DBIS Services
|
|
- hostname: dbis-admin.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
|
|
- hostname: dbis-api.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
|
|
- hostname: dbis-api-2.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
|
|
# Miracles In Motion
|
|
- hostname: mim4u.org
|
|
service: http://192.168.11.21:80
|
|
|
|
- hostname: www.mim4u.org
|
|
service: http://192.168.11.21:80
|
|
|
|
# Catch-all
|
|
- service: http_status:404
|
|
```
|
|
|
|
---
|
|
|
|
## After Configuration
|
|
|
|
1. **Save** the configuration in Cloudflare dashboard
|
|
2. Wait 1-2 minutes for the tunnel to reload
|
|
3. Check tunnel status - it should change from **DOWN** to **HEALTHY**
|
|
4. Test endpoints:
|
|
```bash
|
|
curl https://explorer.d-bis.org/api/v2/stats
|
|
curl -X POST https://rpc-http-pub.d-bis.org \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
|
|
```
|
|
|
|
---
|
|
|
|
## Troubleshooting
|
|
|
|
### Tunnel Still DOWN After Configuration
|
|
|
|
1. **Check cloudflared service**:
|
|
```bash
|
|
ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared"
|
|
```
|
|
|
|
2. **Check tunnel logs**:
|
|
```bash
|
|
ssh root@192.168.11.12 "pct exec 102 -- journalctl -u cloudflared -n 50"
|
|
```
|
|
|
|
3. **Verify Nginx is accessible**:
|
|
```bash
|
|
curl http://192.168.11.21:80
|
|
```
|
|
|
|
4. **Restart cloudflared** (if needed):
|
|
```bash
|
|
ssh root@192.168.11.12 "pct exec 102 -- systemctl restart cloudflared"
|
|
```
|
|
|
|
### Service Not Routing Correctly
|
|
|
|
1. Verify Nginx configuration on VMID 105:
|
|
```bash
|
|
ssh root@192.168.11.12 "pct exec 105 -- cat /data/nginx/custom/http.conf"
|
|
```
|
|
|
|
2. Test Nginx routing directly:
|
|
```bash
|
|
curl -H "Host: explorer.d-bis.org" http://192.168.11.21/
|
|
```
|
|
|
|
3. Check Nginx logs:
|
|
```bash
|
|
ssh root@192.168.11.12 "pct exec 105 -- tail -f /data/logs/fallback_error.log"
|
|
```
|
|
|
|
---
|
|
|
|
## Notes
|
|
|
|
- **Central Nginx IP**: `192.168.11.21` (VMID 105)
|
|
- **Central Nginx Port**: `80` (HTTP)
|
|
- **All SSL/TLS termination**: Handled by Cloudflare
|
|
- **Internal routing**: Nginx routes based on `Host` header to appropriate internal services
|
|
|
|
---
|
|
|
|
**Last Updated**: December 27, 2025
|
|
|