d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/docs/archive/fixes/NGINX_BESU_CLOUDFLARED_FIX_SUMMARY.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

5.3 KiB
Raw Blame History

Nginx, Besu, and Cloudflared Fix Summary

Date: 2025-01-27
Status: ⚠️ In Progress - Nginx Fixed, Besu Configuration Issues, Cloudflared Routing Updated

Completed Fixes

1. Nginx Configuration on VMID 2502

Status: COMPLETE

  • Added public endpoint server blocks for rpc-http-pub.d-bis.org and rpc-ws-pub.d-bis.org
  • Configured WITHOUT JWT authentication (public endpoints)
  • Using existing SSL certificates (/etc/nginx/ssl/rpc.crt and rpc.key)
  • Configuration tested and valid
  • Nginx is running and ready

Configuration File: /etc/nginx/sites-available/rpc on VMID 2502

2. Cloudflared Tunnel Routing

Status: SCRIPT UPDATED

Updated the setup script to route public endpoints to VMID 2502:

File: scripts/setup-cloudflare-tunnel-rpc.sh

Changes:

  • Changed rpc-http-pub.d-bis.org routing from https://192.168.11.251:443 (VMID 2501) to https://192.168.11.252:443 (VMID 2502)
  • Changed rpc-ws-pub.d-bis.org routing from https://192.168.11.251:443 to https://192.168.11.252:443

Note: If Cloudflared is managed via Cloudflare Dashboard, you'll need to update it there manually:

  1. Go to Cloudflare Zero Trust → Networks → Tunnels
  2. Select your tunnel
  3. Find rpc-http-pub.d-bis.org and rpc-ws-pub.d-bis.org
  4. Change service to https://192.168.11.252:443
  5. Save and wait for tunnel to update

3. Besu Configuration Fixes ⚠️

Status: ⚠️ IN PROGRESS

Fixed Issues:

  • Genesis file path: Changed from /genesis/genesis.json to /etc/besu/genesis.json
  • Static nodes path: Changed from /genesis/static-nodes.json to /etc/besu/static-nodes.json
  • Sync mode conflict: Removed fast-sync-min-peers (incompatible with FULL sync mode)
  • Legacy transaction pool options: Removed tx-pool, tx-pool-max-size, tx-pool-hash-block-size, tx-pool-max-pending-transactions, tx-pool-price-bump, tx-pool-retention-hours

⚠️ Remaining Issue:

Besu is still failing to start. Need to check for additional configuration conflicts.

Configuration File: /etc/besu/config-rpc-public.toml on VMID 2502

🔧 Remaining Tasks

1. Fix Besu Configuration Issues

Check for additional configuration problems:

ssh root@192.168.11.10 "pct exec 2502 -- timeout 5 /opt/besu/bin/besu --config-file=/etc/besu/config-rpc-public.toml 2>&1"

Common issues to check:

  • Incompatible option combinations
  • Missing required options
  • Invalid values

2. Verify Cloudflared Tunnel Routing

If managed locally:

  • The script has been updated
  • Run the script to apply changes: ./scripts/setup-cloudflare-tunnel-rpc.sh <TOKEN>
  • Restart cloudflared service

If managed via Cloudflare Dashboard:

  • Update routing manually in dashboard (see instructions above)
  • Wait a few minutes for changes to propagate

3. Test End-to-End

Once Besu is running:

# Test direct Besu connection
ssh root@192.168.11.10 "pct exec 2502 -- curl -s -X POST http://127.0.0.1:8545 -H 'Content-Type: application/json' -d '{\"jsonrpc\":\"2.0\",\"method\":\"eth_chainId\",\"params\":[],\"id\":1}'"

# Test through Nginx (local)
ssh root@192.168.11.10 "pct exec 2502 -- curl -k -s -X POST https://localhost -H 'Host: rpc-http-pub.d-bis.org' -H 'Content-Type: application/json' -d '{\"jsonrpc\":\"2.0\",\"method\":\"eth_chainId\",\"params\":[],\"id\":1}'"

# Test from external
curl -X POST https://rpc-http-pub.d-bis.org -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Expected Response: {"jsonrpc":"2.0","id":1,"result":"0x8a"}

📋 Configuration Summary

VMID 2502 (Public RPC Node)

Nginx:

  • Public endpoints configured: rpc-http-pub.d-bis.org, rpc-ws-pub.d-bis.org
  • No JWT authentication required
  • SSL certificates configured
  • CORS headers enabled for MetaMask compatibility

Besu:

  • ⚠️ Configuration issues being resolved
  • Genesis file path fixed
  • Sync mode conflicts resolved
  • Legacy transaction pool options removed

Routing:

  • Cloudflare → Cloudflared Tunnel → 192.168.11.252:443 (VMID 2502) → Nginx → Besu RPC

🎯 Next Steps

  1. DONE: Nginx configured for public endpoints
  2. DONE: Cloudflared routing script updated
  3. TODO: Fix remaining Besu configuration issues
  4. TODO: Verify Cloudflared tunnel is routing to VMID 2502
  5. TODO: Test end-to-end connection from external

📞 Troubleshooting

If Besu Still Won't Start

  1. Check Besu logs: journalctl -u besu-rpc -n 50
  2. Run Besu manually to see full error: /opt/besu/bin/besu --config-file=/etc/besu/config-rpc-public.toml
  3. Check for option incompatibilities in Besu documentation
  4. Compare working config from another VMID

If Cloudflared Not Routing Correctly

  1. Verify tunnel is running: systemctl status cloudflared
  2. Check tunnel logs for connection issues
  3. Verify DNS records point to tunnel
  4. Test tunnel connectivity from Cloudflare dashboard

If External Test Fails

  1. Verify Besu is running and responding locally
  2. Verify Nginx is running and configured correctly
  3. Verify Cloudflared tunnel is routing to correct VMID
  4. Check firewall rules allow traffic on port 443

Last Updated: 2025-01-27

Reference in New Issue View Git Blame Copy Permalink