d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
f0f0a4bb844eefe6c19e9568c3af9b2d387e5a2e
proxmox/reports/status/VMID2400_TUNNEL_ROUTING_COMPLETE.md
defiQUG 9c37af10c0 Complete optional next steps: fix references and consolidate duplicates 
- Fixed 104 broken references in 59 files
- Consolidated 40+ duplicate status files
- Archived duplicates to reports/archive/duplicates/
- Created scripts for reference fixing and consolidation
- Updated content inconsistency reports

All optional cleanup tasks complete.
2026-01-06 02:25:38 -08:00

4.8 KiB
Raw Blame History

VMID 2400 Tunnel Routing Configuration - Complete

Date: 2026-01-04
Status: CONFIGURED
Tunnel ID: 26138c21-db00-4a02-95db-ec75c07bda5b
Domain: rpc.public-0138.defi-oracle.io

Configuration Complete

Tunnel Routing

https://rpc.public-0138.defi-oracle.io (HTTPS)
    ↓
Cloudflare Edge (SSL Termination)
    ↓
Cloudflare Tunnel (encrypted)
    ↓
cloudflared (VMID 2400)
    ↓
http://127.0.0.1:80 (Nginx on VMID 2400)
    ↓
Nginx Routing:
    ├─ HTTP requests → http://127.0.0.1:8545 (Besu HTTP RPC)
    └─ WebSocket requests → http://127.0.0.1:8546 (Besu WebSocket RPC)

Port Mapping

Public Endpoint Protocol Internal Port Service
https://rpc.public-0138.defi-oracle.io HTTPS 8545 Besu HTTP RPC
wss://rpc.public-0138.defi-oracle.io WSS 8546 Besu WebSocket RPC

Configuration Details

Cloudflare Tunnel Configuration

Tunnel ID: 26138c21-db00-4a02-95db-ec75c07bda5b
Status: Healthy
Location: VMID 2400 (192.168.11.10)

Ingress Rules:

ingress:
  - hostname: info.defi-oracle.io
    service: http://127.0.0.1:80
  
  - hostname: rpc.public-0138.defi-oracle.io
    service: http://127.0.0.1:80
    originRequest:
      httpHostHeader: rpc.public-0138.defi-oracle.io
  
  - service: http_status:404

Nginx Configuration

File: /etc/nginx/sites-available/rpc-thirdweb
Status: Active and running

Key Features:

  • Listens on port 80 (HTTP) for Cloudflare tunnel
  • Listens on port 443 (HTTPS) for direct connections
  • Routes HTTP requests to 127.0.0.1:8545 (Besu HTTP RPC)
  • Routes WebSocket requests to 127.0.0.1:8546 (Besu WebSocket RPC)
  • Detects WebSocket via $http_upgrade header
  • Cloudflare Origin Certificate configured for SSL/TLS

Cloudflare SSL/TLS Settings

SSL Mode: full
Status: Correctly configured for tunnel connections

Service Status

Working Components

  • Cloudflared Service: Running on VMID 2400
  • Tunnel Status: Healthy
  • Besu RPC: Responding on port 8545 (Chain ID: 0x8a / 138)
  • Nginx: Running and configured
  • Tunnel Configuration: Updated via API

⚠️ Known Issue

SSL Handshake Failure: Public endpoint https://rpc.public-0138.defi-oracle.io is experiencing SSL handshake failures from external clients.

Possible Causes:

  1. Cloudflare SSL/TLS mode may need adjustment
  2. DNS propagation delay
  3. Cloudflare edge cache needs refresh

Resolution Steps:

  1. Verify DNS record is proxied (orange cloud) in Cloudflare dashboard
  2. Check Cloudflare SSL/TLS settings (should be "Full" or "Full (strict)")
  3. Wait 5-15 minutes for DNS/SSL propagation
  4. Clear Cloudflare cache if needed

Testing

Local Testing (from VMID 2400)

# Test Besu RPC directly
curl -X POST http://127.0.0.1:8545 \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# Expected: {"jsonrpc":"2.0","id":1,"result":"0x8a"}

# Test via Nginx
curl -X POST http://127.0.0.1:80 \
  -H 'Host: rpc.public-0138.defi-oracle.io' \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Public Testing

# Test HTTP RPC endpoint
curl -X POST https://rpc.public-0138.defi-oracle.io \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

# Test WebSocket endpoint (using wscat or similar)
wscat -c wss://rpc.public-0138.defi-oracle.io

Architecture Summary

  1. Cloudflare Tunnel: Handles SSL termination and encrypted connection to origin
  2. Nginx: Routes traffic based on protocol (HTTP → 8545, WebSocket → 8546)
  3. Besu RPC: Provides blockchain RPC services on ports 8545 (HTTP) and 8546 (WebSocket)

Maintenance

Update Tunnel Configuration

cd /home/intlc/projects/proxmox
bash scripts/update-vmid2400-tunnel-config.sh

Reload Nginx

ssh root@192.168.11.10 "pct exec 2400 -- nginx -s reload"

Check Tunnel Status

# Via API
curl -X GET "https://api.cloudflare.com/client/v4/accounts/${ACCOUNT_ID}/cfd_tunnel/26138c21-db00-4a02-95db-ec75c07bda5b" \
  -H "Authorization: Bearer ${API_TOKEN}"

# Via cloudflared logs
ssh root@192.168.11.10 "pct exec 2400 -- journalctl -u cloudflared -f"

Related Documentation

Last Updated: 2026-01-04
Configuration Status: Complete
Next Action: Resolve SSL handshake issue in Cloudflare dashboard

Reference in New Issue View Git Blame Copy Permalink