d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fa5de3ba0110f8f6c19d43df484a805dc1d857f0
proxmox/docs/04-configuration/TUNNEL_CONFIG_VERIFIED.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

144 lines
4.3 KiB
Markdown
Raw Blame History

# Tunnel Configuration Verified ✅
**Last Updated:** 2026-01-31
**Document Version:** 1.0
**Status:** Active Documentation
---
## Configuration Status
Your Cloudflare tunnel configuration looks **correct**! All 10 routes are properly configured.
## Configured Routes
| # | Hostname | Service | Target | Origin Config |
|---|----------|---------|--------|---------------|
| 1 | explorer.d-bis.org | HTTP | http://192.168.11.21:80 | - |
| 2 | rpc-http-pub.d-bis.org | HTTP | http://192.168.11.21:80 | - |
| 3 | rpc-http-prv.d-bis.org | HTTP | http://192.168.11.21:80 | - |
| 4 | dbis-admin.d-bis.org | HTTP | http://192.168.11.21:80 | - |
| 5 | dbis-api.d-bis.org | HTTP | http://192.168.11.21:80 | - |
| 6 | dbis-api-2.d-bis.org | HTTP | http://192.168.11.21:80 | - |
| 7 | mim4u.org | HTTP | http://192.168.11.21:80 | - |
| 8 | www.mim4u.org | HTTP | http://192.168.11.21:80 | - |
| 9 | rpc-ws-pub.d-bis.org | HTTP | http://192.168.11.21:80 | noTLSVerify, httpHostHeader |
| 10 | rpc-ws-prv.d-bis.org | HTTP | http://192.168.11.21:80 | noTLSVerify, httpHostHeader |
## Important Notes
### ✅ Configuration is Correct
- All routes point to correct target: `http://192.168.11.21:80`
- WebSocket routes have proper origin configurations
- All hostnames are configured
### ⚠️ Domain Difference Noted
- **Tunnel Config**: Uses `mim4u.org` and `www.mim4u.org` (root domain)
- **DNS Zone**: Had `mim4u.org.d-bis.org` (subdomain)
**This is correct** if `mim4u.org` is a separate domain in Cloudflare (which it is).
### Missing: Catch-All Rule
I don't see a catch-all rule in your list. It's recommended to add:
- **Path**: `*`
- **Service**: `HTTP 404: Not Found`
- **Must be last** in the list
This handles any unmatched requests gracefully.
## Next Steps
### 1. Verify Tunnel Status
Check in Cloudflare Dashboard:
- Go to: Zero Trust → Networks → Tunnels
- Find tunnel: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
- Status should be **HEALTHY** (not DOWN)
### 2. Test Endpoints
Run the verification script:
```bash
./verify-tunnel-config.sh
```
Or test manually:
```bash
curl -I https://explorer.d-bis.org
curl -I https://rpc-http-pub.d-bis.org
curl -I https://dbis-admin.d-bis.org
curl -I https://dbis-api.d-bis.org
curl -I https://mim4u.org
```
### 3. If Tunnels Are Still DOWN
The configuration is correct, but the tunnel connector may not be running:
```bash
# Check container status
ssh root@192.168.11.12 "pct status 102"
# Check tunnel service
ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared"
# Start if needed
ssh root@192.168.11.12 "pct exec 102 -- systemctl start cloudflared"
```
### 4. Add Catch-All Rule (Recommended)
In Cloudflare Dashboard:
1. Go to tunnel configuration
2. Add new route:
- **Path**: `*`
- **Service**: `HTTP 404: Not Found`
3. **Move it to the bottom** (must be last)
4. Save
## Configuration Summary
**Routes**: 10 configured
**Target**: All correct (`http://192.168.11.21:80`)
**WebSocket**: Proper origin config
⚠️ **Catch-all**: Missing (recommended to add)
**Status**: Check if tunnel connector is running
## Troubleshooting
### If Endpoints Don't Work
1. **Tunnel Status**: Check if tunnel shows HEALTHY in dashboard
2. **Container**: Verify VMID 102 is running
3. **Service**: Check cloudflared service is running
4. **Nginx**: Verify Nginx is accessible at 192.168.11.21:80
5. **DNS**: Check DNS records point to tunnel
### Common Issues
- **Tunnel DOWN**: Container/service not running
- **404 Errors**: Nginx not configured for hostname
- **502 Errors**: Nginx not accessible or down
- **Timeout**: Network connectivity issues
## Verification Checklist
- [x] All 10 routes configured
- [x] All routes point to correct target
- [x] WebSocket routes have origin config
- [ ] Catch-all rule added (recommended)
- [ ] Tunnel status is HEALTHY
- [ ] Container (VMID 102) is running
- [ ] cloudflared service is running
- [ ] Endpoints are accessible
## Summary
Your tunnel configuration is **correct**! The routes are properly set up. If tunnels are still DOWN, the issue is likely:
- Tunnel connector (cloudflared) not running in VMID 102
- Container not started
- Network connectivity issues
The configuration itself is perfect - you just need to ensure the tunnel connector is running to establish the connection.
Reference in New Issue View Git Blame Copy Permalink