2025-12-21 22:32:09 -08:00
#!/usr/bin/env bash
# Setup Cloudflare Tunnel for RPC endpoints on VMID 102
# Usage: ./setup-cloudflare-tunnel-rpc.sh <TUNNEL_TOKEN>
# Example: ./setup-cloudflare-tunnel-rpc.sh eyJhIjoiNT...
set -euo pipefail
SCRIPT_DIR = " $( cd " $( dirname " ${ BASH_SOURCE [0] } " ) " && pwd ) "
PROXMOX_HOST = " ${ PROXMOX_HOST :- 192 .168.11.10 } "
CLOUDFLARED_VMID = " ${ CLOUDFLARED_VMID :- 102 } "
# Colors for output
RED = '\033[0;31m'
GREEN = '\033[0;32m'
YELLOW = '\033[1;33m'
NC = '\033[0m' # No Color
info( ) { echo -e " ${ GREEN } [INFO] ${ NC } $1 " ; }
warn( ) { echo -e " ${ YELLOW } [WARN] ${ NC } $1 " ; }
error( ) { echo -e " ${ RED } [ERROR] ${ NC } $1 " ; }
# Check if token provided
if [ [ $# -eq 0 ] ] ; then
error "Tunnel token required!"
echo ""
echo " Usage: $0 <TUNNEL_TOKEN> "
echo ""
echo "Get your token from Cloudflare Dashboard:"
echo " Zero Trust → Networks → Tunnels → Create tunnel → Copy token"
echo ""
exit 1
fi
TUNNEL_TOKEN = " $1 "
info "Setting up Cloudflare Tunnel for RPC endpoints..."
info " Proxmox Host: $PROXMOX_HOST "
info " Cloudflared Container: VMID $CLOUDFLARED_VMID "
echo ""
# Check if container is running
STATUS = $( ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct status $CLOUDFLARED_VMID 2>/dev/null | awk '{print \$2}' " 2>/dev/null || echo "unknown" )
if [ [ " $STATUS " != "running" ] ] ; then
error " Container $CLOUDFLARED_VMID is not running (status: $STATUS ) "
exit 1
fi
# Check if cloudflared is installed
if ! ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- which cloudflared >/dev/null 2>&1 " ; then
info "Installing cloudflared..."
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- bash -c '
mkdir -p --mode= 0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-public-v2.gpg | tee /usr/share/keyrings/cloudflare-public-v2.gpg >/dev/null
echo \" deb [ signed-by= /usr/share/keyrings/cloudflare-public-v2.gpg] https://pkg.cloudflare.com/cloudflared any main\" | tee /etc/apt/sources.list.d/cloudflared.list
apt-get update -qq && apt-get install -y -qq cloudflared
' " || {
error "Failed to install cloudflared"
exit 1
}
info "✓ cloudflared installed"
else
info "✓ cloudflared already installed"
fi
# Stop existing cloudflared service if running
info "Stopping existing cloudflared service..."
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- systemctl stop cloudflared 2>/dev/null || true "
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- systemctl disable cloudflared 2>/dev/null || true "
# Install tunnel service with token
info "Installing tunnel service with token..."
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- cloudflared service install $TUNNEL_TOKEN " || {
error "Failed to install tunnel service"
exit 1
}
info "✓ Tunnel service installed"
# Create tunnel configuration file
info "Creating tunnel configuration for RPC endpoints..."
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- bash " <<'EOF'
cat > /etc/cloudflared/config.yml <<'CONFIG'
# Cloudflare Tunnel Configuration for RPC Endpoints
# This file is auto-generated. Manual edits may be overwritten.
ingress:
# Public HTTP RPC
- hostname: rpc-http-pub.d-bis.org
2026-01-06 01:46:25 -08:00
service: https://192.168.11.252:443
2025-12-21 22:32:09 -08:00
originRequest:
noHappyEyeballs: true
connectTimeout: 30s
tcpKeepAlive: 30s
keepAliveConnections: 100
keepAliveTimeout: 90s
# Public WebSocket RPC
- hostname: rpc-ws-pub.d-bis.org
2026-01-06 01:46:25 -08:00
service: https://192.168.11.252:443
2025-12-21 22:32:09 -08:00
originRequest:
noHappyEyeballs: true
connectTimeout: 30s
tcpKeepAlive: 30s
keepAliveConnections: 100
keepAliveTimeout: 90s
httpHostHeader: rpc-ws-pub.d-bis.org
# Private HTTP RPC
- hostname: rpc-http-prv.d-bis.org
service: https://192.168.11.252:443
originRequest:
noHappyEyeballs: true
connectTimeout: 30s
tcpKeepAlive: 30s
keepAliveConnections: 100
keepAliveTimeout: 90s
# Private WebSocket RPC
- hostname: rpc-ws-prv.d-bis.org
service: https://192.168.11.252:443
originRequest:
noHappyEyeballs: true
connectTimeout: 30s
tcpKeepAlive: 30s
keepAliveConnections: 100
keepAliveTimeout: 90s
httpHostHeader: rpc-ws-prv.d-bis.org
# Catch-all (must be last)
- service: http_status:404
CONFIG
chmod 600 /etc/cloudflared/config.yml
EOF
if [ [ $? -eq 0 ] ] ; then
info "✓ Tunnel configuration created"
else
error "Failed to create tunnel configuration"
exit 1
fi
# Enable and start tunnel service
info "Enabling and starting tunnel service..."
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- systemctl enable cloudflared " || {
warn "Failed to enable service (may already be enabled)"
}
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- systemctl start cloudflared " || {
error "Failed to start tunnel service"
exit 1
}
# Wait a moment for service to start
sleep 2
# Check service status
info "Checking tunnel service status..."
STATUS = $( ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- systemctl is-active cloudflared 2>/dev/null " || echo "inactive" )
if [ [ " $STATUS " = = "active" ] ] ; then
info "✓ Tunnel service is running"
else
error "Tunnel service is not active"
warn "Checking logs..."
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- journalctl -u cloudflared -n 20 --no-pager "
exit 1
fi
# Show tunnel info
info "Tunnel information:"
ssh -o ConnectTimeout = 5 -o StrictHostKeyChecking = no root@${ PROXMOX_HOST } \
" pct exec $CLOUDFLARED_VMID -- cloudflared tunnel info 2>/dev/null | head -10 " || {
warn "Could not retrieve tunnel info (may need a moment to connect)"
}
echo ""
info "Cloudflare Tunnel setup complete!"
echo ""
info "Next steps:"
echo " 1. Configure DNS records in Cloudflare:"
echo " - rpc-http-pub.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)"
echo " - rpc-ws-pub.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)"
echo " - rpc-http-prv.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)"
echo " - rpc-ws-prv.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)"
echo ""
echo " 2. Verify tunnel status in Cloudflare Dashboard:"
echo " Zero Trust → Networks → Tunnels → Your Tunnel"
echo ""
echo " 3. Test endpoints:"
echo " curl https://rpc-http-pub.d-bis.org/health"
echo ""
info "To view tunnel logs:"
echo " ssh root@ $PROXMOX_HOST 'pct exec $CLOUDFLARED_VMID -- journalctl -u cloudflared -f' "
