d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/backups/dependency_updates_20260105_153458/CENTRAL_NGINX_ROUTING_SETUP.md.bak
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

215 lines
6.5 KiB
Markdown
Raw Permalink Blame History

# Central Nginx Routing Setup - Complete
**Last Updated:** 2025-12-27
**Document Version:** 1.0
**Status:** Active Documentation
---
## Architecture
```
Internet → Cloudflare → cloudflared (VMID 102) → Nginx Proxy Manager (VMID 105:80) → Internal Services
```
All Cloudflare tunnel traffic now routes through a single Nginx instance (VMID 105) which then routes to internal services based on hostname.
---
## Configuration Complete
### ✅ Nginx Proxy Manager (VMID 105)
**IP Address**: `192.168.11.21`
**Configuration File**: `/data/nginx/custom/http.conf`
**Status**: Active and running
**Services Configured**:
| Domain | Routes To | Service IP | Service Port |
|--------|-----------|------------|--------------|
| `explorer.d-bis.org` | `http://192.168.11.140:80` | 192.168.11.140 | 80 |
| `rpc-http-pub.d-bis.org` | `https://192.168.11.252:443` | 192.168.11.252 | 443 |
| `rpc-ws-pub.d-bis.org` | `https://192.168.11.252:443` | 192.168.11.252 | 443 |
| `rpc-http-prv.d-bis.org` | `https://192.168.11.251:443` | 192.168.11.251 | 443 |
| `rpc-ws-prv.d-bis.org` | `https://192.168.11.251:443` | 192.168.11.251 | 443 |
| `dbis-admin.d-bis.org` | `http://192.168.11.130:80` | 192.168.11.130 | 80 |
| `dbis-api.d-bis.org` | `http://192.168.11.290:3000` | 192.168.11.290 | 3000 |
| `dbis-api-2.d-bis.org` | `http://192.168.11.291:3000` | 192.168.11.291 | 3000 |
| `mim4u.org` | `http://192.168.11.19:80` | 192.168.11.19 | 80 |
| `www.mim4u.org` | `http://192.168.11.19:80` | 192.168.11.19 | 80 |
---
## Cloudflare Tunnel Configuration
### ⚠️ Action Required: Update Cloudflare Dashboard
Since the tunnel uses token-based configuration, you need to update the tunnel ingress rules in the Cloudflare dashboard:
1. Go to: https://one.dash.cloudflare.com/
2. Navigate to: **Zero Trust****Networks****Tunnels**
3. Select your tunnel (ID: `b02fe1fe-cb7d-484e-909b-7cc41298ebe8`)
4. Click **Configure****Public Hostnames**
5. Update all hostnames to route to: `http://192.168.11.21:80`
### Required Tunnel Ingress Rules
All hostnames should route to the central Nginx:
```yaml
ingress:
# Explorer
- hostname: explorer.d-bis.org
service: http://192.168.11.21:80
# RPC Public
- hostname: rpc-http-pub.d-bis.org
service: http://192.168.11.21:80
- hostname: rpc-ws-pub.d-bis.org
service: http://192.168.11.21:80
# RPC Private
- hostname: rpc-http-prv.d-bis.org
service: http://192.168.11.21:80
- hostname: rpc-ws-prv.d-bis.org
service: http://192.168.11.21:80
# DBIS Services
- hostname: dbis-admin.d-bis.org
service: http://192.168.11.21:80
- hostname: dbis-api.d-bis.org
service: http://192.168.11.21:80
- hostname: dbis-api-2.d-bis.org
service: http://192.168.11.21:80
# Miracles In Motion
- hostname: mim4u.org
service: http://192.168.11.21:80
- hostname: www.mim4u.org
service: http://192.168.11.21:80
# Catch-all
- service: http_status:404
```
---
## Testing
### Test Nginx Routing Locally
```bash
# Test Explorer
curl -H "Host: explorer.d-bis.org" http://192.168.11.21/
# Test RPC Public HTTP
curl -H "Host: rpc-http-pub.d-bis.org" http://192.168.11.21/ \
-X POST -H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
```
### Test Through Cloudflare (After Tunnel Update)
```bash
# Test Explorer
curl https://explorer.d-bis.org/
# Test RPC Public
curl -X POST https://rpc-http-pub.d-bis.org \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
```
---
## Benefits
1. **Single Point of Configuration**: All routing logic in one place (VMID 105)
2. **Simplified Management**: No need to update multiple Nginx instances
3. **Centralized Logging**: All traffic logs in one location
4. **Easier Troubleshooting**: Single point to check routing issues
5. **Consistent Configuration**: All services follow the same routing pattern
---
## Maintenance
### View Nginx Configuration
```bash
ssh root@192.168.11.12 "pct exec 105 -- cat /data/nginx/custom/http.conf"
```
### Reload Nginx Configuration
```bash
ssh root@192.168.11.12 "pct exec 105 -- systemctl restart npm"
```
### Add New Service
1. Edit `/data/nginx/custom/http.conf` on VMID 105
2. Add new `server` block with appropriate `server_name` and `proxy_pass`
3. Test: `nginx -t`
4. Reload: `systemctl restart npm`
5. Update Cloudflare tunnel to route new hostname to `http://192.168.11.21:80`
---
## Troubleshooting
### Service Not Routing Correctly
1. Check Nginx configuration: `pct exec 105 -- nginx -t`
2. Check service status: `pct exec 105 -- systemctl status npm`
3. Check Nginx logs: `pct exec 105 -- tail -f /data/logs/fallback_error.log`
4. Verify internal service is accessible: `curl http://<service-ip>:<port>`
### Cloudflare Tunnel Not Connecting
1. Check tunnel status: `pct exec 102 -- systemctl status cloudflared`
2. Verify tunnel configuration in Cloudflare dashboard
3. Check tunnel logs: `pct exec 102 -- journalctl -u cloudflared -n 50`
---
## Next Steps
1. ✅ Nginx configuration deployed
2.**Update Cloudflare tunnel configuration** (see above)
3. ⏳ Test all endpoints after tunnel update
4. ⏳ Monitor logs for any routing issues
---
**Configuration File Location**: `/data/nginx/custom/http.conf` on VMID 105
---
## Related Documentation
> **Master Reference:** For a consolidated view of all Cloudflare routing, see **[CLOUDFLARE_ROUTING_MASTER.md](CLOUDFLARE_ROUTING_MASTER.md)** ⭐⭐⭐.
### Setup Guides
- **[../04-configuration/cloudflare/CLOUDFLARE_ZERO_TRUST_GUIDE.md](../04-configuration/cloudflare/CLOUDFLARE_ZERO_TRUST_GUIDE.md)** ⭐⭐⭐ - Complete Cloudflare Zero Trust setup
- **[../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_INSTALLATION.md](../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_INSTALLATION.md)** ⭐⭐ - Tunnel installation procedures
- **[../04-configuration/cloudflare/CLOUDFLARE_DNS_TO_CONTAINERS.md](../04-configuration/cloudflare/CLOUDFLARE_DNS_TO_CONTAINERS.md)** ⭐⭐⭐ - DNS mapping to containers
### Architecture Documents
- **[CLOUDFLARE_TUNNEL_ROUTING_ARCHITECTURE.md](CLOUDFLARE_TUNNEL_ROUTING_ARCHITECTURE.md)** ⭐⭐⭐ - Complete Cloudflare tunnel routing architecture
- **[CLOUDFLARE_NGINX_INTEGRATION.md](CLOUDFLARE_NGINX_INTEGRATION.md)** ⭐⭐ - Cloudflare + NGINX integration
- **[NGINX_ARCHITECTURE_RPC.md](NGINX_ARCHITECTURE_RPC.md)** ⭐⭐ - NGINX RPC architecture
---
**Last Updated:** 2025-12-27
**Document Version:** 1.0
**Review Cycle:** Quarterly
Reference in New Issue View Git Blame Copy Permalink