fbda1b4beb
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
3.5 KiB
Solution: Fix Tunnels Without SSH Access
Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation
Problem
- All 6 Cloudflare tunnels are DOWN
- Cannot access Proxmox network via SSH (network segmentation)
- SSH tunnel setup fails (can't connect to establish tunnel)
Solution: Cloudflare Dashboard ⭐ EASIEST
No SSH needed! Configure tunnels directly in Cloudflare Dashboard.
Step-by-Step
-
Access Dashboard
- Go to: https://one.dash.cloudflare.com/
- Sign in
- Navigate to: Zero Trust → Networks → Tunnels
-
For Each Tunnel (6 total):
- Click on tunnel name
- Click Configure button
- Go to Public Hostnames tab
- Add/Edit hostname configurations
- Save
-
Wait 1-2 Minutes
- Tunnels should reconnect automatically
- Status should change from DOWN to HEALTHY
Tunnel Configuration Details
Shared Tunnel (Most Important)
Tunnel: rpc-http-pub.d-bis.org (ID: 10ab22da-8ea3-4e2e-a896-27ece2211a05)
Add these 9 hostnames (all pointing to http://192.168.11.21:80):
dbis-admin.d-bis.orgdbis-api.d-bis.orgdbis-api-2.d-bis.orgmim4u.org.d-bis.orgwww.mim4u.org.d-bis.orgrpc-http-prv.d-bis.orgrpc-http-pub.d-bis.orgrpc-ws-prv.d-bis.orgrpc-ws-pub.d-bis.org
Important: Add catch-all rule (HTTP 404) as the LAST entry.
Proxmox Tunnels
Each needs one hostname pointing to HTTPS:
| Tunnel | Hostname | Target |
|---|---|---|
| tunnel-ml110 | ml110-01.d-bis.org | https://192.168.11.10:8006 |
| tunnel-r630-01 | r630-01.d-bis.org | https://192.168.11.11:8006 |
| tunnel-r630-02 | r630-02.d-bis.org | https://192.168.11.12:8006 |
Options: Enable "No TLS Verify" (Proxmox uses self-signed certs)
Other Tunnels
explorer.d-bis.org→http://192.168.11.21:80mim4u-tunnel→http://192.168.11.21:80
Why This Works
Cloudflare tunnels use outbound connections from your infrastructure to Cloudflare. The configuration in the dashboard tells Cloudflare how to route traffic. Even if the tunnel connector (cloudflared) is down, once it reconnects, it will use the dashboard configuration.
If Dashboard Method Doesn't Work
If tunnels remain DOWN after dashboard configuration, the tunnel connector (cloudflared in VMID 102) is likely not running. You need physical/network access to:
Option 1: Physical Access to Proxmox Host
# Direct console access to 192.168.11.12
pct start 102
pct exec 102 -- systemctl start cloudflared-*
pct exec 102 -- systemctl status cloudflared-*
Option 2: VPN Access
If you have VPN access to 192.168.11.0/24 network:
# Connect via VPN first, then:
ssh root@192.168.11.12 "pct start 102"
ssh root@192.168.11.12 "pct exec 102 -- systemctl start cloudflared-*"
Option 3: Cloudflare Tunnel Token Method
If you can get new tunnel tokens from Cloudflare Dashboard:
- Go to tunnel → Configure
- Download new token/credentials
- Deploy to container (requires access)
Verification
After configuring in dashboard:
# Wait 1-2 minutes, then test:
curl -I https://ml110-01.d-bis.org
curl -I https://r630-01.d-bis.org
curl -I https://explorer.d-bis.org
curl -I https://rpc-http-pub.d-bis.org
Summary
✅ Best Method: Cloudflare Dashboard (no SSH needed)
⚠️ If that fails: Need physical/network access to start container
📋 All tunnel IDs and configs: See generated files in /tmp/tunnel-fix-manual-*/