d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/scripts/cloudflare-tunnels/AUTOMATED_SETUP.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

4.5 KiB
Raw Permalink Blame History

Automated Setup via Cloudflare API

Complete automation of all manual steps using Cloudflare API from .env file.

Overview

This automated setup uses your Cloudflare API credentials from .env to:

  1. Create tunnels in Cloudflare
  2. Configure tunnel routes
  3. Create DNS records
  4. Create Cloudflare Access applications
  5. Save credentials automatically

Prerequisites

.env file with Cloudflare API credentials:

CLOUDFLARE_API_TOKEN="your-api-token"
# OR
CLOUDFLARE_API_KEY="your-api-key"
CLOUDFLARE_EMAIL="your-email@example.com"

CLOUDFLARE_ACCOUNT_ID="your-account-id"  # Optional, will be auto-detected
CLOUDFLARE_ZONE_ID="your-zone-id"        # Optional, will be auto-detected
DOMAIN="d-bis.org"

Quick Start

Option 1: Complete Automated Setup (Recommended)

cd scripts/cloudflare-tunnels
./scripts/automate-cloudflare-setup.sh
./scripts/save-credentials-from-file.sh
./scripts/setup-multi-tunnel.sh --skip-credentials

Option 2: Step-by-Step

Step 1: Create Tunnels, DNS, and Access via API

./scripts/automate-cloudflare-setup.sh

This will:

  • Create 3 tunnels: tunnel-ml110, tunnel-r630-01, tunnel-r630-02
  • Configure tunnel routes for each Proxmox host
  • Create DNS CNAME records (proxied)
  • Create Cloudflare Access applications
  • Save credentials to tunnel-credentials.json

Step 2: Save Credentials to VMID 102

./scripts/save-credentials-from-file.sh

This automatically loads credentials from tunnel-credentials.json and saves them to VMID 102.

Step 3: Install Systemd Services

./scripts/setup-multi-tunnel.sh --skip-credentials

Step 4: Start Services

# From Proxmox host or via SSH
ssh root@192.168.11.10 "pct exec 102 -- systemctl start cloudflared-ml110 cloudflared-r630-01 cloudflared-r630-02"
ssh root@192.168.11.10 "pct exec 102 -- systemctl enable cloudflared-*"

Step 5: Verify

./scripts/check-tunnel-health.sh

What Gets Created

Tunnels

  • tunnel-ml110 → ml110-01.d-bis.org → 192.168.11.10:8006
  • tunnel-r630-01 → r630-01.d-bis.org → 192.168.11.11:8006
  • tunnel-r630-02 → r630-02.d-bis.org → 192.168.11.12:8006

DNS Records

  • ml110-01.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (Proxied)
  • r630-01.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (Proxied)
  • r630-02.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (Proxied)

Cloudflare Access Applications

  • Proxmox ml110 → ml110-01.d-bis.org
  • Proxmox r630-01 → r630-01.d-bis.org
  • Proxmox r630-02 → r630-02.d-bis.org

Each with basic access policy requiring email authentication.

Manual Steps (If Needed)

If automation fails, you can manually:

Save Individual Tunnel Credentials

./scripts/save-tunnel-credentials.sh ml110 <tunnel-id> <tunnel-token>
./scripts/save-tunnel-credentials.sh r630-01 <tunnel-id> <tunnel-token>
./scripts/save-tunnel-credentials.sh r630-02 <tunnel-id> <tunnel-token>

Update Access Policies

Access applications are created with basic policies. To enhance:

  1. Go to Cloudflare Zero Trust → Access → Applications
  2. Edit each application
  3. Add MFA requirement
  4. Configure additional policies

Troubleshooting

API Authentication Fails

# Test API credentials
cd /home/intlc/projects/proxmox
./scripts/test-cloudflare-api.sh

Tunnel Creation Fails

  • Check API token has Account:Cloudflare Tunnel:Edit permission
  • Verify account ID is correct
  • Check Zero Trust is enabled

DNS Records Not Created

  • Check API token has Zone:DNS:Edit permission
  • Verify zone ID is correct
  • Check domain is managed by Cloudflare

Access Applications Not Created

  • Check API token has Account:Access:Edit permission
  • Verify Zero Trust is enabled
  • Check account has Access plan

Files Created

  • tunnel-credentials.json - Contains all tunnel IDs and tokens (keep secure!)

Security Notes

⚠️ Important:

  • tunnel-credentials.json contains sensitive tokens
  • File is created with chmod 600 (owner read/write only)
  • Do not commit to version control
  • Consider deleting after credentials are saved to VMID 102

Next Steps

After automated setup:

  1. Verify all services are running
  2. Test access to each Proxmox host
  3. Configure enhanced Access policies (MFA, etc.)
  4. Set up monitoring: ./scripts/monitor-tunnels.sh --daemon
  5. Configure alerting: Edit monitoring/alerting.conf

All manual steps are now automated! 🎉

Reference in New Issue View Git Blame Copy Permalink