d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/scripts/cloudflare-tunnels/AUTOMATED_SETUP.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

176 lines
4.5 KiB
Markdown
Raw Permalink Blame History

# Automated Setup via Cloudflare API
Complete automation of all manual steps using Cloudflare API from `.env` file.
## Overview
This automated setup uses your Cloudflare API credentials from `.env` to:
1. ✅ Create tunnels in Cloudflare
2. ✅ Configure tunnel routes
3. ✅ Create DNS records
4. ✅ Create Cloudflare Access applications
5. ✅ Save credentials automatically
## Prerequisites
`.env` file with Cloudflare API credentials:
```bash
CLOUDFLARE_API_TOKEN="your-api-token"
# OR
CLOUDFLARE_API_KEY="your-api-key"
CLOUDFLARE_EMAIL="your-email@example.com"
CLOUDFLARE_ACCOUNT_ID="your-account-id" # Optional, will be auto-detected
CLOUDFLARE_ZONE_ID="your-zone-id" # Optional, will be auto-detected
DOMAIN="d-bis.org"
```
## Quick Start
### Option 1: Complete Automated Setup (Recommended)
```bash
cd scripts/cloudflare-tunnels
./scripts/automate-cloudflare-setup.sh
./scripts/save-credentials-from-file.sh
./scripts/setup-multi-tunnel.sh --skip-credentials
```
### Option 2: Step-by-Step
#### Step 1: Create Tunnels, DNS, and Access via API
```bash
./scripts/automate-cloudflare-setup.sh
```
This will:
- Create 3 tunnels: `tunnel-ml110`, `tunnel-r630-01`, `tunnel-r630-02`
- Configure tunnel routes for each Proxmox host
- Create DNS CNAME records (proxied)
- Create Cloudflare Access applications
- Save credentials to `tunnel-credentials.json`
#### Step 2: Save Credentials to VMID 102
```bash
./scripts/save-credentials-from-file.sh
```
This automatically loads credentials from `tunnel-credentials.json` and saves them to VMID 102.
#### Step 3: Install Systemd Services
```bash
./scripts/setup-multi-tunnel.sh --skip-credentials
```
#### Step 4: Start Services
```bash
# From Proxmox host or via SSH
ssh root@192.168.11.10 "pct exec 102 -- systemctl start cloudflared-ml110 cloudflared-r630-01 cloudflared-r630-02"
ssh root@192.168.11.10 "pct exec 102 -- systemctl enable cloudflared-*"
```
#### Step 5: Verify
```bash
./scripts/check-tunnel-health.sh
```
## What Gets Created
### Tunnels
- `tunnel-ml110` → ml110-01.d-bis.org → 192.168.11.10:8006
- `tunnel-r630-01` → r630-01.d-bis.org → 192.168.11.11:8006
- `tunnel-r630-02` → r630-02.d-bis.org → 192.168.11.12:8006
### DNS Records
- `ml110-01.d-bis.org` → CNAME → `<tunnel-id>.cfargotunnel.com` (Proxied)
- `r630-01.d-bis.org` → CNAME → `<tunnel-id>.cfargotunnel.com` (Proxied)
- `r630-02.d-bis.org` → CNAME → `<tunnel-id>.cfargotunnel.com` (Proxied)
### Cloudflare Access Applications
- `Proxmox ml110` → ml110-01.d-bis.org
- `Proxmox r630-01` → r630-01.d-bis.org
- `Proxmox r630-02` → r630-02.d-bis.org
Each with basic access policy requiring email authentication.
## Manual Steps (If Needed)
If automation fails, you can manually:
### Save Individual Tunnel Credentials
```bash
./scripts/save-tunnel-credentials.sh ml110 <tunnel-id> <tunnel-token>
./scripts/save-tunnel-credentials.sh r630-01 <tunnel-id> <tunnel-token>
./scripts/save-tunnel-credentials.sh r630-02 <tunnel-id> <tunnel-token>
```
### Update Access Policies
Access applications are created with basic policies. To enhance:
1. Go to Cloudflare Zero Trust → Access → Applications
2. Edit each application
3. Add MFA requirement
4. Configure additional policies
## Troubleshooting
### API Authentication Fails
```bash
# Test API credentials
cd /home/intlc/projects/proxmox
./scripts/test-cloudflare-api.sh
```
### Tunnel Creation Fails
- Check API token has `Account:Cloudflare Tunnel:Edit` permission
- Verify account ID is correct
- Check Zero Trust is enabled
### DNS Records Not Created
- Check API token has `Zone:DNS:Edit` permission
- Verify zone ID is correct
- Check domain is managed by Cloudflare
### Access Applications Not Created
- Check API token has `Account:Access:Edit` permission
- Verify Zero Trust is enabled
- Check account has Access plan
## Files Created
- `tunnel-credentials.json` - Contains all tunnel IDs and tokens (keep secure!)
## Security Notes
⚠️ **Important:**
- `tunnel-credentials.json` contains sensitive tokens
- File is created with `chmod 600` (owner read/write only)
- Do not commit to version control
- Consider deleting after credentials are saved to VMID 102
## Next Steps
After automated setup:
1. ✅ Verify all services are running
2. ✅ Test access to each Proxmox host
3. ✅ Configure enhanced Access policies (MFA, etc.)
4. ✅ Set up monitoring: `./scripts/monitor-tunnels.sh --daemon`
5. ✅ Configure alerting: Edit `monitoring/alerting.conf`
---
**All manual steps are now automated!** 🎉
Reference in New Issue View Git Blame Copy Permalink