cb47cce074
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
3.9 KiB
VMID 2400 - Cloudflare Origin Certificate Installation Complete
Date: 2026-01-02
Status: ✅ CERTIFICATE INSTALLED AND CONFIGURED
✅ Completed
- ✅ Cloudflare Origin Certificate installed:
/etc/nginx/ssl/cloudflare-origin.crt - ✅ Private Key installed:
/etc/nginx/ssl/cloudflare-origin.key - ✅ Certificate permissions set (644 for cert, 600 for key)
- ✅ Certificate verified - Valid for
*.defi-oracle.ioanddefi-oracle.io - ✅ Nginx installed and configured
- ✅ Nginx configuration created:
/etc/nginx/sites-available/rpc-thirdweb - ✅ Site enabled and Nginx reloaded
Certificate Details
Issuer: CloudFlare Origin SSL Certificate Authority
Subject: CloudFlare Origin Certificate
Valid For:
*.defi-oracle.iodefi-oracle.io
Expiration: January 29, 2040 (14 years)
Nginx Configuration
Configuration File: /etc/nginx/sites-available/rpc-thirdweb
Enabled: /etc/nginx/sites-enabled/rpc-thirdweb
Endpoints Configured:
- HTTP RPC:
https://rpc.public-0138.defi-oracle.io:443→http://127.0.0.1:8545 - WebSocket RPC:
https://rpc.public-0138.defi-oracle.io:8443→http://127.0.0.1:8546 - Health Check:
https://rpc.public-0138.defi-oracle.io/health
Next Steps
1. Update Cloudflare Tunnel Route (Optional)
Since you now have SSL configured, you can optionally update the tunnel route to use HTTPS:
Current (HTTP - works fine):
URL: http://127.0.0.1:8545
Optional (HTTPS - if you want end-to-end encryption):
URL: https://127.0.0.1:443
Note: With Cloudflare Origin Certificate, HTTP is fine since Cloudflare validates the origin. HTTPS is optional but provides additional encryption.
2. Test the Endpoint
# Test health endpoint
curl -k https://rpc.public-0138.defi-oracle.io/health
# Test RPC endpoint
curl -k https://rpc.public-0138.defi-oracle.io \
-X POST \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
3. Verify SSL Certificate
# Check certificate from external
openssl s_client -connect rpc.public-0138.defi-oracle.io:443 -servername rpc.public-0138.defi-oracle.io < /dev/null 2>/dev/null | openssl x509 -noout -text | grep -E 'Subject:|Issuer:|DNS:'
Security Notes
✅ Origin Certificate: Validates that Cloudflare is connecting to the correct origin
✅ Private Key: Securely stored with 600 permissions (owner read/write only)
✅ SSL/TLS: Encrypted connection between Cloudflare and origin
✅ Real IP: Configured to trust Cloudflare IPs for accurate client IPs
File Locations
| File | Path | Permissions |
|---|---|---|
| Certificate | /etc/nginx/ssl/cloudflare-origin.crt |
644 (readable) |
| Private Key | /etc/nginx/ssl/cloudflare-origin.key |
600 (owner only) |
| Nginx Config | /etc/nginx/sites-available/rpc-thirdweb |
644 |
| Enabled Site | /etc/nginx/sites-enabled/rpc-thirdweb |
Symlink |
Troubleshooting
Certificate Issues
# Verify certificate
ssh root@192.168.11.10 "pct exec 2400 -- openssl x509 -in /etc/nginx/ssl/cloudflare-origin.crt -text -noout"
# Check certificate expiration
ssh root@192.168.11.10 "pct exec 2400 -- openssl x509 -in /etc/nginx/ssl/cloudflare-origin.crt -noout -dates"
Nginx Issues
# Test configuration
ssh root@192.168.11.10 "pct exec 2400 -- nginx -t"
# Check Nginx status
ssh root@192.168.11.10 "pct exec 2400 -- systemctl status nginx"
# View Nginx logs
ssh root@192.168.11.10 "pct exec 2400 -- tail -f /var/log/nginx/rpc-thirdweb-error.log"
SSL Connection Issues
# Test SSL locally
ssh root@192.168.11.10 "pct exec 2400 -- curl -k https://127.0.0.1/health"
# Test from external (after DNS is configured)
curl -k https://rpc.public-0138.defi-oracle.io/health
Last Updated: 2026-01-02
Status: ✅ READY - Certificate installed, Nginx configured