d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
a33fd9e3fe1d74add125bcc838b8cd304eb6f7e6
proxmox/scripts/fix-tunnels-no-ssh.sh
defiQUG 8b67fcbda1 Organize docs directory: move 25 files to appropriate locations 
- Created docs/00-meta/ for documentation meta files (11 files)
- Created docs/archive/reports/ for reports (5 files)
- Created docs/archive/issues/ for issue tracking (2 files)
- Created docs/bridge/contracts/ for Solidity contracts (3 files)
- Created docs/04-configuration/metamask/ for Metamask configs (3 files)
- Created docs/scripts/ for documentation scripts (2 files)
- Root directory now contains only 3 essential files (89.3% reduction)

All recommended actions from docs directory review complete.
2026-01-06 03:32:20 -08:00

324 lines
10 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Fix tunnels without SSH access - generates instructions and configs
set -e
echo "═══════════════════════════════════════════════════════════"
echo " Fix Tunnels Without SSH Access"
echo "═══════════════════════════════════════════════════════════"
echo ""
echo "This script generates instructions and configuration files"
echo "that can be deployed without SSH access to Proxmox."
echo ""
OUTPUT_DIR="/tmp/tunnel-fix-manual-$(date +%s)"
mkdir -p "$OUTPUT_DIR"
echo "📁 Creating files in: $OUTPUT_DIR"
echo ""
# Create comprehensive fix guide
cat > "$OUTPUT_DIR/COMPLETE_FIX_GUIDE.md" << 'EOF'
# Complete Tunnel Fix Guide (No SSH Required)
## Situation
All 6 Cloudflare tunnels are DOWN. You cannot access the Proxmox network via SSH.
## Solution: Cloudflare Dashboard Configuration
The easiest way to fix this is via the Cloudflare Dashboard - no SSH needed!
### Step 1: Access Cloudflare Dashboard
1. Go to: https://one.dash.cloudflare.com/
2. Sign in to your account
3. Navigate to: **Zero Trust** → **Networks** → **Tunnels**
### Step 2: Fix Each Tunnel
For each tunnel, click **Configure** and set up the routing:
#### Tunnel 1: explorer.d-bis.org
- **Tunnel ID**: `b02fe1fe-cb7d-484e-909b-7cc41298ebe8`
- **Public Hostname**: `explorer.d-bis.org`
- **Service**: HTTP
- **URL**: `http://192.168.11.21:80` (or appropriate internal IP)
#### Tunnel 2: mim4u-tunnel
- **Tunnel ID**: `f8d06879-04f8-44ef-aeda-ce84564a1792`
- **Public Hostname**: `mim4u.org.d-bis.org` (or `mim4u.org`)
- **Service**: HTTP
- **URL**: `http://192.168.11.21:80`
#### Tunnel 3: rpc-http-pub.d-bis.org (SHARED - 9 hostnames)
- **Tunnel ID**: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
- **Add ALL these hostnames**:
- `dbis-admin.d-bis.org` → `http://192.168.11.21:80`
- `dbis-api.d-bis.org` → `http://192.168.11.21:80`
- `dbis-api-2.d-bis.org` → `http://192.168.11.21:80`
- `mim4u.org.d-bis.org` → `http://192.168.11.21:80`
- `www.mim4u.org.d-bis.org` → `http://192.168.11.21:80`
- `rpc-http-prv.d-bis.org` → `http://192.168.11.21:80`
- `rpc-http-pub.d-bis.org` → `http://192.168.11.21:80`
- `rpc-ws-prv.d-bis.org` → `http://192.168.11.21:80`
- `rpc-ws-pub.d-bis.org` → `http://192.168.11.21:80`
- **Catch-all**: HTTP 404 (must be last)
#### Tunnel 4: tunnel-ml110
- **Tunnel ID**: `ccd7150a-9881-4b8c-a105-9b4ead6e69a2`
- **Public Hostname**: `ml110-01.d-bis.org`
- **Service**: HTTPS
- **URL**: `https://192.168.11.10:8006`
- **Options**: Allow self-signed certificate
#### Tunnel 5: tunnel-r630-01
- **Tunnel ID**: `4481af8f-b24c-4cd3-bdd5-f562f4c97df4`
- **Public Hostname**: `r630-01.d-bis.org`
- **Service**: HTTPS
- **URL**: `https://192.168.11.11:8006`
- **Options**: Allow self-signed certificate
#### Tunnel 6: tunnel-r630-02
- **Tunnel ID**: `0876f12b-64d7-4927-9ab3-94cb6cf48af9`
- **Public Hostname**: `r630-02.d-bis.org`
- **Service**: HTTPS
- **URL**: `https://192.168.11.12:8006`
- **Options**: Allow self-signed certificate
### Step 3: Verify Tunnel Status
After configuring each tunnel:
1. Wait 1-2 minutes
2. Check tunnel status in dashboard
3. Should change from **DOWN** to **HEALTHY**
### Step 4: Test Services
```bash
# Test Proxmox tunnels
curl -I https://ml110-01.d-bis.org
curl -I https://r630-01.d-bis.org
curl -I https://r630-02.d-bis.org
# Test shared tunnel services
curl -I https://dbis-admin.d-bis.org
curl -I https://rpc-http-pub.d-bis.org
curl -I https://explorer.d-bis.org
```
## Alternative: If Dashboard Doesn't Work
If the tunnel connector (cloudflared) in VMID 102 is not running, you need physical/network access to:
1. **Start the container** (if stopped):
```bash
ssh root@192.168.11.12 "pct start 102"
```
2. **Start cloudflared services**:
```bash
ssh root@192.168.11.12 "pct exec 102 -- systemctl start cloudflared-*"
```
3. **Check status**:
```bash
ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared-*"
```
## Why Tunnels Are Down
Most likely causes:
1. Container VMID 102 is stopped
2. cloudflared services not running
3. Network connectivity issues from container
4. Invalid or missing credentials
## Next Steps
1. Try Cloudflare Dashboard method first (easiest)
2. If that doesn't work, need physical/network access to Proxmox
3. Check container and service status
4. Restart services as needed
EOF
# Create tunnel configuration reference
cat > "$OUTPUT_DIR/tunnel-configs-reference.yml" << 'EOF'
# Tunnel Configuration Reference
# These are the configurations that should be in VMID 102
# Use Cloudflare Dashboard to configure, or deploy these manually if you have access
# ============================================
# Tunnel 1: explorer.d-bis.org
# ============================================
# tunnel: b02fe1fe-cb7d-484e-909b-7cc41298ebe8
# credentials-file: /etc/cloudflared/credentials-explorer.json
#
# ingress:
# - hostname: explorer.d-bis.org
# service: http://192.168.11.21:80
# - service: http_status:404
# ============================================
# Tunnel 2: mim4u-tunnel
# ============================================
# tunnel: f8d06879-04f8-44ef-aeda-ce84564a1792
# credentials-file: /etc/cloudflared/credentials-mim4u.json
#
# ingress:
# - hostname: mim4u.org.d-bis.org
# service: http://192.168.11.21:80
# - service: http_status:404
# ============================================
# Tunnel 3: rpc-http-pub.d-bis.org (SHARED)
# ============================================
# tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05
# credentials-file: /etc/cloudflared/credentials-services.json
#
# ingress:
# - hostname: dbis-admin.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: dbis-admin.d-bis.org
# - hostname: dbis-api.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: dbis-api.d-bis.org
# - hostname: dbis-api-2.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: dbis-api-2.d-bis.org
# - hostname: mim4u.org.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: mim4u.org.d-bis.org
# - hostname: www.mim4u.org.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: www.mim4u.org.d-bis.org
# - hostname: rpc-http-prv.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: rpc-http-prv.d-bis.org
# - hostname: rpc-http-pub.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: rpc-http-pub.d-bis.org
# - hostname: rpc-ws-prv.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: rpc-ws-prv.d-bis.org
# - hostname: rpc-ws-pub.d-bis.org
# service: http://192.168.11.21:80
# originRequest:
# httpHostHeader: rpc-ws-pub.d-bis.org
# - service: http_status:404
# ============================================
# Tunnel 4: tunnel-ml110
# ============================================
# tunnel: ccd7150a-9881-4b8c-a105-9b4ead6e69a2
# credentials-file: /etc/cloudflared/credentials-ml110.json
#
# ingress:
# - hostname: ml110-01.d-bis.org
# service: https://192.168.11.10:8006
# originRequest:
# noTLSVerify: true
# - service: http_status:404
# ============================================
# Tunnel 5: tunnel-r630-01
# ============================================
# tunnel: 4481af8f-b24c-4cd3-bdd5-f562f4c97df4
# credentials-file: /etc/cloudflared/credentials-r630-01.json
#
# ingress:
# - hostname: r630-01.d-bis.org
# service: https://192.168.11.11:8006
# originRequest:
# noTLSVerify: true
# - service: http_status:404
# ============================================
# Tunnel 6: tunnel-r630-02
# ============================================
# tunnel: 0876f12b-64d7-4927-9ab3-94cb6cf48af9
# credentials-file: /etc/cloudflared/credentials-r630-02.json
#
# ingress:
# - hostname: r630-02.d-bis.org
# service: https://192.168.11.12:8006
# originRequest:
# noTLSVerify: true
# - service: http_status:404
EOF
# Create quick reference card
cat > "$OUTPUT_DIR/QUICK_REFERENCE.md" << 'EOF'
# Quick Reference - Fix Tunnels
## Fastest Method: Cloudflare Dashboard
1. Go to: https://one.dash.cloudflare.com/
2. Zero Trust → Networks → Tunnels
3. For each tunnel, click **Configure**
4. Add hostname → Service → URL
5. Save and wait 1-2 minutes
## Tunnel IDs Quick Reference
| Tunnel Name | ID | Target |
|-------------|----|----|
| explorer | b02fe1fe-cb7d-484e-909b-7cc41298ebe8 | http://192.168.11.21:80 |
| mim4u-tunnel | f8d06879-04f8-44ef-aeda-ce84564a1792 | http://192.168.11.21:80 |
| rpc-http-pub | 10ab22da-8ea3-4e2e-a896-27ece2211a05 | http://192.168.11.21:80 (9 hostnames) |
| tunnel-ml110 | ccd7150a-9881-4b8c-a105-9b4ead6e69a2 | https://192.168.11.10:8006 |
| tunnel-r630-01 | 4481af8f-b24c-4cd3-bdd5-f562f4c97df4 | https://192.168.11.11:8006 |
| tunnel-r630-02 | 0876f12b-64d7-4927-9ab3-94cb6cf48af9 | https://192.168.11.12:8006 |
## If Dashboard Doesn't Work
Need physical/network access to Proxmox host (192.168.11.12):
```bash
# Start container
ssh root@192.168.11.12 "pct start 102"
# Start services
ssh root@192.168.11.12 "pct exec 102 -- systemctl start cloudflared-*"
# Check status
ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared-*"
```
EOF
echo "✅ Files created:"
echo ""
echo " 📄 COMPLETE_FIX_GUIDE.md - Step-by-step instructions"
echo " 📄 tunnel-configs-reference.yml - Configuration reference"
echo " 📄 QUICK_REFERENCE.md - Quick lookup"
echo ""
echo "═══════════════════════════════════════════════════════════"
echo " Next Steps"
echo "═══════════════════════════════════════════════════════════"
echo ""
echo "1. Review: $OUTPUT_DIR/COMPLETE_FIX_GUIDE.md"
echo ""
echo "2. Easiest Fix: Use Cloudflare Dashboard"
echo " - Go to: https://one.dash.cloudflare.com/"
echo " - Zero Trust → Networks → Tunnels"
echo " - Configure each tunnel as shown in guide"
echo ""
echo "3. If Dashboard doesn't work:"
echo " - Need physical/network access to Proxmox"
echo " - Start container and services manually"
echo " - See guide for commands"
echo ""
echo "📁 All files saved to: $OUTPUT_DIR"
echo ""
Reference in New Issue View Git Blame Copy Permalink