cb47cce074
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
207 lines
7.0 KiB
Bash
Executable File
207 lines
7.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Setup Cloudflare Tunnel for RPC endpoints on VMID 102
|
|
# Usage: ./setup-cloudflare-tunnel-rpc.sh <TUNNEL_TOKEN>
|
|
# Example: ./setup-cloudflare-tunnel-rpc.sh eyJhIjoiNT...
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.10}"
|
|
CLOUDFLARED_VMID="${CLOUDFLARED_VMID:-102}"
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m' # No Color
|
|
|
|
info() { echo -e "${GREEN}[INFO]${NC} $1"; }
|
|
warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
|
|
error() { echo -e "${RED}[ERROR]${NC} $1"; }
|
|
|
|
# Check if token provided
|
|
if [[ $# -eq 0 ]]; then
|
|
error "Tunnel token required!"
|
|
echo ""
|
|
echo "Usage: $0 <TUNNEL_TOKEN>"
|
|
echo ""
|
|
echo "Get your token from Cloudflare Dashboard:"
|
|
echo " Zero Trust → Networks → Tunnels → Create tunnel → Copy token"
|
|
echo ""
|
|
exit 1
|
|
fi
|
|
|
|
TUNNEL_TOKEN="$1"
|
|
|
|
info "Setting up Cloudflare Tunnel for RPC endpoints..."
|
|
info "Proxmox Host: $PROXMOX_HOST"
|
|
info "Cloudflared Container: VMID $CLOUDFLARED_VMID"
|
|
echo ""
|
|
|
|
# Check if container is running
|
|
STATUS=$(ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct status $CLOUDFLARED_VMID 2>/dev/null | awk '{print \$2}'" 2>/dev/null || echo "unknown")
|
|
|
|
if [[ "$STATUS" != "running" ]]; then
|
|
error "Container $CLOUDFLARED_VMID is not running (status: $STATUS)"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if cloudflared is installed
|
|
if ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- which cloudflared >/dev/null 2>&1"; then
|
|
info "Installing cloudflared..."
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- bash -c '
|
|
mkdir -p --mode=0755 /usr/share/keyrings
|
|
curl -fsSL https://pkg.cloudflare.com/cloudflare-public-v2.gpg | tee /usr/share/keyrings/cloudflare-public-v2.gpg >/dev/null
|
|
echo \"deb [signed-by=/usr/share/keyrings/cloudflare-public-v2.gpg] https://pkg.cloudflare.com/cloudflared any main\" | tee /etc/apt/sources.list.d/cloudflared.list
|
|
apt-get update -qq && apt-get install -y -qq cloudflared
|
|
'" || {
|
|
error "Failed to install cloudflared"
|
|
exit 1
|
|
}
|
|
info "✓ cloudflared installed"
|
|
else
|
|
info "✓ cloudflared already installed"
|
|
fi
|
|
|
|
# Stop existing cloudflared service if running
|
|
info "Stopping existing cloudflared service..."
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- systemctl stop cloudflared 2>/dev/null || true"
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- systemctl disable cloudflared 2>/dev/null || true"
|
|
|
|
# Install tunnel service with token
|
|
info "Installing tunnel service with token..."
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- cloudflared service install $TUNNEL_TOKEN" || {
|
|
error "Failed to install tunnel service"
|
|
exit 1
|
|
}
|
|
info "✓ Tunnel service installed"
|
|
|
|
# Create tunnel configuration file
|
|
info "Creating tunnel configuration for RPC endpoints..."
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- bash" <<'EOF'
|
|
cat > /etc/cloudflared/config.yml <<'CONFIG'
|
|
# Cloudflare Tunnel Configuration for RPC Endpoints
|
|
# This file is auto-generated. Manual edits may be overwritten.
|
|
|
|
ingress:
|
|
# Public HTTP RPC
|
|
- hostname: rpc-http-pub.d-bis.org
|
|
service: https://192.168.11.252:443
|
|
originRequest:
|
|
noHappyEyeballs: true
|
|
connectTimeout: 30s
|
|
tcpKeepAlive: 30s
|
|
keepAliveConnections: 100
|
|
keepAliveTimeout: 90s
|
|
|
|
# Public WebSocket RPC
|
|
- hostname: rpc-ws-pub.d-bis.org
|
|
service: https://192.168.11.252:443
|
|
originRequest:
|
|
noHappyEyeballs: true
|
|
connectTimeout: 30s
|
|
tcpKeepAlive: 30s
|
|
keepAliveConnections: 100
|
|
keepAliveTimeout: 90s
|
|
httpHostHeader: rpc-ws-pub.d-bis.org
|
|
|
|
# Private HTTP RPC
|
|
- hostname: rpc-http-prv.d-bis.org
|
|
service: https://192.168.11.252:443
|
|
originRequest:
|
|
noHappyEyeballs: true
|
|
connectTimeout: 30s
|
|
tcpKeepAlive: 30s
|
|
keepAliveConnections: 100
|
|
keepAliveTimeout: 90s
|
|
|
|
# Private WebSocket RPC
|
|
- hostname: rpc-ws-prv.d-bis.org
|
|
service: https://192.168.11.252:443
|
|
originRequest:
|
|
noHappyEyeballs: true
|
|
connectTimeout: 30s
|
|
tcpKeepAlive: 30s
|
|
keepAliveConnections: 100
|
|
keepAliveTimeout: 90s
|
|
httpHostHeader: rpc-ws-prv.d-bis.org
|
|
|
|
# Catch-all (must be last)
|
|
- service: http_status:404
|
|
CONFIG
|
|
|
|
chmod 600 /etc/cloudflared/config.yml
|
|
EOF
|
|
|
|
if [[ $? -eq 0 ]]; then
|
|
info "✓ Tunnel configuration created"
|
|
else
|
|
error "Failed to create tunnel configuration"
|
|
exit 1
|
|
fi
|
|
|
|
# Enable and start tunnel service
|
|
info "Enabling and starting tunnel service..."
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- systemctl enable cloudflared" || {
|
|
warn "Failed to enable service (may already be enabled)"
|
|
}
|
|
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- systemctl start cloudflared" || {
|
|
error "Failed to start tunnel service"
|
|
exit 1
|
|
}
|
|
|
|
# Wait a moment for service to start
|
|
sleep 2
|
|
|
|
# Check service status
|
|
info "Checking tunnel service status..."
|
|
STATUS=$(ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- systemctl is-active cloudflared 2>/dev/null" || echo "inactive")
|
|
|
|
if [[ "$STATUS" == "active" ]]; then
|
|
info "✓ Tunnel service is running"
|
|
else
|
|
error "Tunnel service is not active"
|
|
warn "Checking logs..."
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- journalctl -u cloudflared -n 20 --no-pager"
|
|
exit 1
|
|
fi
|
|
|
|
# Show tunnel info
|
|
info "Tunnel information:"
|
|
ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} \
|
|
"pct exec $CLOUDFLARED_VMID -- cloudflared tunnel info 2>/dev/null | head -10" || {
|
|
warn "Could not retrieve tunnel info (may need a moment to connect)"
|
|
}
|
|
|
|
echo ""
|
|
info "Cloudflare Tunnel setup complete!"
|
|
echo ""
|
|
info "Next steps:"
|
|
echo " 1. Configure DNS records in Cloudflare:"
|
|
echo " - rpc-http-pub.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)"
|
|
echo " - rpc-ws-pub.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)"
|
|
echo " - rpc-http-prv.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)"
|
|
echo " - rpc-ws-prv.d-bis.org → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)"
|
|
echo ""
|
|
echo " 2. Verify tunnel status in Cloudflare Dashboard:"
|
|
echo " Zero Trust → Networks → Tunnels → Your Tunnel"
|
|
echo ""
|
|
echo " 3. Test endpoints:"
|
|
echo " curl https://rpc-http-pub.d-bis.org/health"
|
|
echo ""
|
|
info "To view tunnel logs:"
|
|
echo " ssh root@$PROXMOX_HOST 'pct exec $CLOUDFLARED_VMID -- journalctl -u cloudflared -f'"
|
|
|