d-bis/proxmox

Fork 0

Files

defiQUG b45c2006be Refactor code for improved readability and performance

2025-12-21 22:32:09 -08:00

2.9 KiB

Raw Blame History

Cloudflare API Setup - Quick Start

Automated Configuration via API

This will configure both tunnel routes and DNS records automatically using the Cloudflare API.

Step 1: Get Cloudflare API Credentials

Option A: API Token (Recommended)

Go to: https://dash.cloudflare.com/profile/api-tokens
Click Create Token
Use Edit zone DNS template OR create custom token with:
- Zone → DNS → Edit
- Account → Cloudflare Tunnel → Edit
Copy the token

Option B: Global API Key (Legacy)

Go to: https://dash.cloudflare.com/profile/api-tokens
Scroll to API Keys section
Click View next to "Global API Key"
Copy your Email and Global API Key

Step 2: Set Up Credentials

Interactive Setup:

cd /home/intlc/projects/proxmox
./scripts/setup-cloudflare-env.sh

Or manually create .env file:

cat > .env <<EOF
CLOUDFLARE_API_TOKEN="your-api-token-here"
DOMAIN="d-bis.org"
TUNNEL_TOKEN="eyJhIjoiNTJhZDU3YTcxNjcxYzVmYzAwOWVkZjA3NDQ2NTgxOTYiLCJ0IjoiMTBhYjIyZGEtOGVhMy00ZTJlLWE4OTYtMjdlY2UyMjExYTA1IiwicyI6IlptRXlOMkkyTVRrdE1EZzFNeTAwTkRBNExXSXhaalF0Wm1KaE5XVmpaVEEzTVdGbCJ9"
EOF

chmod 600 .env

Step 3: Run Configuration Script

cd /home/intlc/projects/proxmox
./scripts/configure-cloudflare-api.sh

What it does:

✅ Gets zone ID for d-bis.org
✅ Gets account ID
✅ Extracts tunnel ID from token
✅ Configures 4 tunnel routes (rpc-http-pub, rpc-ws-pub, rpc-http-prv, rpc-ws-prv)
✅ Creates/updates 4 DNS CNAME records
✅ Enables proxy on all DNS records

What Gets Configured

Tunnel Routes:

rpc-http-pub.d-bis.org → https://192.168.11.251:443
rpc-ws-pub.d-bis.org → https://192.168.11.251:443
rpc-http-prv.d-bis.org → https://192.168.11.252:443
rpc-ws-prv.d-bis.org → https://192.168.11.252:443

DNS Records:

All 4 endpoints → CNAME → <tunnel-id>.cfargotunnel.com (🟠 Proxied)

Troubleshooting

"Could not determine account ID"

Add to .env:

CLOUDFLARE_ACCOUNT_ID="your-account-id"

Get account ID from: Cloudflare Dashboard → Right sidebar → Account ID

"API request failed"

Verify API token has correct permissions
Check token is not expired
Verify domain is in your Cloudflare account

"Zone not found"

Verify domain d-bis.org is in your Cloudflare account
Or set CLOUDFLARE_ZONE_ID in .env

Verify Configuration

After running the script:

Check Tunnel Routes:
- Zero Trust → Networks → Tunnels → Your Tunnel → Configure
- Should see 4 public hostnames
Check DNS Records:
- DNS → Records
- Should see 4 CNAME records (🟠 Proxied)

Test Endpoints:

curl https://rpc-http-pub.d-bis.org/health

Files Created

.env - Your API credentials (keep secure!)
Scripts are in: scripts/configure-cloudflare-api.sh

2.9 KiB Raw Blame History