cb47cce074
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
428 lines
10 KiB
Markdown
428 lines
10 KiB
Markdown
# ThirdWeb RPC (VMID 2400) - Cloudflare Tunnel Setup
|
|
|
|
**Last Updated:** 2025-01-23
|
|
**Status:** Setup Guide
|
|
**VMID:** 2400
|
|
**IP:** 192.168.11.240
|
|
**Domain:** `defi-oracle.io`
|
|
**FQDN:** `rpc.public-0138.defi-oracle.io`
|
|
|
|
---
|
|
|
|
## Overview
|
|
|
|
Since VMID 2400 is on a Proxmox host that doesn't have access to pve2 (192.168.11.12) where the existing Cloudflared tunnel is located, we need to install Cloudflared directly in VMID 2400 to create its own tunnel connection to Cloudflare.
|
|
|
|
**Architecture:**
|
|
```
|
|
Internet → Cloudflare → Cloudflare Tunnel (from VMID 2400) → Nginx (port 443) → Besu RPC (8545/8546)
|
|
```
|
|
|
|
---
|
|
|
|
## Prerequisites
|
|
|
|
1. **Access to Proxmox host** where VMID 2400 is running
|
|
2. **Access to VMID 2400 container** (via `pct exec 2400`)
|
|
3. **Cloudflare account** with access to `defi-oracle.io` domain
|
|
4. **Cloudflare Zero Trust access** (free tier is sufficient)
|
|
|
|
---
|
|
|
|
## Step 1: Create Cloudflare Tunnel
|
|
|
|
### 1.1 Create Tunnel in Cloudflare Dashboard
|
|
|
|
1. Go to: https://one.dash.cloudflare.com/
|
|
2. Navigate to: **Zero Trust** → **Networks** → **Tunnels**
|
|
3. Click **Create a tunnel**
|
|
4. Select **Cloudflared** as the connector type
|
|
5. Give it a name (e.g., `thirdweb-rpc-2400`)
|
|
6. Click **Save tunnel**
|
|
|
|
### 1.2 Copy the Tunnel Token
|
|
|
|
After creating the tunnel, you'll see a token. Copy it - you'll need it in the next step.
|
|
|
|
**Token format:** `eyJhIjoi...` (long base64 string)
|
|
|
|
---
|
|
|
|
## Step 2: Install Cloudflared on VMID 2400
|
|
|
|
### 2.1 Access the Container
|
|
|
|
**If you have SSH access to the Proxmox host:**
|
|
|
|
```bash
|
|
# Replace with your Proxmox host IP
|
|
PROXMOX_HOST="192.168.11.10" # or your Proxmox host IP
|
|
|
|
# Enter the container
|
|
ssh root@${PROXMOX_HOST} "pct exec 2400 -- bash"
|
|
```
|
|
|
|
**If you have console access to the Proxmox host:**
|
|
|
|
```bash
|
|
# List containers
|
|
pct list | grep 2400
|
|
|
|
# Enter the container
|
|
pct exec 2400 -- bash
|
|
```
|
|
|
|
### 2.2 Install Cloudflared
|
|
|
|
Once inside the container, run:
|
|
|
|
```bash
|
|
# Update package list
|
|
apt update
|
|
|
|
# Install wget if not available
|
|
apt install -y wget
|
|
|
|
# Download and install cloudflared
|
|
cd /tmp
|
|
wget -q https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
|
|
dpkg -i cloudflared-linux-amd64.deb || apt install -f -y
|
|
|
|
# Verify installation
|
|
cloudflared --version
|
|
```
|
|
|
|
### 2.3 Install Tunnel Service
|
|
|
|
Replace `<TUNNEL_TOKEN>` with the token you copied from Step 1.2:
|
|
|
|
```bash
|
|
# Install tunnel service with token
|
|
cloudflared service install <TUNNEL_TOKEN>
|
|
|
|
# Enable and start service
|
|
systemctl enable cloudflared
|
|
systemctl start cloudflared
|
|
|
|
# Check status
|
|
systemctl status cloudflared
|
|
```
|
|
|
|
### 2.4 Verify Tunnel is Running
|
|
|
|
```bash
|
|
# Check service status
|
|
systemctl status cloudflared --no-pager -l
|
|
|
|
# List tunnels (should show your tunnel)
|
|
cloudflared tunnel list
|
|
|
|
# Check tunnel configuration
|
|
cat /etc/cloudflared/config.yml
|
|
```
|
|
|
|
---
|
|
|
|
## Step 3: Configure Tunnel Route in Cloudflare
|
|
|
|
### 3.1 Configure Public Hostname
|
|
|
|
1. Go back to Cloudflare Dashboard: **Zero Trust** → **Networks** → **Tunnels**
|
|
2. Click on your tunnel name (`thirdweb-rpc-2400`)
|
|
3. Click **Configure**
|
|
4. Go to **Public Hostname** tab
|
|
5. Click **Add a public hostname**
|
|
|
|
### 3.2 Add RPC Endpoint Configuration
|
|
|
|
**For HTTP RPC:**
|
|
|
|
```
|
|
Subdomain: rpc.public-0138
|
|
Domain: defi-oracle.io
|
|
Service Type: HTTP
|
|
URL: http://127.0.0.1:8545
|
|
```
|
|
|
|
**Note:** If you have Nginx configured on VMID 2400 with SSL on port 443, use:
|
|
```
|
|
URL: https://127.0.0.1:443
|
|
```
|
|
or
|
|
```
|
|
URL: http://127.0.0.1:443
|
|
```
|
|
|
|
### 3.3 Add WebSocket Support (Optional)
|
|
|
|
If you need WebSocket RPC support, you can either:
|
|
|
|
**Option A:** Use the same hostname (Cloudflare supports WebSocket on HTTP endpoints)
|
|
- The same `rpc.public-0138.defi-oracle.io` hostname will handle both HTTP and WebSocket
|
|
- Configure your Nginx to route WebSocket connections appropriately
|
|
|
|
**Option B:** Add a separate hostname for WebSocket:
|
|
```
|
|
Subdomain: rpc-ws.public-0138
|
|
Domain: defi-oracle.io
|
|
Service Type: HTTP
|
|
URL: http://127.0.0.1:8546
|
|
```
|
|
|
|
### 3.4 Save Configuration
|
|
|
|
Click **Save hostname** for each entry you add.
|
|
|
|
---
|
|
|
|
## Step 4: Configure Nginx on VMID 2400 (If Needed)
|
|
|
|
If VMID 2400 doesn't have Nginx configured yet, you'll need to set it up to handle the RPC endpoints.
|
|
|
|
### 4.1 Install Nginx
|
|
|
|
```bash
|
|
# Inside VMID 2400 container
|
|
apt install -y nginx
|
|
```
|
|
|
|
### 4.2 Configure Nginx for RPC
|
|
|
|
Create Nginx configuration:
|
|
|
|
```bash
|
|
cat > /etc/nginx/sites-available/rpc-thirdweb << 'EOF'
|
|
# HTTP to HTTPS redirect (optional)
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name rpc.public-0138.defi-oracle.io;
|
|
|
|
# Redirect all HTTP to HTTPS
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
# HTTPS server - HTTP RPC API (port 8545)
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name rpc.public-0138.defi-oracle.io;
|
|
|
|
# SSL configuration (you'll need to generate certificates)
|
|
# For Cloudflare tunnel, you can use self-signed or Cloudflare SSL
|
|
ssl_certificate /etc/nginx/ssl/rpc.crt;
|
|
ssl_certificate_key /etc/nginx/ssl/rpc.key;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
# Security headers
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
|
|
# Increase timeouts for RPC calls
|
|
proxy_connect_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
proxy_read_timeout 300s;
|
|
|
|
# HTTP RPC endpoint (port 8545)
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8545;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
|
|
# HTTPS server - WebSocket RPC API (port 8546)
|
|
server {
|
|
listen 8443 ssl http2;
|
|
listen [::]:8443 ssl http2;
|
|
server_name rpc.public-0138.defi-oracle.io;
|
|
|
|
# SSL configuration
|
|
ssl_certificate /etc/nginx/ssl/rpc.crt;
|
|
ssl_certificate_key /etc/nginx/ssl/rpc.key;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
|
|
# WebSocket RPC endpoint (port 8546)
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8546;
|
|
proxy_http_version 1.1;
|
|
|
|
# WebSocket headers
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# Long timeouts for WebSocket connections
|
|
proxy_read_timeout 86400;
|
|
proxy_send_timeout 86400;
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Enable the site
|
|
ln -sf /etc/nginx/sites-available/rpc-thirdweb /etc/nginx/sites-enabled/
|
|
rm -f /etc/nginx/sites-enabled/default
|
|
|
|
# Test configuration
|
|
nginx -t
|
|
|
|
# Reload Nginx
|
|
systemctl reload nginx
|
|
```
|
|
|
|
**Note:** If using Cloudflare tunnel, you can point the tunnel directly to `http://127.0.0.1:8545` (bypassing Nginx) since Cloudflare handles SSL termination. In that case, Nginx is optional.
|
|
|
|
---
|
|
|
|
## Step 5: Configure DNS Record
|
|
|
|
### 5.1 Create DNS Record in Cloudflare
|
|
|
|
1. Go to Cloudflare Dashboard: **DNS** → **Records**
|
|
2. Select domain: `defi-oracle.io`
|
|
3. Click **Add record**
|
|
|
|
### 5.2 Configure DNS Record
|
|
|
|
**If using Cloudflare Tunnel (Recommended):**
|
|
|
|
```
|
|
Type: CNAME
|
|
Name: rpc.public-0138
|
|
Target: <your-tunnel-id>.cfargotunnel.com
|
|
Proxy: 🟠 Proxied (orange cloud)
|
|
TTL: Auto
|
|
```
|
|
|
|
**To find your tunnel ID:**
|
|
- Go to **Zero Trust** → **Networks** → **Tunnels**
|
|
- Click on your tunnel name
|
|
- The tunnel ID is shown in the URL or tunnel details
|
|
|
|
**Alternative: Direct A Record (If using public IP with port forwarding)**
|
|
|
|
If you prefer to use a direct A record with port forwarding on the ER605 router:
|
|
|
|
```
|
|
Type: A
|
|
Name: rpc.public-0138
|
|
Target: <your-public-ip>
|
|
Proxy: 🟠 Proxied (recommended) or ❌ DNS only
|
|
TTL: Auto
|
|
```
|
|
|
|
Then configure port forwarding on ER605:
|
|
- External Port: 443
|
|
- Internal IP: 192.168.11.240
|
|
- Internal Port: 443
|
|
- Protocol: TCP
|
|
|
|
---
|
|
|
|
## Step 6: Verify Setup
|
|
|
|
### 6.1 Check Tunnel Status
|
|
|
|
```bash
|
|
# Inside VMID 2400 container
|
|
systemctl status cloudflared
|
|
cloudflared tunnel list
|
|
```
|
|
|
|
### 6.2 Test DNS Resolution
|
|
|
|
```bash
|
|
# From your local machine
|
|
dig rpc.public-0138.defi-oracle.io
|
|
nslookup rpc.public-0138.defi-oracle.io
|
|
|
|
# Should resolve to Cloudflare IPs (if proxied) or your public IP
|
|
```
|
|
|
|
### 6.3 Test RPC Endpoint
|
|
|
|
```bash
|
|
# Test HTTP RPC endpoint
|
|
curl -k https://rpc.public-0138.defi-oracle.io \
|
|
-X POST \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
|
|
|
|
# Test WebSocket (using wscat)
|
|
wscat -c wss://rpc.public-0138.defi-oracle.io
|
|
```
|
|
|
|
---
|
|
|
|
## Troubleshooting
|
|
|
|
### Tunnel Not Connecting
|
|
|
|
```bash
|
|
# Check cloudflared logs
|
|
journalctl -u cloudflared -f
|
|
|
|
# Check tunnel status
|
|
cloudflared tunnel list
|
|
|
|
# Verify tunnel token
|
|
cat /etc/cloudflared/credentials.json
|
|
```
|
|
|
|
### DNS Not Resolving
|
|
|
|
1. Verify DNS record is created correctly in Cloudflare
|
|
2. Wait a few minutes for DNS propagation
|
|
3. Check if tunnel is healthy in Cloudflare Dashboard
|
|
|
|
### Connection Refused
|
|
|
|
```bash
|
|
# Check if Besu RPC is running
|
|
systemctl status besu-rpc
|
|
|
|
# Test Besu RPC locally
|
|
curl -X POST http://127.0.0.1:8545 \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
|
|
|
|
# Check Nginx (if using)
|
|
systemctl status nginx
|
|
nginx -t
|
|
```
|
|
|
|
### SSL Certificate Issues
|
|
|
|
If using Nginx with SSL, you may need to generate certificates. For Cloudflare tunnel, SSL is handled by Cloudflare, so you can use HTTP internally.
|
|
|
|
---
|
|
|
|
## Summary
|
|
|
|
After completing these steps:
|
|
|
|
✅ Cloudflared installed on VMID 2400
|
|
✅ Cloudflare tunnel created and connected
|
|
✅ Tunnel route configured for `rpc.public-0138.defi-oracle.io`
|
|
✅ DNS record created (CNAME to tunnel)
|
|
✅ RPC endpoint accessible at `https://rpc.public-0138.defi-oracle.io`
|
|
|
|
**Next Steps:**
|
|
- Verify the endpoint works with Thirdweb SDK
|
|
- Update Thirdweb listing with the new RPC URL
|
|
- Monitor tunnel status and logs
|
|
|
|
---
|
|
|
|
## Related Documentation
|
|
|
|
- [RPC_DNS_CONFIGURATION.md](RPC_DNS_CONFIGURATION.md) - DNS configuration overview
|
|
- [THIRDWEB_RPC_SETUP.md](../THIRDWEB_RPC_SETUP.md) - ThirdWeb RPC node setup guide
|
|
- [CLOUDFLARE_TUNNEL_CONFIGURATION_GUIDE.md](../CLOUDFLARE_TUNNEL_CONFIGURATION_GUIDE.md) - General tunnel configuration
|