proxmox/docs/05-network/CLOUDFLARE_ROUTING_MASTER.md

Cloudflare Routing Master Reference

Navigation: Home > Network > Cloudflare Routing Master

Last Updated: 2025-01-20
Document Version: 1.0
Status: 🟢 Active Documentation

---

Overview

This is the authoritative reference for Cloudflare tunnel routing architecture. All routing decisions, domain mappings, and tunnel configurations are documented here.

Note: This document consolidates routing information from multiple sources. For specific setup procedures, see the related documents below.

---

Architecture Overview

Internet → Cloudflare → cloudflared (VMID 102) → Routing Decision
                                                      ├─ HTTP RPC → Central Nginx (VMID 105) → RPC Nodes
                                                      └─ WebSocket RPC → Direct to RPC Nodes

---

Routing Rules

HTTP Endpoints (via Central Nginx)

All HTTP endpoints route through the central Nginx on VMID 105 (192.168.11.21:80):

Domain	Cloudflare Tunnel →	Central Nginx →	Final Destination
explorer.d-bis.org	http://192.168.11.21:80	http://192.168.11.140:80	Blockscout
rpc-http-pub.d-bis.org	http://192.168.11.21:80	https://192.168.11.252:443	RPC Public (HTTP)
rpc-http-prv.d-bis.org	http://192.168.11.21:80	https://192.168.11.251:443	RPC Private (HTTP)
dbis-admin.d-bis.org	http://192.168.11.21:80	http://192.168.11.130:80	DBIS Frontend
dbis-api.d-bis.org	http://192.168.11.21:80	http://192.168.11.150:3000	DBIS API Primary
dbis-api-2.d-bis.org	http://192.168.11.21:80	http://192.168.11.151:3000	DBIS API Secondary
mim4u.org	http://192.168.11.21:80	http://192.168.11.19:80	Miracles In Motion
www.mim4u.org	http://192.168.11.21:80	301 Redirect → mim4u.org	Redirects to non-www

WebSocket Endpoints (Direct Routing)

WebSocket endpoints route directly to RPC nodes, bypassing the central Nginx:

Domain	Cloudflare Tunnel →	Direct to RPC Node →	Final Destination
rpc-ws-pub.d-bis.org	wss://192.168.11.252:443	wss://192.168.11.252:443	127.0.0.1:8546 (WebSocket)
rpc-ws-prv.d-bis.org	wss://192.168.11.251:443	wss://192.168.11.251:443	127.0.0.1:8546 (WebSocket)

Why Direct Routing for WebSockets?

• WebSocket connections require persistent connections and protocol upgrades
• Direct routing reduces latency and connection overhead
• RPC nodes handle WebSocket connections efficiently on their own Nginx instances

---

Cloudflare Tunnel Configuration

Tunnel: rpc-http-pub.d-bis.org (Tunnel ID: 10ab22da-8ea3-4e2e-a896-27ece2211a05)

Location: VMID 102 (cloudflared container)

Configuration: See CLOUDFLARE_TUNNEL_ROUTING_ARCHITECTURE.md for complete tunnel configuration.

---

Central Nginx Configuration

Nginx Proxy Manager (VMID 105)

IP Address: 192.168.11.21
Configuration File: /data/nginx/custom/http.conf
Status: Active and running

Services Configured: See CENTRAL_NGINX_ROUTING_SETUP.md for complete configuration.

---

Related Documentation

Setup Guides

• ../04-configuration/cloudflare/CLOUDFLARE_ZERO_TRUST_GUIDE.md ⭐⭐⭐ - Complete Cloudflare Zero Trust setup
• ../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_INSTALLATION.md ⭐⭐ - Tunnel installation procedures
• ../04-configuration/cloudflare/CLOUDFLARE_DNS_TO_CONTAINERS.md ⭐⭐⭐ - DNS mapping to containers

Architecture Documents

• CLOUDFLARE_TUNNEL_ROUTING_ARCHITECTURE.md ⭐⭐⭐ - Detailed tunnel routing architecture
• CENTRAL_NGINX_ROUTING_SETUP.md ⭐⭐⭐ - Central Nginx routing configuration
• CLOUDFLARE_NGINX_INTEGRATION.md ⭐⭐ - Cloudflare + NGINX integration
• NGINX_ARCHITECTURE_RPC.md ⭐⭐ - NGINX architecture for RPC

Domain and DNS

• ../02-architecture/DOMAIN_STRUCTURE.md ⭐⭐ - Domain structure reference
• ../04-configuration/RPC_DNS_CONFIGURATION.md - RPC DNS configuration
• ../04-configuration/cloudflare/CLOUDFLARE_DNS_SPECIFIC_SERVICES.md ⭐⭐⭐ - Service-specific DNS configuration

---

Last Updated: 2025-01-20
Document Version: 1.0
Review Cycle: Quarterly