Files

defiQUG cb47cce074 Complete markdown files cleanup and organization

- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.

2026-01-06 01:46:25 -08:00

7.8 KiB

Raw Blame History

Cloudflare Tunnel Routing Architecture

Last Updated: 2025-12-27
Document Version: 1.0
Status: Active Documentation

Architecture Overview

Internet → Cloudflare → cloudflared (VMID 102) → Routing Decision
                                                      ├─ HTTP RPC → Central Nginx (VMID 105) → RPC Nodes
                                                      └─ WebSocket RPC → Direct to RPC Nodes

Routing Rules

HTTP Endpoints (via Central Nginx)

All HTTP endpoints route through the central Nginx on VMID 105 (192.168.11.21:80):

Domain	Cloudflare Tunnel →	Central Nginx →	Final Destination
`explorer.d-bis.org`	`http://192.168.11.21:80`	`http://192.168.11.140:80`	Blockscout
`rpc-http-pub.d-bis.org`	`http://192.168.11.21:80`	`https://192.168.11.252:443`	RPC Public (HTTP)
`rpc-http-prv.d-bis.org`	`http://192.168.11.21:80`	`https://192.168.11.251:443`	RPC Private (HTTP)
`dbis-admin.d-bis.org`	`http://192.168.11.21:80`	`http://192.168.11.130:80`	DBIS Frontend
`dbis-api.d-bis.org`	`http://192.168.11.21:80`	`http://192.168.11.150:3000`	DBIS API Primary
`dbis-api-2.d-bis.org`	`http://192.168.11.21:80`	`http://192.168.11.151:3000`	DBIS API Secondary
`mim4u.org`	`http://192.168.11.21:80`	`http://192.168.11.19:80`	Miracles In Motion
`www.mim4u.org`	`http://192.168.11.21:80`	`301 Redirect` → `mim4u.org`	Redirects to non-www

WebSocket Endpoints (Direct Routing)

WebSocket endpoints route directly to RPC nodes, bypassing the central Nginx:

Domain	Cloudflare Tunnel →	Direct to RPC Node →	Final Destination
`rpc-ws-pub.d-bis.org`	`wss://192.168.11.252:443`	`wss://192.168.11.252:443`	`127.0.0.1:8546` (WebSocket)
`rpc-ws-prv.d-bis.org`	`wss://192.168.11.251:443`	`wss://192.168.11.251:443`	`127.0.0.1:8546` (WebSocket)

Why Direct Routing for WebSockets?

WebSocket connections require persistent connections and protocol upgrades
Direct routing reduces latency and connection overhead
RPC nodes handle WebSocket connections efficiently on their own Nginx instances

Cloudflare Tunnel Configuration

Tunnel: `rpc-http-pub.d-bis.org` (Tunnel ID: `10ab22da-8ea3-4e2e-a896-27ece2211a05`)

HTTP Endpoints (via Central Nginx)

ingress:
  # Explorer
  - hostname: explorer.d-bis.org
    service: http://192.168.11.21:80
  
  # HTTP RPC Public
  - hostname: rpc-http-pub.d-bis.org
    service: http://192.168.11.21:80
  
  # HTTP RPC Private
  - hostname: rpc-http-prv.d-bis.org
    service: http://192.168.11.21:80
  
  # DBIS Services
  - hostname: dbis-admin.d-bis.org
    service: http://192.168.11.21:80
  
  - hostname: dbis-api.d-bis.org
    service: http://192.168.11.21:80
  
  - hostname: dbis-api-2.d-bis.org
    service: http://192.168.11.21:80
  
  # Miracles In Motion
  - hostname: mim4u.org
    service: http://192.168.11.21:80
  
  - hostname: www.mim4u.org
    service: http://192.168.11.21:80

WebSocket Endpoints (Direct Routing)

  # WebSocket RPC Public (direct to RPC node)
  - hostname: rpc-ws-pub.d-bis.org
    service: https://192.168.11.252:443
    originRequest:
      noTLSVerify: true
      httpHostHeader: rpc-ws-pub.d-bis.org
  
  # WebSocket RPC Private (direct to RPC node)
  - hostname: rpc-ws-prv.d-bis.org
    service: https://192.168.11.251:443
    originRequest:
      noTLSVerify: true
      httpHostHeader: rpc-ws-prv.d-bis.org
  
  # Catch-all
  - service: http_status:404

Complete Configuration Summary

Cloudflare Dashboard Configuration

For HTTP endpoints, configure in Cloudflare dashboard:

Service Type: HTTP
URL: 192.168.11.21:80 (Central Nginx)

For WebSocket endpoints, configure in Cloudflare dashboard:

Service Type: HTTPS
URL:
- rpc-ws-pub.d-bis.org → 192.168.11.252:443
- rpc-ws-prv.d-bis.org → 192.168.11.251:443
Additional Options:
- Enable "No TLS Verify"
- Set HTTP Host Header to match the hostname

Service Details

RPC Nodes

Public RPC (VMID 2502 - 192.168.11.252):

HTTP RPC: https://192.168.11.252:443 → 127.0.0.1:8545
WebSocket RPC: wss://192.168.11.252:443 → 127.0.0.1:8546

Private RPC (VMID 2501 - 192.168.11.251):

HTTP RPC: https://192.168.11.251:443 → 127.0.0.1:8545
WebSocket RPC: wss://192.168.11.251:443 → 127.0.0.1:8546

Central Nginx (VMID 105)

IP: 192.168.11.21
Port: 80 (HTTP)
Configuration: /data/nginx/custom/http.conf
Purpose: Routes HTTP traffic to appropriate internal services

Testing

Test HTTP RPC (via Central Nginx)

# Public HTTP RPC
curl -X POST https://rpc-http-pub.d-bis.org \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

# Private HTTP RPC
curl -X POST https://rpc-http-prv.d-bis.org \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Test WebSocket RPC (Direct)

# Public WebSocket RPC
wscat -c wss://rpc-ws-pub.d-bis.org

# Private WebSocket RPC
wscat -c wss://rpc-ws-prv.d-bis.org

Test Explorer (via Central Nginx)

curl https://explorer.d-bis.org/api/v2/stats

Benefits of This Architecture

Centralized HTTP Management: All HTTP traffic routes through central Nginx for easier management
Optimized WebSocket Performance: WebSocket connections route directly to RPC nodes, reducing latency
Simplified Configuration: Most services configured in one place (central Nginx)
Flexible Routing: Can easily add new HTTP services through central Nginx
Direct WebSocket Support: WebSocket connections maintain optimal performance with direct routing

Maintenance

Update HTTP Service Routing

Edit /data/nginx/custom/http.conf on VMID 105, then:

ssh root@192.168.11.12 "pct exec 105 -- nginx -t && systemctl restart npm"

Update WebSocket Routing

Update directly in Cloudflare dashboard (tunnel configuration) - no Nginx changes needed.

Master Reference: For a consolidated view of all Cloudflare routing, see CLOUDFLARE_ROUTING_MASTER.md ⭐⭐⭐.

Setup Guides

../04-configuration/cloudflare/CLOUDFLARE_ZERO_TRUST_GUIDE.md ⭐⭐⭐ - Complete Cloudflare Zero Trust setup
../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_INSTALLATION.md ⭐⭐ - Tunnel installation procedures
../04-configuration/cloudflare/CLOUDFLARE_DNS_TO_CONTAINERS.md ⭐⭐⭐ - DNS mapping to containers

Architecture Documents

CENTRAL_NGINX_ROUTING_SETUP.md ⭐⭐⭐ - Central Nginx routing configuration
CLOUDFLARE_NGINX_INTEGRATION.md ⭐⭐ - Cloudflare + NGINX integration
NGINX_ARCHITECTURE_RPC.md ⭐⭐ - NGINX RPC architecture

Domain and DNS

../02-architecture/DOMAIN_STRUCTURE.md ⭐⭐ - Domain structure reference
../04-configuration/RPC_DNS_CONFIGURATION.md - RPC DNS configuration
../04-configuration/cloudflare/CLOUDFLARE_DNS_SPECIFIC_SERVICES.md ⭐⭐⭐ - Service-specific DNS configuration

Last Updated: 2025-12-27
Document Version: 1.0
Review Cycle: Quarterly

7.8 KiB Raw Blame History

Cloudflare Tunnel Routing Architecture

Architecture Overview

Routing Rules

HTTP Endpoints (via Central Nginx)

WebSocket Endpoints (Direct Routing)

Cloudflare Tunnel Configuration

Tunnel: rpc-http-pub.d-bis.org (Tunnel ID: 10ab22da-8ea3-4e2e-a896-27ece2211a05)

HTTP Endpoints (via Central Nginx)

WebSocket Endpoints (Direct Routing)

Complete Configuration Summary

Cloudflare Dashboard Configuration

Service Details

RPC Nodes

Central Nginx (VMID 105)

Testing

Test HTTP RPC (via Central Nginx)

Test WebSocket RPC (Direct)

Test Explorer (via Central Nginx)

Benefits of This Architecture

Maintenance

Update HTTP Service Routing

Update WebSocket Routing

Related Documentation

Setup Guides

Architecture Documents

Domain and DNS

7.8 KiB

Raw Blame History

Tunnel: `rpc-http-pub.d-bis.org` (Tunnel ID: `10ab22da-8ea3-4e2e-a896-27ece2211a05`)