cb47cce074
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
351 lines
11 KiB
Bash
Executable File
351 lines
11 KiB
Bash
Executable File
#!/bin/bash
|
|
# Fix shared Cloudflare tunnel configuration
|
|
# Resolves DNS conflicts for tunnel 10ab22da-8ea3-4e2e-a896-27ece2211a05
|
|
|
|
set -e
|
|
|
|
PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.12}"
|
|
VMID="${VMID:-102}"
|
|
TUNNEL_ID="10ab22da-8ea3-4e2e-a896-27ece2211a05"
|
|
NGINX_TARGET="192.168.11.21:80"
|
|
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo " Fix Shared Cloudflare Tunnel Configuration"
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo ""
|
|
echo "Tunnel ID: ${TUNNEL_ID}"
|
|
echo "Target: http://${NGINX_TARGET}"
|
|
echo "Container: VMID ${VMID} on ${PROXMOX_HOST}"
|
|
echo ""
|
|
|
|
# Check if we can connect
|
|
if ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} "pct exec ${VMID} -- echo 'Connected'" 2>/dev/null; then
|
|
echo "❌ Cannot connect to VMID ${VMID} on ${PROXMOX_HOST}"
|
|
echo ""
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo " Connection Failed - Alternative Methods"
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo ""
|
|
echo "Your machine is on a different network segment."
|
|
echo "Use one of these methods:"
|
|
echo ""
|
|
echo "Method 1: Use SSH Tunnel First"
|
|
echo " ./setup_ssh_tunnel.sh"
|
|
echo " # Then in another terminal:"
|
|
echo " PROXMOX_HOST=localhost ./fix-shared-tunnel.sh"
|
|
echo ""
|
|
echo "Method 2: Run from Proxmox Network"
|
|
echo " Copy this script to a machine on 192.168.11.0/24 network"
|
|
echo " Then run: ./fix-shared-tunnel.sh"
|
|
echo ""
|
|
echo "Method 3: Manual Configuration"
|
|
echo " See: DNS_CONFLICT_RESOLUTION.md for manual steps"
|
|
echo ""
|
|
echo "Method 4: Use Cloudflare Dashboard"
|
|
echo " Configure tunnel via: https://one.dash.cloudflare.com/"
|
|
echo " Zero Trust → Networks → Tunnels → Configure"
|
|
echo ""
|
|
|
|
# Generate configuration files for manual deployment
|
|
echo "Generating configuration files for manual deployment..."
|
|
mkdir -p /tmp/tunnel-fix-${TUNNEL_ID}
|
|
|
|
cat > /tmp/tunnel-fix-${TUNNEL_ID}/tunnel-services.yml << 'CONFIG_EOF'
|
|
tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05
|
|
credentials-file: /etc/cloudflared/credentials-services.json
|
|
|
|
ingress:
|
|
- hostname: dbis-admin.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: dbis-admin.d-bis.org
|
|
- hostname: dbis-api.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: dbis-api.d-bis.org
|
|
- hostname: dbis-api-2.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: dbis-api-2.d-bis.org
|
|
- hostname: mim4u.org.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: mim4u.org.d-bis.org
|
|
- hostname: www.mim4u.org.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: www.mim4u.org.d-bis.org
|
|
- hostname: rpc-http-prv.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: rpc-http-prv.d-bis.org
|
|
- hostname: rpc-http-pub.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: rpc-http-pub.d-bis.org
|
|
- hostname: rpc-ws-prv.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: rpc-ws-prv.d-bis.org
|
|
- hostname: rpc-ws-pub.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: rpc-ws-pub.d-bis.org
|
|
- service: http_status:404
|
|
|
|
metrics: 127.0.0.1:9090
|
|
loglevel: info
|
|
gracePeriod: 30s
|
|
CONFIG_EOF
|
|
|
|
cat > /tmp/tunnel-fix-${TUNNEL_ID}/cloudflared-services.service << 'SERVICE_EOF'
|
|
[Unit]
|
|
Description=Cloudflare Tunnel for Services (RPC, API, Admin, MIM4U)
|
|
After=network.target
|
|
|
|
[Service]
|
|
TimeoutStartSec=0
|
|
Type=notify
|
|
ExecStart=/usr/local/bin/cloudflared --config /etc/cloudflared/tunnel-services.yml tunnel run
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
SERVICE_EOF
|
|
|
|
cat > /tmp/tunnel-fix-${TUNNEL_ID}/DEPLOY_INSTRUCTIONS.md << 'INST_EOF'
|
|
# Manual Deployment Instructions
|
|
|
|
## Files Generated
|
|
|
|
- `tunnel-services.yml` - Tunnel configuration
|
|
- `cloudflared-services.service` - Systemd service file
|
|
- `DEPLOY_INSTRUCTIONS.md` - This file
|
|
|
|
## Deployment Steps
|
|
|
|
### Option A: From Proxmox Host (192.168.11.12)
|
|
|
|
```bash
|
|
# 1. Copy files to Proxmox host
|
|
scp tunnel-services.yml root@192.168.11.12:/tmp/
|
|
scp cloudflared-services.service root@192.168.11.12:/tmp/
|
|
|
|
# 2. SSH to Proxmox host
|
|
ssh root@192.168.11.12
|
|
|
|
# 3. Copy files into container
|
|
pct push 102 /tmp/tunnel-services.yml /etc/cloudflared/tunnel-services.yml
|
|
pct push 102 /tmp/cloudflared-services.service /etc/systemd/system/cloudflared-services.service
|
|
|
|
# 4. Set permissions
|
|
pct exec 102 -- chmod 600 /etc/cloudflared/tunnel-services.yml
|
|
|
|
# 5. Reload systemd and start
|
|
pct exec 102 -- systemctl daemon-reload
|
|
pct exec 102 -- systemctl enable cloudflared-services.service
|
|
pct exec 102 -- systemctl start cloudflared-services.service
|
|
|
|
# 6. Check status
|
|
pct exec 102 -- systemctl status cloudflared-services.service
|
|
```
|
|
|
|
### Option B: Direct Container Access
|
|
|
|
If you have direct access to the container:
|
|
|
|
```bash
|
|
# 1. Copy files into container
|
|
# (Use pct push or copy manually)
|
|
|
|
# 2. Inside container:
|
|
chmod 600 /etc/cloudflared/tunnel-services.yml
|
|
systemctl daemon-reload
|
|
systemctl enable cloudflared-services.service
|
|
systemctl start cloudflared-services.service
|
|
systemctl status cloudflared-services.service
|
|
```
|
|
|
|
### Option C: Via Cloudflare Dashboard
|
|
|
|
1. Go to: https://one.dash.cloudflare.com/
|
|
2. Zero Trust → Networks → Tunnels
|
|
3. Find tunnel: `10ab22da-8ea3-4e2e-a896-27ece2211a05`
|
|
4. Click Configure
|
|
5. Add all hostnames as shown in tunnel-services.yml
|
|
6. Save configuration
|
|
|
|
## Verification
|
|
|
|
After deployment:
|
|
|
|
```bash
|
|
# Check service status
|
|
pct exec 102 -- systemctl status cloudflared-services.service
|
|
|
|
# Check logs
|
|
pct exec 102 -- journalctl -u cloudflared-services -f
|
|
|
|
# Test endpoints
|
|
curl -I https://dbis-admin.d-bis.org
|
|
curl -I https://rpc-http-pub.d-bis.org
|
|
```
|
|
|
|
## Important Notes
|
|
|
|
- Ensure credentials file exists: `/etc/cloudflared/credentials-services.json`
|
|
- Verify Nginx is accessible at `192.168.11.21:80`
|
|
- Check tunnel status in Cloudflare dashboard
|
|
INST_EOF
|
|
|
|
echo "✅ Configuration files generated in: /tmp/tunnel-fix-${TUNNEL_ID}/"
|
|
echo ""
|
|
echo "Files created:"
|
|
echo " - tunnel-services.yml (tunnel configuration)"
|
|
echo " - cloudflared-services.service (systemd service)"
|
|
echo " - DEPLOY_INSTRUCTIONS.md (deployment guide)"
|
|
echo ""
|
|
echo "Next steps:"
|
|
echo " 1. Review files in /tmp/tunnel-fix-${TUNNEL_ID}/"
|
|
echo " 2. Follow DEPLOY_INSTRUCTIONS.md"
|
|
echo " 3. Or use Cloudflare Dashboard method"
|
|
echo ""
|
|
|
|
exit 1
|
|
fi
|
|
|
|
echo "✅ Connected to container"
|
|
echo ""
|
|
|
|
# Create tunnel configuration
|
|
echo "Creating tunnel configuration..."
|
|
ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- bash" << 'TUNNEL_CONFIG'
|
|
cat > /etc/cloudflared/tunnel-services.yml << 'EOF'
|
|
tunnel: 10ab22da-8ea3-4e2e-a896-27ece2211a05
|
|
credentials-file: /etc/cloudflared/credentials-services.json
|
|
|
|
ingress:
|
|
# Admin Interface
|
|
- hostname: dbis-admin.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: dbis-admin.d-bis.org
|
|
|
|
# API Endpoints
|
|
- hostname: dbis-api.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: dbis-api.d-bis.org
|
|
|
|
- hostname: dbis-api-2.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: dbis-api-2.d-bis.org
|
|
|
|
# MIM4U Services
|
|
- hostname: mim4u.org.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: mim4u.org.d-bis.org
|
|
|
|
- hostname: www.mim4u.org.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: www.mim4u.org.d-bis.org
|
|
|
|
# RPC Endpoints - HTTP
|
|
- hostname: rpc-http-prv.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: rpc-http-prv.d-bis.org
|
|
|
|
- hostname: rpc-http-pub.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: rpc-http-pub.d-bis.org
|
|
|
|
# RPC Endpoints - WebSocket
|
|
- hostname: rpc-ws-prv.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: rpc-ws-prv.d-bis.org
|
|
|
|
- hostname: rpc-ws-pub.d-bis.org
|
|
service: http://192.168.11.21:80
|
|
originRequest:
|
|
httpHostHeader: rpc-ws-pub.d-bis.org
|
|
|
|
# Catch-all (MUST be last)
|
|
- service: http_status:404
|
|
|
|
# Metrics
|
|
metrics: 127.0.0.1:9090
|
|
|
|
# Logging
|
|
loglevel: info
|
|
|
|
# Grace period
|
|
gracePeriod: 30s
|
|
EOF
|
|
|
|
chmod 600 /etc/cloudflared/tunnel-services.yml
|
|
echo "✅ Configuration file created"
|
|
TUNNEL_CONFIG
|
|
|
|
# Create systemd service
|
|
echo "Creating systemd service..."
|
|
ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- bash" << 'SERVICE_CONFIG'
|
|
cat > /etc/systemd/system/cloudflared-services.service << 'EOF'
|
|
[Unit]
|
|
Description=Cloudflare Tunnel for Services (RPC, API, Admin, MIM4U)
|
|
After=network.target
|
|
|
|
[Service]
|
|
TimeoutStartSec=0
|
|
Type=notify
|
|
ExecStart=/usr/local/bin/cloudflared --config /etc/cloudflared/tunnel-services.yml tunnel run
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
echo "✅ Service file created"
|
|
SERVICE_CONFIG
|
|
|
|
# Reload systemd and enable service
|
|
echo "Enabling and starting service..."
|
|
ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- systemctl daemon-reload"
|
|
ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- systemctl enable cloudflared-services.service" || echo "⚠️ Service may already be enabled"
|
|
ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- systemctl restart cloudflared-services.service" || ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- systemctl start cloudflared-services.service"
|
|
|
|
# Wait a moment
|
|
sleep 3
|
|
|
|
# Check status
|
|
echo ""
|
|
echo "Checking service status..."
|
|
ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- systemctl status cloudflared-services.service --no-pager -l" || true
|
|
|
|
echo ""
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo " Configuration Complete"
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo ""
|
|
echo "Next steps:"
|
|
echo " 1. Verify credentials file exists:"
|
|
echo " ssh root@${PROXMOX_HOST} 'pct exec ${VMID} -- ls -la /etc/cloudflared/credentials-services.json'"
|
|
echo ""
|
|
echo " 2. Check tunnel logs:"
|
|
echo " ssh root@${PROXMOX_HOST} 'pct exec ${VMID} -- journalctl -u cloudflared-services -f'"
|
|
echo ""
|
|
echo " 3. Test hostnames:"
|
|
echo " curl -I https://dbis-admin.d-bis.org"
|
|
echo " curl -I https://rpc-http-pub.d-bis.org"
|
|
echo ""
|
|
echo " 4. Update TTL values in Cloudflare Dashboard:"
|
|
echo " DNS → Records → Change TTL from 1 to 300 (or Auto)"
|
|
echo ""
|