d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
cb47cce074da46f3ce5910b752d435c4a3ee87d0
proxmox/scripts/cloudflare-tunnels/DEPLOYMENT_CHECKLIST.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

230 lines
6.2 KiB
Markdown
Raw Blame History

# Deployment Checklist
Complete checklist for deploying Cloudflare Multi-Tunnel setup.
## Pre-Deployment
### Prerequisites Verification
- [ ] Run: `./scripts/verify-prerequisites.sh`
- [ ] All automated checks pass
- [ ] VMID 102 is accessible and running
- [ ] Network connectivity verified
### Cloudflare Account Setup
- [ ] Cloudflare account created
- [ ] Zero Trust enabled (free for up to 50 users)
- [ ] Domain `d-bis.org` added to Cloudflare
- [ ] DNS management verified
## Step 1: Create Tunnels in Cloudflare
- [ ] Go to: https://one.dash.cloudflare.com
- [ ] Navigate to: Zero Trust → Networks → Tunnels
- [ ] Create tunnel: `tunnel-ml110`
- [ ] Copy tunnel token/ID
- [ ] Save credentials securely
- [ ] Create tunnel: `tunnel-r630-01`
- [ ] Copy tunnel token/ID
- [ ] Save credentials securely
- [ ] Create tunnel: `tunnel-r630-02`
- [ ] Copy tunnel token/ID
- [ ] Save credentials securely
## Step 2: Configure Tunnel Public Hostnames
For each tunnel in Cloudflare Dashboard:
### tunnel-ml110
- [ ] Click "Configure"
- [ ] Go to "Public Hostnames" tab
- [ ] Add hostname:
- [ ] Subdomain: `ml110-01`
- [ ] Domain: `d-bis.org`
- [ ] Service: `https://192.168.11.10:8006`
- [ ] Type: HTTP
- [ ] Save
### tunnel-r630-01
- [ ] Click "Configure"
- [ ] Go to "Public Hostnames" tab
- [ ] Add hostname:
- [ ] Subdomain: `r630-01`
- [ ] Domain: `d-bis.org`
- [ ] Service: `https://192.168.11.11:8006`
- [ ] Type: HTTP
- [ ] Save
### tunnel-r630-02
- [ ] Click "Configure"
- [ ] Go to "Public Hostnames" tab
- [ ] Add hostname:
- [ ] Subdomain: `r630-02`
- [ ] Domain: `d-bis.org`
- [ ] Service: `https://192.168.11.12:8006`
- [ ] Type: HTTP
- [ ] Save
## Step 3: Run Setup Script
- [ ] Navigate to: `scripts/cloudflare-tunnels`
- [ ] Run: `./scripts/setup-multi-tunnel.sh`
- [ ] Enter tunnel IDs when prompted
- [ ] Provide credentials file paths
- [ ] Verify all services installed
## Step 4: Update Configuration Files
- [ ] Edit `/etc/cloudflared/tunnel-ml110.yml`
- [ ] Replace `<TUNNEL_ID_ML110>` with actual tunnel ID
- [ ] Edit `/etc/cloudflared/tunnel-r630-01.yml`
- [ ] Replace `<TUNNEL_ID_R630_01>` with actual tunnel ID
- [ ] Edit `/etc/cloudflared/tunnel-r630-02.yml`
- [ ] Replace `<TUNNEL_ID_R630_02>` with actual tunnel ID
## Step 5: Place Credentials Files
- [ ] Copy `tunnel-ml110.json` to `/etc/cloudflared/`
- [ ] Copy `tunnel-r630-01.json` to `/etc/cloudflared/`
- [ ] Copy `tunnel-r630-02.json` to `/etc/cloudflared/`
- [ ] Set permissions: `chmod 600 /etc/cloudflared/tunnel-*.json`
## Step 6: Create DNS Records
In Cloudflare Dashboard → DNS → Records:
- [ ] Create CNAME: `ml110-01``<tunnel-id-ml110>.cfargotunnel.com`
- [ ] Proxy: Enabled (orange cloud)
- [ ] TTL: Auto
- [ ] Create CNAME: `r630-01``<tunnel-id-r630-01>.cfargotunnel.com`
- [ ] Proxy: Enabled (orange cloud)
- [ ] TTL: Auto
- [ ] Create CNAME: `r630-02``<tunnel-id-r630-02>.cfargotunnel.com`
- [ ] Proxy: Enabled (orange cloud)
- [ ] TTL: Auto
## Step 7: Start Services
- [ ] Start ml110 tunnel: `systemctl start cloudflared-ml110`
- [ ] Start r630-01 tunnel: `systemctl start cloudflared-r630-01`
- [ ] Start r630-02 tunnel: `systemctl start cloudflared-r630-02`
- [ ] Enable on boot: `systemctl enable cloudflared-*`
## Step 8: Verify Services
- [ ] Check status: `systemctl status cloudflared-*`
- [ ] All services show "active (running)"
- [ ] Run health check: `./scripts/check-tunnel-health.sh`
- [ ] All checks pass
## Step 9: Test DNS Resolution
- [ ] `dig ml110-01.d-bis.org` - Resolves to Cloudflare IPs
- [ ] `dig r630-01.d-bis.org` - Resolves to Cloudflare IPs
- [ ] `dig r630-02.d-bis.org` - Resolves to Cloudflare IPs
## Step 10: Test HTTPS Access
- [ ] `curl -I https://ml110-01.d-bis.org` - Returns 200/302/401/403
- [ ] `curl -I https://r630-01.d-bis.org` - Returns 200/302/401/403
- [ ] `curl -I https://r630-02.d-bis.org` - Returns 200/302/401/403
## Step 11: Configure Cloudflare Access
Follow: `docs/CLOUDFLARE_ACCESS_SETUP.md`
### For ml110-01
- [ ] Create application: `Proxmox ml110-01`
- [ ] Domain: `ml110-01.d-bis.org`
- [ ] Configure policy with MFA
- [ ] Test access in browser
### For r630-01
- [ ] Create application: `Proxmox r630-01`
- [ ] Domain: `r630-01.d-bis.org`
- [ ] Configure policy with MFA
- [ ] Test access in browser
### For r630-02
- [ ] Create application: `Proxmox r630-02`
- [ ] Domain: `r630-02.d-bis.org`
- [ ] Configure policy with MFA
- [ ] Test access in browser
## Step 12: Set Up Monitoring
- [ ] Configure alerting: Edit `monitoring/alerting.conf`
- [ ] Set email/webhook addresses
- [ ] Test alerts: `./scripts/alert-tunnel-failure.sh ml110 service_down`
- [ ] Start monitoring: `./scripts/monitor-tunnels.sh --daemon`
- [ ] Verify monitoring is running: `ps aux | grep monitor-tunnels`
## Step 13: Final Verification
- [ ] All three Proxmox hosts accessible via browser
- [ ] Cloudflare Access login appears
- [ ] Can login and access Proxmox UI
- [ ] All tunnels show "Healthy" in Cloudflare dashboard
- [ ] Monitoring is running
- [ ] Alerts configured and tested
## Post-Deployment
### Documentation
- [ ] Review all documentation
- [ ] Bookmark troubleshooting guide
- [ ] Save tunnel credentials securely
- [ ] Document any custom configurations
### Maintenance
- [ ] Schedule regular health checks
- [ ] Review access logs monthly
- [ ] Update documentation as needed
- [ ] Test disaster recovery procedures
## Troubleshooting
If any step fails:
1. Check [TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md)
2. Run health check: `./scripts/check-tunnel-health.sh`
3. Review logs: `journalctl -u cloudflared-* -f`
4. Verify Cloudflare dashboard tunnel status
## Quick Reference
### Service Management
```bash
# Start all tunnels
systemctl start cloudflared-ml110 cloudflared-r630-01 cloudflared-r630-02
# Check status
systemctl status cloudflared-*
# View logs
journalctl -u cloudflared-* -f
```
### Health Checks
```bash
# One-time check
./scripts/check-tunnel-health.sh
# Continuous monitoring
./scripts/monitor-tunnels.sh --daemon
```
### URLs
- ml110-01: `https://ml110-01.d-bis.org`
- r630-01: `https://r630-01.d-bis.org`
- r630-02: `https://r630-02.d-bis.org`
---
**Status:** Ready for deployment
**Last Updated:** $(date)
Reference in New Issue View Git Blame Copy Permalink