d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f0ab0eadc23ad19a67499ed3ed9dd4e8ca80b468
proxmox/docs/05-network/CLOUDFLARE_ROUTING_MASTER.md
defiQUG 9c37af10c0 Complete optional next steps: fix references and consolidate duplicates 
- Fixed 104 broken references in 59 files
- Consolidated 40+ duplicate status files
- Archived duplicates to reports/archive/duplicates/
- Created scripts for reference fixing and consolidation
- Updated content inconsistency reports

All optional cleanup tasks complete.
2026-01-06 02:25:38 -08:00

107 lines
5.0 KiB
Markdown
Raw Blame History

# Cloudflare Routing Master Reference
**Navigation:** [Home](/docs/01-getting-started/README.md) > [Network](/docs/01-getting-started/README.md) > Cloudflare Routing Master
**Last Updated:** 2025-01-20
**Document Version:** 1.0
**Status:** 🟢 Active Documentation
---
## Overview
This is the **authoritative reference** for Cloudflare tunnel routing architecture. All routing decisions, domain mappings, and tunnel configurations are documented here.
> **Note:** This document consolidates routing information from multiple sources. For specific setup procedures, see the related documents below.
---
## Architecture Overview
```
Internet → Cloudflare → cloudflared (VMID 102) → Routing Decision
├─ HTTP RPC → Central Nginx (VMID 105) → RPC Nodes
└─ WebSocket RPC → Direct to RPC Nodes
```
---
## Routing Rules
### HTTP Endpoints (via Central Nginx)
All HTTP endpoints route through the central Nginx on VMID 105 (`192.168.11.21:80`):
| Domain | Cloudflare Tunnel → | Central Nginx → | Final Destination |
|--------|---------------------|-----------------|-------------------|
| `explorer.d-bis.org` | `http://192.168.11.21:80` | `http://192.168.11.140:80` | Blockscout |
| `rpc-http-pub.d-bis.org` | `http://192.168.11.21:80` | `https://192.168.11.252:443` | RPC Public (HTTP) |
| `rpc-http-prv.d-bis.org` | `http://192.168.11.21:80` | `https://192.168.11.251:443` | RPC Private (HTTP) |
| `dbis-admin.d-bis.org` | `http://192.168.11.21:80` | `http://192.168.11.130:80` | DBIS Frontend |
| `dbis-api.d-bis.org` | `http://192.168.11.21:80` | `http://192.168.11.150:3000` | DBIS API Primary |
| `dbis-api-2.d-bis.org` | `http://192.168.11.21:80` | `http://192.168.11.151:3000` | DBIS API Secondary |
| `mim4u.org` | `http://192.168.11.21:80` | `http://192.168.11.19:80` | Miracles In Motion |
| `www.mim4u.org` | `http://192.168.11.21:80` | `301 Redirect``mim4u.org` | Redirects to non-www |
### WebSocket Endpoints (Direct Routing)
WebSocket endpoints route **directly** to RPC nodes, bypassing the central Nginx:
| Domain | Cloudflare Tunnel → | Direct to RPC Node → | Final Destination |
|--------|---------------------|----------------------|-------------------|
| `rpc-ws-pub.d-bis.org` | `wss://192.168.11.252:443` | `wss://192.168.11.252:443` | `127.0.0.1:8546` (WebSocket) |
| `rpc-ws-prv.d-bis.org` | `wss://192.168.11.251:443` | `wss://192.168.11.251:443` | `127.0.0.1:8546` (WebSocket) |
**Why Direct Routing for WebSockets?**
- WebSocket connections require persistent connections and protocol upgrades
- Direct routing reduces latency and connection overhead
- RPC nodes handle WebSocket connections efficiently on their own Nginx instances
---
## Cloudflare Tunnel Configuration
### Tunnel: `rpc-http-pub.d-bis.org` (Tunnel ID: `10ab22da-8ea3-4e2e-a896-27ece2211a05`)
**Location:** VMID 102 (cloudflared container)
**Configuration:** See [CLOUDFLARE_TUNNEL_ROUTING_ARCHITECTURE.md](CLOUDFLARE_TUNNEL_ROUTING_ARCHITECTURE.md) for complete tunnel configuration.
---
## Central Nginx Configuration
### Nginx Proxy Manager (VMID 105)
**IP Address:** `192.168.11.21`
**Configuration File:** `/data/nginx/custom/http.conf`
**Status:** Active and running
**Services Configured:** See [CENTRAL_NGINX_ROUTING_SETUP.md](CENTRAL_NGINX_ROUTING_SETUP.md) for complete configuration.
---
## Related Documentation
### Setup Guides
- **[../04-configuration/cloudflare/CLOUDFLARE_ZERO_TRUST_GUIDE.md](../04-configuration/cloudflare/CLOUDFLARE_ZERO_TRUST_GUIDE.md)** ⭐⭐⭐ - Complete Cloudflare Zero Trust setup
- **[../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_INSTALLATION.md](../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_INSTALLATION.md)** ⭐⭐ - Tunnel installation procedures
- **[../04-configuration/cloudflare/CLOUDFLARE_DNS_TO_CONTAINERS.md](../04-configuration/cloudflare/CLOUDFLARE_DNS_TO_CONTAINERS.md)** ⭐⭐⭐ - DNS mapping to containers
### Architecture Documents
- **[CLOUDFLARE_TUNNEL_ROUTING_ARCHITECTURE.md](CLOUDFLARE_TUNNEL_ROUTING_ARCHITECTURE.md)** ⭐⭐⭐ - Detailed tunnel routing architecture
- **[CENTRAL_NGINX_ROUTING_SETUP.md](CENTRAL_NGINX_ROUTING_SETUP.md)** ⭐⭐⭐ - Central Nginx routing configuration
- **[CLOUDFLARE_NGINX_INTEGRATION.md](CLOUDFLARE_NGINX_INTEGRATION.md)** ⭐⭐ - Cloudflare + NGINX integration
- **[NGINX_ARCHITECTURE_RPC.md](NGINX_ARCHITECTURE_RPC.md)** ⭐⭐ - NGINX architecture for RPC
### Domain and DNS
- **[../02-architecture/DOMAIN_STRUCTURE.md](../02-architecture/DOMAIN_STRUCTURE.md)** ⭐⭐ - Domain structure reference
- **[../04-configuration/RPC_DNS_CONFIGURATION.md](/docs/04-configuration/RPC_DNS_CONFIGURATION.md)** - RPC DNS configuration
- **[../04-configuration/cloudflare/CLOUDFLARE_DNS_SPECIFIC_SERVICES.md](../04-configuration/cloudflare/CLOUDFLARE_DNS_SPECIFIC_SERVICES.md)** ⭐⭐⭐ - Service-specific DNS configuration
---
**Last Updated:** 2025-01-20
**Document Version:** 1.0
**Review Cycle:** Quarterly
Reference in New Issue View Git Blame Copy Permalink