#!/bin/bash set -euo pipefail # Diagnose all Cloudflare tunnels - identify why they're DOWN set -e PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.12}" VMID="${VMID:-102}" echo "═══════════════════════════════════════════════════════════" echo " Cloudflare Tunnels Diagnostic" echo "═══════════════════════════════════════════════════════════" echo "" echo "Target: VMID ${VMID} on ${PROXMOX_HOST}" echo "" # Test connection if ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@${PROXMOX_HOST} "pct exec ${VMID} -- echo 'Connected'" 2>/dev/null; then echo "❌ Cannot connect to VMID ${VMID} on ${PROXMOX_HOST}" echo "" echo "Network segmentation detected. Use SSH tunnel:" echo " ./setup_ssh_tunnel.sh" echo " PROXMOX_HOST=localhost ./diagnose-tunnels.sh" exit 1 fi echo "✅ Connected to container" echo "" # 1. Check container status echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "1. Container Status" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" CONTAINER_STATUS=$(ssh root@${PROXMOX_HOST} "pct status ${VMID}" 2>/dev/null || echo "unknown") echo "Status: $CONTAINER_STATUS" if [[ "$CONTAINER_STATUS" != *"running"* ]]; then echo "⚠️ Container is not running!" echo " Fix: ssh root@${PROXMOX_HOST} 'pct start ${VMID}'" fi echo "" # 2. Check cloudflared installation echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "2. cloudflared Installation" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" CLOUDFLARED_PATH=$(ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- which cloudflared" 2>/dev/null || echo "") if [ -z "$CLOUDFLARED_PATH" ]; then echo "❌ cloudflared not found!" echo " Fix: ssh root@${PROXMOX_HOST} 'pct exec ${VMID} -- apt install -y cloudflared'" else echo "✅ cloudflared found: $CLOUDFLARED_PATH" VERSION=$(ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- cloudflared --version" 2>/dev/null || echo "unknown") echo " Version: $VERSION" fi echo "" # 3. Check service status echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "3. Tunnel Services Status" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" SERVICES=$(ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- systemctl list-units --type=service --state=running,failed | grep cloudflared" 2>/dev/null || echo "") if [ -z "$SERVICES" ]; then echo "❌ No cloudflared services running!" echo "" echo "Checking for installed services..." INSTALLED=$(ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- systemctl list-units --type=service --all | grep cloudflared" 2>/dev/null || echo "") if [ -z "$INSTALLED" ]; then echo "❌ No cloudflared services found!" echo " Services need to be created" else echo "Found services (not running):" echo "$INSTALLED" | while read line; do echo " - $line" done echo "" echo "Fix: ssh root@${PROXMOX_HOST} 'pct exec ${VMID} -- systemctl start cloudflared-*'" fi else echo "✅ Running services:" echo "$SERVICES" | while read line; do echo " ✅ $line" done fi echo "" # 4. Check credentials echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "4. Tunnel Credentials" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" CREDENTIALS=$(ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- ls -1 /etc/cloudflared/credentials-*.json 2>/dev/null" || echo "") if [ -z "$CREDENTIALS" ]; then echo "❌ No credential files found!" echo " Credentials need to be downloaded from Cloudflare Dashboard" echo " Location: Zero Trust → Networks → Tunnels → Download credentials" else echo "✅ Found credential files:" echo "$CREDENTIALS" | while read cred; do PERMS=$(ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- stat -c '%a' $cred" 2>/dev/null || echo "unknown") if [ "$PERMS" != "600" ]; then echo " ⚠️ $cred (permissions: $PERMS - should be 600)" else echo " ✅ $cred (permissions: $PERMS)" fi done fi echo "" # 5. Check network connectivity echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "5. Network Connectivity" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" if ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- ping -c 2 -W 2 8.8.8.8" >/dev/null 2>&1; then echo "✅ Internet connectivity: OK" else echo "❌ Internet connectivity: FAILED" echo " Container cannot reach internet" fi if ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- curl -s -o /dev/null -w '%{http_code}' --max-time 5 https://cloudflare.com" | grep -q "200\|301\|302"; then echo "✅ HTTPS connectivity: OK" else echo "❌ HTTPS connectivity: FAILED" fi echo "" # 6. Check recent logs echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "6. Recent Tunnel Logs (last 20 lines)" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" LOGS=$(ssh root@${PROXMOX_HOST} "pct exec ${VMID} -- journalctl -u cloudflared-* -n 20 --no-pager 2>/dev/null" || echo "No logs found") if [ "$LOGS" != "No logs found" ] && [ -n "$LOGS" ]; then echo "$LOGS" else echo "⚠️ No recent logs found (services may not be running)" fi echo "" # Summary echo "═══════════════════════════════════════════════════════════" echo " Diagnostic Summary" echo "═══════════════════════════════════════════════════════════" echo "" echo "Next steps:" echo " 1. Review findings above" echo " 2. Run fix script: ./fix-all-tunnels.sh" echo " 3. Or manually fix issues identified" echo ""