# Phase 1: Complete Setup Guide ## ✅ Automated Steps Completed ### 1. Infrastructure Deployment ✅ - All 104 resources deployed - 6 VMs running (5 backend + 1 Nginx proxy) - All networking, storage, monitoring configured ### 2. Nginx Backend Configuration ✅ - Backend IPs updated in Nginx configuration - Nginx service reloaded - Ready to proxy to backend VMs ### 3. Scripts Prepared ✅ - All setup scripts copied to Nginx proxy - Cloudflare credentials loaded from .env - Automation scripts ready ## 🔄 Manual Steps Required ### Step 1: Setup Cloudflare Tunnel (Requires Browser Authentication) **SSH to Nginx Proxy:** ```bash ssh besuadmin@20.160.58.99 ``` **Run Setup Script:** ```bash cd /tmp ./setup-cloudflare-tunnel.sh rpc.yourdomain.com ``` **What happens:** 1. Script will prompt for browser authentication 2. Open the URL shown in your browser 3. Complete Cloudflare authentication 4. Tunnel will be created automatically 5. DNS record will be created via API (if credentials available) **Note:** The script uses Cloudflare credentials from `.env` file automatically. ### Step 2: Configure Besu Nodes on Backend VMs **Prerequisites:** - VPN/Bastion access to backend VMs (they use private IPs) **For each backend VM:** ```bash # SSH to backend VM (via VPN/Bastion) ssh besuadmin@ # Run Besu setup script wget https://raw.githubusercontent.com/your-repo/terraform/phases/phase1/scripts/setup-besu-node.sh chmod +x setup-besu-node.sh sudo ./setup-besu-node.sh besu-node 0 ``` **Backend VM Details:** - Central US: 10.3.1.4 - East US: 10.1.1.4 - East US 2: 10.4.1.4 - West US: 10.2.1.4 - West US 2: 10.5.1.4 **Verify Besu is Running:** ```bash sudo systemctl status besu.service sudo journalctl -u besu.service -f curl http://localhost:8545 ``` ### Step 3: Configure Cloudflare DNS (If Not Done Automatically) **Option A: Automatic (via API)** ```bash cd terraform/phases/phase1 ./scripts/automated-cloudflare-dns.sh rpc.yourdomain.com ``` **Option B: Manual (via Dashboard)** 1. Go to Cloudflare Dashboard → DNS 2. Add CNAME record: - Name: `rpc` (or your subdomain) - Target: `.cfargotunnel.com` - Proxy: Enabled (orange cloud) - TTL: Auto ### Step 4: Configure SSL/TLS 1. Go to Cloudflare Dashboard → SSL/TLS 2. Set encryption mode to **"Full"** or **"Full (strict)"** 3. SSL certificate will be automatically provisioned by Cloudflare ### Step 5: Verify End-to-End Connectivity **Test from Nginx Proxy:** ```bash ssh besuadmin@20.160.58.99 curl http://10.1.1.4:8545 # Test backend connectivity curl http://localhost/health # Test Nginx ``` **Test from Public:** ```bash curl https://rpc.yourdomain.com/health curl -X POST https://rpc.yourdomain.com/rpc \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' ``` ## 📋 Quick Reference ### Nginx Proxy - **IP**: 20.160.58.99 (public), 10.10.1.4 (private) - **SSH**: `ssh besuadmin@20.160.58.99` - **Status**: ✅ Running - **Services**: Nginx, Docker, Cloudflared installed ### Backend VMs - **Access**: Requires VPN/Bastion - **IPs**: See details above - **Status**: ✅ Deployed, ⚠️ Services need configuration ### Cloudflare - **Credentials**: Loaded from `.env` - **Zone ID**: Configured - **Account ID**: Configured - **API Token**: Available ## 🔧 Troubleshooting ### Nginx Not Proxying to Backend ```bash # Check Nginx configuration ssh besuadmin@20.160.58.99 sudo nginx -t sudo systemctl status nginx sudo cat /etc/nginx/nginx.conf | grep -A 5 upstream ``` ### Cloudflare Tunnel Not Working ```bash # Check tunnel status ssh besuadmin@20.160.58.99 sudo systemctl status cloudflared sudo cat /etc/cloudflared/config.yml ``` ### Besu Node Not Responding ```bash # Check Besu service ssh besuadmin@ sudo systemctl status besu.service sudo journalctl -u besu.service -n 50 docker ps ``` ## ✅ Completion Checklist - [x] Infrastructure deployed - [x] Nginx backend configuration updated - [x] Scripts prepared and copied - [ ] Cloudflare Tunnel configured - [ ] Besu nodes configured on all backend VMs - [ ] Cloudflare DNS configured - [ ] SSL/TLS configured - [ ] End-to-end connectivity verified ## 📞 Support For issues or questions: 1. Check test results: `./scripts/run-all-tests.sh` 2. Review logs: `/var/log/nginx/error.log`, `journalctl -u besu.service` 3. Verify connectivity: Use test scripts in `scripts/` directory --- **Status**: Infrastructure ready. Complete manual steps to finish setup.