d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
fc3a95de08c95e1d0a96b640ea1fda99ac56510e
smom-dbis-138/docs/CLOUDFLARE_DNS_PROXY_SETUP.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

102 lines
2.7 KiB
Markdown
Raw Blame History

# Cloudflare DNS → Nginx Proxy Setup
## ✅ Configuration Complete
All DNS records now point to the **Nginx Proxy only** (never exposing backend IPs).
## 📋 Architecture
```
Internet → Cloudflare → Nginx Proxy (20.160.58.99) → Backend Services
```
- **Never expose backend IPs** (10.1.1.4-10.5.1.4) directly
- **All traffic** goes through Nginx Proxy
- **Cloudflare** handles SSL termination (for proxied records)
- **Nginx** routes to appropriate backend services
## 🔧 DNS Configuration
### Proxied Services (through Cloudflare SSL)
- `explorer.d-bis.org` → Nginx Proxy (port 4000 → Blockscout)
- `besu.d-bis.org` → Nginx Proxy (port 8545 → Besu RPC)
- `blockscout.d-bis.org` → Nginx Proxy (port 4000 → Blockscout)
- `monitoring.d-bis.org` → Nginx Proxy
- `wallet.d-bis.org` → Nginx Proxy
- `d-bis.org` → Nginx Proxy
- `www.d-bis.org` → Nginx Proxy
### Direct Services (not proxied by CF, still via Nginx)
- `rpc.d-bis.org` → Nginx Proxy (direct IP, no CF proxy)
- `metrics.d-bis.org` → Nginx Proxy
- `api.d-bis.org` → Nginx Proxy
- `docs.d-bis.org` → Nginx Proxy
- `grafana.d-bis.org` → Nginx Proxy
- `prometheus.d-bis.org` → Nginx Proxy
- `tessera.d-bis.org` → Nginx Proxy
- `ws.d-bis.org` → Nginx Proxy
## 🚀 Usage
### Update DNS Records
```bash
# Update all DNS records to point to Nginx Proxy
./scripts/cloudflare/update-dns-to-proxy.sh
```
This script:
- ✅ Reads Cloudflare secrets from `.env`
- ✅ Updates all DNS A records to Nginx Proxy IP
- ✅ Removes duplicate records
- ✅ Never exposes backend IPs
### Verify DNS Configuration
```bash
# Verify all records point to proxy
./scripts/cloudflare/verify-dns.sh
```
## 📝 Environment Variables
Required in `.env`:
```bash
CLOUDFLARE_ZONE_ID="your-zone-id"
CLOUDFLARE_ACCOUNT_ID="your-account-id"
CLOUDFLARE_API_TOKEN="your-api-token"
CLOUDFLARE_DOMAIN="d-bis.org"
NGINX_PROXY_IP="20.160.58.99"
```
## 🔒 Security
-**No backend IPs exposed** - All traffic through proxy
-**Cloudflare SSL** - For proxied services
-**Nginx routing** - Internal service routing
-**Single entry point** - Centralized access control
## 🔄 After DNS Update
1. **Wait 1-5 minutes** for DNS propagation
2. **Verify records**:
```bash
dig explorer.d-bis.org
dig besu.d-bis.org
```
3. **Test endpoints**:
```bash
curl -I https://explorer.d-bis.org
curl -X POST http://besu.d-bis.org:8545 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
```
## ⚠️ Important Notes
- **Never expose backend IPs** (10.1.1.4-10.5.1.4) in DNS
- **All services** must be accessible via Nginx Proxy
- **Nginx config** must route hostnames to correct backend services
- **Update Nginx** if adding new services
Reference in New Issue View Git Blame Copy Permalink