From fbafab5d513cc2ca68cfb95f3d55406a1280a2ca Mon Sep 17 00:00:00 2001 From: Arnab-Afk Date: Sat, 1 Nov 2025 00:49:59 +0530 Subject: [PATCH] add tunnel-only setup with Docker, including Dockerfile, docker-compose, and scripts --- new-backend/Dockerfile.tunnel-only | 24 +++++ new-backend/README.tunnel-only.md | 115 +++++++++++++++++++++ new-backend/TUNNEL-ONLY-QUICKSTART.md | 69 +++++++++++++ new-backend/config.tunnel-only.json | 15 +++ new-backend/docker-compose.tunnel-only.yml | 18 ++++ new-backend/start-tunnel-only.ps1 | 42 ++++++++ new-backend/start-tunnel-only.sh | 48 +++++++++ 7 files changed, 331 insertions(+) create mode 100644 new-backend/Dockerfile.tunnel-only create mode 100644 new-backend/README.tunnel-only.md create mode 100644 new-backend/TUNNEL-ONLY-QUICKSTART.md create mode 100644 new-backend/config.tunnel-only.json create mode 100644 new-backend/docker-compose.tunnel-only.yml create mode 100644 new-backend/start-tunnel-only.ps1 create mode 100644 new-backend/start-tunnel-only.sh diff --git a/new-backend/Dockerfile.tunnel-only b/new-backend/Dockerfile.tunnel-only new file mode 100644 index 0000000..8c89e88 --- /dev/null +++ b/new-backend/Dockerfile.tunnel-only @@ -0,0 +1,24 @@ +# Tunnel-only Dockerfile - Backend runs outside Docker on port 9090 +FROM alpine:latest + +# Install wget to download cloudflared +RUN apk update && apk add --no-cache wget ca-certificates + +# Get cloudflared directly from GitHub +RUN wget -O cloudflared https://github.com/cloudflare/cloudflared/releases/download/2023.5.0/cloudflared-linux-amd64 && \ + chmod +x cloudflared && \ + mv cloudflared /usr/local/bin/ + +# Create directories for cloudflared +RUN mkdir -p /etc/cloudflared + +# Copy the certificate file and config +COPY cert.pem /etc/cloudflared/cert.pem +COPY credentials.json /etc/cloudflared/credentials.json +COPY config.tunnel-only.json /etc/cloudflared/config.json + +# Setup DNS routing for the tunnel (only needs to be done once) +RUN cloudflared tunnel route dns 5d2682ef-0b5b-47e5-b0fa-ad48968ce016 api.ishikabhoyar.tech || echo "DNS routing already set up or failed - continuing anyway" + +# Run cloudflared tunnel +CMD ["cloudflared", "tunnel", "--config", "/etc/cloudflared/config.json", "run"] diff --git a/new-backend/README.tunnel-only.md b/new-backend/README.tunnel-only.md new file mode 100644 index 0000000..1d0cc94 --- /dev/null +++ b/new-backend/README.tunnel-only.md @@ -0,0 +1,115 @@ +# Monaco Backend - Tunnel Only Setup + +This setup runs **only the Cloudflare tunnel** in Docker, while the backend runs **outside Docker on port 9090**. + +## Prerequisites + +1. Backend must be running on port 9090 on your local machine +2. Required files in this directory: + - `cert.pem` - Cloudflare tunnel certificate + - `credentials.json` - Cloudflare tunnel credentials + - `config.tunnel-only.json` - Tunnel configuration (points to port 9090) + +## Setup + +### 1. Start your backend on port 9090 + +Run your Go backend locally: +```bash +# Option 1: Run directly +PORT=9090 go run main.go + +# Option 2: Build and run +go build -o main +PORT=9090 ./main +``` + +### 2. Start the tunnel + +In this directory, run: +```bash +docker-compose -f docker-compose.tunnel-only.yml up --build +``` + +Or run in detached mode: +```bash +docker-compose -f docker-compose.tunnel-only.yml up --build -d +``` + +### 3. Check logs + +```bash +docker-compose -f docker-compose.tunnel-only.yml logs -f +``` + +## How It Works + +1. The tunnel container runs only `cloudflared` +2. It connects to Cloudflare's edge network +3. Traffic from `api.ishikabhoyar.tech` is routed through the tunnel +4. The tunnel forwards requests to `host.docker.internal:9090` (your local backend) +5. Your backend on port 9090 handles the requests and sends responses back + +## Configuration + +The tunnel is configured in `config.tunnel-only.json`: +```json +{ + "tunnel": "5d2682ef-0b5b-47e5-b0fa-ad48968ce016", + "credentials-file": "/etc/cloudflared/credentials.json", + "ingress": [ + { + "hostname": "api.ishikabhoyar.tech", + "service": "http://host.docker.internal:9090" + }, + { + "service": "http_status:404" + } + ], + "protocol": "http2", + "loglevel": "info" +} +``` + +## Troubleshooting + +### Tunnel can't reach backend +- Make sure your backend is running on port 9090 +- Test locally: `curl http://localhost:9090` +- Check firewall settings + +### Tunnel connection issues +- Verify `credentials.json` and `cert.pem` are valid +- Check tunnel status in Cloudflare dashboard +- Review logs: `docker-compose -f docker-compose.tunnel-only.yml logs -f` + +### DNS not resolving +- DNS routing should be set up during first build +- Verify in Cloudflare dashboard under Zero Trust > Networks > Tunnels + +## Stop the tunnel + +```bash +docker-compose -f docker-compose.tunnel-only.yml down +``` + +## Architecture + +``` +Internet + ↓ +Cloudflare Edge (api.ishikabhoyar.tech) + ↓ +Cloudflare Tunnel (in Docker) + ↓ +host.docker.internal:9090 + ↓ +Your Backend (running locally) +``` + +## Notes + +- The tunnel only forwards traffic; it doesn't run the backend +- Backend must be started before or after the tunnel (order doesn't matter) +- If backend restarts, tunnel will automatically reconnect +- Port 9090 is not exposed to the internet, only accessible via the tunnel diff --git a/new-backend/TUNNEL-ONLY-QUICKSTART.md b/new-backend/TUNNEL-ONLY-QUICKSTART.md new file mode 100644 index 0000000..6b2b0bf --- /dev/null +++ b/new-backend/TUNNEL-ONLY-QUICKSTART.md @@ -0,0 +1,69 @@ +# Quick Start - Tunnel Only Mode + +## What This Does +- Runs **only** the Cloudflare tunnel in Docker +- Your backend runs **outside Docker** on port 9090 +- Tunnel forwards traffic from `api.ishikabhoyar.tech` to your local backend + +## Quick Start + +### Step 1: Start your backend on port 9090 +```bash +PORT=9090 go run main.go +``` + +### Step 2: Start the tunnel + +**Windows (PowerShell):** +```powershell +.\start-tunnel-only.ps1 +``` + +**Linux/Mac:** +```bash +chmod +x start-tunnel-only.sh +./start-tunnel-only.sh +``` + +**Or manually:** +```bash +docker-compose -f docker-compose.tunnel-only.yml up --build +``` + +## Files Created + +1. **Dockerfile.tunnel-only** - Lightweight Docker image with only cloudflared +2. **docker-compose.tunnel-only.yml** - Docker Compose config for tunnel only +3. **config.tunnel-only.json** - Cloudflare tunnel config pointing to port 9090 +4. **start-tunnel-only.ps1** - PowerShell helper script +5. **start-tunnel-only.sh** - Bash helper script +6. **README.tunnel-only.md** - Detailed documentation + +## Test It + +1. Start backend: `PORT=9090 go run main.go` +2. Start tunnel: `docker-compose -f docker-compose.tunnel-only.yml up --build` +3. Test: `curl https://api.ishikabhoyar.tech` + +## Stop + +```bash +docker-compose -f docker-compose.tunnel-only.yml down +``` + +## Troubleshooting + +**Backend not reachable?** +- Check backend is running: `curl http://localhost:9090` +- Check tunnel logs: `docker-compose -f docker-compose.tunnel-only.yml logs -f` + +**Tunnel not connecting?** +- Verify credentials.json and cert.pem are valid +- Check Cloudflare dashboard + +## Original Files (Unchanged) + +The original tunnel setup files are still available: +- `Dockerfile.tunnel` - Backend + Tunnel in one container +- `docker-compose.tunnel.yml` - Original compose file +- These files still point to port 8080 diff --git a/new-backend/config.tunnel-only.json b/new-backend/config.tunnel-only.json new file mode 100644 index 0000000..1cd3a79 --- /dev/null +++ b/new-backend/config.tunnel-only.json @@ -0,0 +1,15 @@ +{ + "tunnel": "5d2682ef-0b5b-47e5-b0fa-ad48968ce016", + "credentials-file": "/etc/cloudflared/credentials.json", + "ingress": [ + { + "hostname": "api.ishikabhoyar.tech", + "service": "http://host.docker.internal:9090" + }, + { + "service": "http_status:404" + } + ], + "protocol": "http2", + "loglevel": "info" +} diff --git a/new-backend/docker-compose.tunnel-only.yml b/new-backend/docker-compose.tunnel-only.yml new file mode 100644 index 0000000..b9f062c --- /dev/null +++ b/new-backend/docker-compose.tunnel-only.yml @@ -0,0 +1,18 @@ +services: + tunnel: + build: + context: . + dockerfile: Dockerfile.tunnel-only + restart: unless-stopped + extra_hosts: + - "host.docker.internal:host-gateway" + environment: + - TUNNEL_ORIGIN_CERT=/etc/cloudflared/cert.pem + - NO_AUTOUPDATE=true + # Isolated network + networks: + - monaco-tunnel-network + +networks: + monaco-tunnel-network: + driver: bridge diff --git a/new-backend/start-tunnel-only.ps1 b/new-backend/start-tunnel-only.ps1 new file mode 100644 index 0000000..736a804 --- /dev/null +++ b/new-backend/start-tunnel-only.ps1 @@ -0,0 +1,42 @@ +# Monaco Backend - Tunnel Only Runner +# This script helps you run the tunnel with backend on port 9090 + +Write-Host "Monaco Backend - Tunnel Only Setup" -ForegroundColor Green +Write-Host "====================================`n" -ForegroundColor Green + +# Check if required files exist +$requiredFiles = @("cert.pem", "credentials.json", "config.tunnel-only.json") +$missingFiles = @() + +foreach ($file in $requiredFiles) { + if (-not (Test-Path $file)) { + $missingFiles += $file + } +} + +if ($missingFiles.Count -gt 0) { + Write-Host "ERROR: Missing required files:" -ForegroundColor Red + foreach ($file in $missingFiles) { + Write-Host " - $file" -ForegroundColor Red + } + Write-Host "`nPlease ensure all required files are present." -ForegroundColor Yellow + exit 1 +} + +Write-Host "✓ All required files found`n" -ForegroundColor Green + +# Check if backend is running on port 9090 +Write-Host "Checking if backend is running on port 9090..." -ForegroundColor Yellow +try { + $response = Invoke-WebRequest -Uri "http://localhost:9090" -TimeoutSec 2 -ErrorAction Stop + Write-Host "✓ Backend is running on port 9090`n" -ForegroundColor Green +} catch { + Write-Host "⚠ Backend doesn't appear to be running on port 9090" -ForegroundColor Yellow + Write-Host " Make sure to start your backend with: PORT=9090 go run main.go`n" -ForegroundColor Yellow +} + +# Start the tunnel +Write-Host "Starting Cloudflare tunnel..." -ForegroundColor Cyan +Write-Host "Command: docker-compose -f docker-compose.tunnel-only.yml up --build`n" -ForegroundColor Gray + +docker-compose -f docker-compose.tunnel-only.yml up --build diff --git a/new-backend/start-tunnel-only.sh b/new-backend/start-tunnel-only.sh new file mode 100644 index 0000000..e3f49c0 --- /dev/null +++ b/new-backend/start-tunnel-only.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# Monaco Backend - Tunnel Only Runner +# This script helps you run the tunnel with backend on port 9090 + +echo "Monaco Backend - Tunnel Only Setup" +echo "====================================" +echo "" + +# Check if required files exist +REQUIRED_FILES=("cert.pem" "credentials.json" "config.tunnel-only.json") +MISSING_FILES=() + +for file in "${REQUIRED_FILES[@]}"; do + if [ ! -f "$file" ]; then + MISSING_FILES+=("$file") + fi +done + +if [ ${#MISSING_FILES[@]} -ne 0 ]; then + echo "ERROR: Missing required files:" + for file in "${MISSING_FILES[@]}"; do + echo " - $file" + done + echo "" + echo "Please ensure all required files are present." + exit 1 +fi + +echo "✓ All required files found" +echo "" + +# Check if backend is running on port 9090 +echo "Checking if backend is running on port 9090..." +if curl -s -o /dev/null -w "%{http_code}" http://localhost:9090 > /dev/null 2>&1; then + echo "✓ Backend is running on port 9090" +else + echo "⚠ Backend doesn't appear to be running on port 9090" + echo " Make sure to start your backend with: PORT=9090 go run main.go" +fi +echo "" + +# Start the tunnel +echo "Starting Cloudflare tunnel..." +echo "Command: docker-compose -f docker-compose.tunnel-only.yml up --build" +echo "" + +docker-compose -f docker-compose.tunnel-only.yml up --build