add tunnel-only setup with Docker, including Dockerfile, docker-compose, and scripts

new-backend/Dockerfile.tunnel-only

@@ -0,0 +1,24 @@
+# Tunnel-only Dockerfile - Backend runs outside Docker on port 9090
+FROM alpine:latest
+
+# Install wget to download cloudflared
+RUN apk update && apk add --no-cache wget ca-certificates
+
+# Get cloudflared directly from GitHub
+RUN wget -O cloudflared https://github.com/cloudflare/cloudflared/releases/download/2023.5.0/cloudflared-linux-amd64 && \
+    chmod +x cloudflared && \
+    mv cloudflared /usr/local/bin/
+
+# Create directories for cloudflared
+RUN mkdir -p /etc/cloudflared
+
+# Copy the certificate file and config
+COPY cert.pem /etc/cloudflared/cert.pem
+COPY credentials.json /etc/cloudflared/credentials.json
+COPY config.tunnel-only.json /etc/cloudflared/config.json
+
+# Setup DNS routing for the tunnel (only needs to be done once)
+RUN cloudflared tunnel route dns 5d2682ef-0b5b-47e5-b0fa-ad48968ce016 api.ishikabhoyar.tech || echo "DNS routing already set up or failed - continuing anyway"
+
+# Run cloudflared tunnel
+CMD ["cloudflared", "tunnel", "--config", "/etc/cloudflared/config.json", "run"]

new-backend/README.tunnel-only.md

@@ -0,0 +1,115 @@
+# Monaco Backend - Tunnel Only Setup
+
+This setup runs **only the Cloudflare tunnel** in Docker, while the backend runs **outside Docker on port 9090**.
+
+## Prerequisites
+
+1. Backend must be running on port 9090 on your local machine
+2. Required files in this directory:
+   - `cert.pem` - Cloudflare tunnel certificate
+   - `credentials.json` - Cloudflare tunnel credentials
+   - `config.tunnel-only.json` - Tunnel configuration (points to port 9090)
+
+## Setup
+
+### 1. Start your backend on port 9090
+
+Run your Go backend locally:
+```bash
+# Option 1: Run directly
+PORT=9090 go run main.go
+
+# Option 2: Build and run
+go build -o main
+PORT=9090 ./main
+```
+
+### 2. Start the tunnel
+
+In this directory, run:
+```bash
+docker-compose -f docker-compose.tunnel-only.yml up --build
+```
+
+Or run in detached mode:
+```bash
+docker-compose -f docker-compose.tunnel-only.yml up --build -d
+```
+
+### 3. Check logs
+
+```bash
+docker-compose -f docker-compose.tunnel-only.yml logs -f
+```
+
+## How It Works
+
+1. The tunnel container runs only `cloudflared`
+2. It connects to Cloudflare's edge network
+3. Traffic from `api.ishikabhoyar.tech` is routed through the tunnel
+4. The tunnel forwards requests to `host.docker.internal:9090` (your local backend)
+5. Your backend on port 9090 handles the requests and sends responses back
+
+## Configuration
+
+The tunnel is configured in `config.tunnel-only.json`:
+```json
+{
+  "tunnel": "5d2682ef-0b5b-47e5-b0fa-ad48968ce016",
+  "credentials-file": "/etc/cloudflared/credentials.json",
+  "ingress": [
+    {
+      "hostname": "api.ishikabhoyar.tech",
+      "service": "http://host.docker.internal:9090"
+    },
+    {
+      "service": "http_status:404"
+    }
+  ],
+  "protocol": "http2",
+  "loglevel": "info"
+}
+```
+
+## Troubleshooting
+
+### Tunnel can't reach backend
+- Make sure your backend is running on port 9090
+- Test locally: `curl http://localhost:9090`
+- Check firewall settings
+
+### Tunnel connection issues
+- Verify `credentials.json` and `cert.pem` are valid
+- Check tunnel status in Cloudflare dashboard
+- Review logs: `docker-compose -f docker-compose.tunnel-only.yml logs -f`
+
+### DNS not resolving
+- DNS routing should be set up during first build
+- Verify in Cloudflare dashboard under Zero Trust > Networks > Tunnels
+
+## Stop the tunnel
+
+```bash
+docker-compose -f docker-compose.tunnel-only.yml down
+```
+
+## Architecture
+
+```
+Internet
+   ↓
+Cloudflare Edge (api.ishikabhoyar.tech)
+   ↓
+Cloudflare Tunnel (in Docker)
+   ↓
+host.docker.internal:9090
+   ↓
+Your Backend (running locally)
+```
+
+## Notes
+
+- The tunnel only forwards traffic; it doesn't run the backend
+- Backend must be started before or after the tunnel (order doesn't matter)
+- If backend restarts, tunnel will automatically reconnect
+- Port 9090 is not exposed to the internet, only accessible via the tunnel

new-backend/TUNNEL-ONLY-QUICKSTART.md

@@ -0,0 +1,69 @@
+# Quick Start - Tunnel Only Mode
+
+## What This Does
+- Runs **only** the Cloudflare tunnel in Docker
+- Your backend runs **outside Docker** on port 9090
+- Tunnel forwards traffic from `api.ishikabhoyar.tech` to your local backend
+
+## Quick Start
+
+### Step 1: Start your backend on port 9090
+```bash
+PORT=9090 go run main.go
+```
+
+### Step 2: Start the tunnel
+
+**Windows (PowerShell):**
+```powershell
+.\start-tunnel-only.ps1
+```
+
+**Linux/Mac:**
+```bash
+chmod +x start-tunnel-only.sh
+./start-tunnel-only.sh
+```
+
+**Or manually:**
+```bash
+docker-compose -f docker-compose.tunnel-only.yml up --build
+```
+
+## Files Created
+
+1. **Dockerfile.tunnel-only** - Lightweight Docker image with only cloudflared
+2. **docker-compose.tunnel-only.yml** - Docker Compose config for tunnel only
+3. **config.tunnel-only.json** - Cloudflare tunnel config pointing to port 9090
+4. **start-tunnel-only.ps1** - PowerShell helper script
+5. **start-tunnel-only.sh** - Bash helper script
+6. **README.tunnel-only.md** - Detailed documentation
+
+## Test It
+
+1. Start backend: `PORT=9090 go run main.go`
+2. Start tunnel: `docker-compose -f docker-compose.tunnel-only.yml up --build`
+3. Test: `curl https://api.ishikabhoyar.tech`
+
+## Stop
+
+```bash
+docker-compose -f docker-compose.tunnel-only.yml down
+```
+
+## Troubleshooting
+
+**Backend not reachable?**
+- Check backend is running: `curl http://localhost:9090`
+- Check tunnel logs: `docker-compose -f docker-compose.tunnel-only.yml logs -f`
+
+**Tunnel not connecting?**
+- Verify credentials.json and cert.pem are valid
+- Check Cloudflare dashboard
+
+## Original Files (Unchanged)
+
+The original tunnel setup files are still available:
+- `Dockerfile.tunnel` - Backend + Tunnel in one container
+- `docker-compose.tunnel.yml` - Original compose file
+- These files still point to port 8080

new-backend/config.tunnel-only.json

@@ -0,0 +1,15 @@
+{
+  "tunnel": "5d2682ef-0b5b-47e5-b0fa-ad48968ce016",
+  "credentials-file": "/etc/cloudflared/credentials.json",
+  "ingress": [
+    {
+      "hostname": "api.ishikabhoyar.tech",
+      "service": "http://host.docker.internal:9090"
+    },
+    {
+      "service": "http_status:404"
+    }
+  ],
+  "protocol": "http2",
+  "loglevel": "info"
+}

new-backend/docker-compose.tunnel-only.yml

@@ -0,0 +1,18 @@
+services:
+  tunnel:
+    build:
+      context: .
+      dockerfile: Dockerfile.tunnel-only
+    restart: unless-stopped
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    environment:
+      - TUNNEL_ORIGIN_CERT=/etc/cloudflared/cert.pem
+      - NO_AUTOUPDATE=true
+    # Isolated network
+    networks:
+      - monaco-tunnel-network
+
+networks:
+  monaco-tunnel-network:
+    driver: bridge

new-backend/start-tunnel-only.ps1

@@ -0,0 +1,42 @@
+# Monaco Backend - Tunnel Only Runner
+# This script helps you run the tunnel with backend on port 9090
+
+Write-Host "Monaco Backend - Tunnel Only Setup" -ForegroundColor Green
+Write-Host "====================================`n" -ForegroundColor Green
+
+# Check if required files exist
+$requiredFiles = @("cert.pem", "credentials.json", "config.tunnel-only.json")
+$missingFiles = @()
+
+foreach ($file in $requiredFiles) {
+    if (-not (Test-Path $file)) {
+        $missingFiles += $file
+    }
+}
+
+if ($missingFiles.Count -gt 0) {
+    Write-Host "ERROR: Missing required files:" -ForegroundColor Red
+    foreach ($file in $missingFiles) {
+        Write-Host "  - $file" -ForegroundColor Red
+    }
+    Write-Host "`nPlease ensure all required files are present." -ForegroundColor Yellow
+    exit 1
+}
+
+Write-Host "✓ All required files found`n" -ForegroundColor Green
+
+# Check if backend is running on port 9090
+Write-Host "Checking if backend is running on port 9090..." -ForegroundColor Yellow
+try {
+    $response = Invoke-WebRequest -Uri "http://localhost:9090" -TimeoutSec 2 -ErrorAction Stop
+    Write-Host "✓ Backend is running on port 9090`n" -ForegroundColor Green
+} catch {
+    Write-Host "⚠ Backend doesn't appear to be running on port 9090" -ForegroundColor Yellow
+    Write-Host "  Make sure to start your backend with: PORT=9090 go run main.go`n" -ForegroundColor Yellow
+}
+
+# Start the tunnel
+Write-Host "Starting Cloudflare tunnel..." -ForegroundColor Cyan
+Write-Host "Command: docker-compose -f docker-compose.tunnel-only.yml up --build`n" -ForegroundColor Gray
+
+docker-compose -f docker-compose.tunnel-only.yml up --build

new-backend/start-tunnel-only.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Monaco Backend - Tunnel Only Runner
+# This script helps you run the tunnel with backend on port 9090
+
+echo "Monaco Backend - Tunnel Only Setup"
+echo "===================================="
+echo ""
+
+# Check if required files exist
+REQUIRED_FILES=("cert.pem" "credentials.json" "config.tunnel-only.json")
+MISSING_FILES=()
+
+for file in "${REQUIRED_FILES[@]}"; do
+    if [ ! -f "$file" ]; then
+        MISSING_FILES+=("$file")
+    fi
+done
+
+if [ ${#MISSING_FILES[@]} -ne 0 ]; then
+    echo "ERROR: Missing required files:"
+    for file in "${MISSING_FILES[@]}"; do
+        echo "  - $file"
+    done
+    echo ""
+    echo "Please ensure all required files are present."
+    exit 1
+fi
+
+echo "✓ All required files found"
+echo ""
+
+# Check if backend is running on port 9090
+echo "Checking if backend is running on port 9090..."
+if curl -s -o /dev/null -w "%{http_code}" http://localhost:9090 > /dev/null 2>&1; then
+    echo "✓ Backend is running on port 9090"
+else
+    echo "⚠ Backend doesn't appear to be running on port 9090"
+    echo "  Make sure to start your backend with: PORT=9090 go run main.go"
+fi
+echo ""
+
+# Start the tunnel
+echo "Starting Cloudflare tunnel..."
+echo "Command: docker-compose -f docker-compose.tunnel-only.yml up --build"
+echo ""
+
+docker-compose -f docker-compose.tunnel-only.yml up --build