azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Session log: Cloudflare Tunnel for azcomputerguru + Cox BGP diagnosis

Browse Source 
Diagnosed azcomputerguru.com 521 errors: Cox's BGP route to specific
Cloudflare origin-pull prefixes (162.158.0.0/16, 172.64.0.0/13,
173.245.48.0/20, 141.101.64.0/18) is broken from 72.194.62.0/29.
Confirmed by TCP probe matrix from pfSense WAN, traceroute latency
comparison, and state-table showing 0 inbound CF connections while
direct-internet traffic still reached origin.

Deployed Cloudflare Tunnel 'acg-origin' on Jupiter Unraid as a
Docker container. Routes 4 proxied hostnames (azcomputerguru.com,
analytics., community., radio.) through the tunnel with HTTPS
backend to IX 172.16.3.10:443 with per-ingress SNI matching. All
4 hostnames return 200 OK through CF edge after the cutover.

Repo hygiene:
- Merged clients/ix-server/ into clients/internal-infrastructure/
  (IX is internal infra, not a paying-client account). Git detected
  the session-log files as renames so history is preserved. Updated
  4 stale path references in 2 files.
- Moved cox-bgp ticket draft out of projects/dataforth-dos/ (wrong
  project) to clients/internal-infrastructure/vendor-tickets/.
- Relocated tunnel-setup helper scripts from
  projects/dataforth-dos/datasheet-pipeline/implementation/ to
  clients/internal-infrastructure/scripts/cloudflared-tunnel-setup/.
  Deleted superseded/abandoned login attempts. Sanitized hardcoded
  Jupiter/pfSense SSH passwords to pull from SOPS vault at runtime;
  Cloudflare token reads from env var (tokens still in 1Password,
  vault entry is metadata-only).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-04-13 10:30:51 -07:00
parent a32681321b
commit a78fb96f95
12 changed files with 940 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
session-logs/2026-04-11-session.md
View File

@@ -139,7 +139,7 @@
- Smart Slider 3 FREE: 3 (SAFE)
**Security Report**
- File: `clients/ix-server/session-logs/2026-04-11-smart-slider-security-scan.md`
- File: `clients/internal-infrastructure/session-logs/2026-04-11-smart-slider-security-scan.md`
- Comprehensive security audit documentation
- Risk assessment: LOW
- Sites with Smart Slider FREE:
@@ -295,7 +295,7 @@ projects/radio-show/episodes/2026-04-11-hidden-price-tags/show-prep.html
projects/radio-show/episodes/2026-04-18-tech-that-makes-life-fun/show-prep.md
projects/radio-show/episodes/2026-04-18-tech-that-makes-life-fun/show-prep.html
temp/scan_smart_slider.sh
clients/ix-server/session-logs/2026-04-11-smart-slider-security-scan.md
clients/internal-infrastructure/session-logs/2026-04-11-smart-slider-security-scan.md
session-logs/2026-04-11-session.md
```
@@ -401,7 +401,7 @@ All files created in this session should be committed to version control:
4. `projects/radio-show/episodes/2026-04-18-tech-that-makes-life-fun/show-prep.md`
5. `projects/radio-show/episodes/2026-04-18-tech-that-makes-life-fun/show-prep.html`
6. `temp/scan_smart_slider.sh`
7. `clients/ix-server/session-logs/2026-04-11-smart-slider-security-scan.md`
7. `clients/internal-infrastructure/session-logs/2026-04-11-smart-slider-security-scan.md`
8. `session-logs/2026-04-11-session.md` (this file)
**Commit Message**: "Session log: Radio show prep (3 weeks), IX security scan, network scanning"