200cc7f2dc
The LLM Gateway is configured to run on port 3103 in ecosystem.config.cjs, but the Cloudflare tunnel configuration and setup script were referencing port 3100, causing 502 Bad Gateway errors. Updates: - cloudflare-tunnel.md: Changed tunnel ingress from localhost:3100 to localhost:3103 - setup-erik.sh: Updated health check URL and output messages to port 3103 - This fixes the Cloudflare tunnel connection that was causing public HTTPS access to fail Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
1.7 KiB
1.7 KiB
Cloudflare Tunnel — LLM Gateway
Add the LLM Gateway to the existing Cloudflare Tunnel on Erik server.
Current tunnel setup on Erik
Tunnels are managed by cloudflared running as a service. Config lives at:
~/.cloudflared/config.yml
or (if installed as root):
/etc/cloudflare-one/config.yml
Add llm-gateway ingress rule
Edit the config file and add the following before the catch-all http_status:404 rule:
ingress:
# ... existing services ...
- hostname: llm-gateway.context-x.org
service: http://localhost:3103
originRequest:
connectTimeout: 10s
noHappyEyeballs: false
# Allow large LLM responses to stream without timeout
keepAliveTimeout: 130s
# Catch-all (must be last)
- service: http_status:404
DNS record
In Cloudflare Dashboard → DNS → context-x.org:
| Type | Name | Target | Proxy |
|---|---|---|---|
| CNAME | llm-gateway | <tunnel-id>.cfargotunnel.com |
ON |
The tunnel ID can be found with:
ssh erik "cloudflared tunnel list"
Reload tunnel
ssh erik "systemctl restart cloudflared"
# Verify:
curl https://llm-gateway.context-x.org/health
Verify routing
# From any machine:
curl https://llm-gateway.context-x.org/health
# Expected:
# {"status":"ok","timestamp":"...","checks":{...}}
Notes
- The tunnel connects directly to
localhost:3103on Erik — nginx is not required. - Cloudflare handles TLS termination and DDoS protection automatically.
- Rate limiting can be added via Cloudflare WAF rules on top of the gateway's built-in limits.