From f122a79c453220a7eff787fcfefcc78a8a655176 Mon Sep 17 00:00:00 2001 From: kenpat Date: Mon, 15 Jun 2026 15:51:26 -0500 Subject: [PATCH] chore: document cloudflare multi-node routing 502 issue --- project-kitestacks-migration.md | 1 + 1 file changed, 1 insertion(+) diff --git a/project-kitestacks-migration.md b/project-kitestacks-migration.md index 42fd4bf..f7c2efd 100644 --- a/project-kitestacks-migration.md +++ b/project-kitestacks-migration.md @@ -14,6 +14,7 @@ The KiteStacks infrastructure is now in its final, secured, and documented state - **Security Posture:** Validated Zero Trust architecture. No inbound open ports, strict mesh networking via Tailscale `100.x.x.x`, and Authentik protecting all administrative dashboards (`/scp/` for osTicket, Portainer, Grafana, Kite AI). - **Runbook Cleaned:** `RUNBOOK.md` truncated and organized. Historical issues (like Authentik invalid_grant, osTicket email SMTP lack of MTA) have been relocated to `docs/DEBUGGING.md`. - **osTicket Diagnostics:** Documented that activation emails fail because Docker containers lack a local MTA. Fix involves adding an external SMTP server in the osTicket Admin Panel. +- **Cloudflare Multi-Node Routing:** Diagnosed persistent 502 errors on new subdomains (like `ntfy`). Cloudflare Tunnels actively load balance between `monk` and `kscloud1`. Documented that all new services must be deployed to both nodes to prevent the load balancer from sending traffic to a missing container. ## T14s GitOps Automation SUCCESS (2026-06-15)