d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1c8ca4172a83af061e7d0ef10a87f6d3a87bda01
explorer-monorepo/DNS_TO_VM_PATH_REVIEW.md

298 lines
6.9 KiB
Markdown
Raw Blame History

# Complete Path Review: DNS to VM Service
**Date**: 2026-01-21
**Domain**: explorer.d-bis.org
**Status**: ⚠️ **NPMplus Not Running - Needs Fix**
---
## Path Architecture
```
Internet → DNS (76.53.10.36) → UDM Pro Port Forward → NPMplus (192.168.11.166) → VMID 5000 (192.168.11.140:80)
```
---
## Review Results by Hop
### ✅ HOP 1: DNS Resolution
**Status**: ✅ **WORKING**
- **DNS A Record**: `explorer.d-bis.org``76.53.10.36`
- **DNS Type**: A Record (DNS Only - gray cloud in Cloudflare)
- **Public IP**: 76.53.10.36 (Spectrum ISP IP block)
- **Configuration**: Correct
**No action needed**
---
### ⚠️ HOP 2: UDM Pro Port Forwarding
**Status**: ⚠️ **NEEDS VERIFICATION**
**Expected NAT Rules**:
- `76.53.10.36:80``192.168.11.166:80` (HTTP)
- `76.53.10.36:443``192.168.11.166:443` (HTTPS)
**Verification**:
- Cannot directly test from this location
- NPMplus port 80/443 not reachable (likely because NPMplus is down)
**Action Required**:
1. Verify UDM Pro port forwarding rules are active
2. Check firewall rules allow traffic to NPMplus
3. Test once NPMplus is running
---
### ❌ HOP 3: NPMplus Service & Configuration
**Status**: ❌ **NOT RUNNING - CRITICAL ISSUE**
#### Container Status
- **VMID**: 10233
- **Node**: r630-01
- **IP**: 192.168.11.166
- **Status**: ❌ **NOT RUNNING**
#### Docker Service
- **Status**: ❌ **NOT RUNNING**
#### Listening Ports
- **Port 80**: ❌ **NOT LISTENING**
- **Port 443**: ❌ **NOT LISTENING**
#### Proxy Host Configuration
- **Domain**: explorer.d-bis.org
- **Status**: ❌ **NOT CONFIGURED**
**Expected Configuration**:
```json
{
"domain_names": ["explorer.d-bis.org"],
"forward_scheme": "http",
"forward_host": "192.168.11.140",
"forward_port": 80,
"ssl_forced": false,
"enabled": true
}
```
**Action Required**:
1. **Start NPMplus container**:
```bash
ssh root@192.168.11.10
ssh root@r630-01
pct start 10233
```
2. **Wait for NPMplus to be ready** (1-2 minutes):
```bash
pct exec 10233 -- docker ps | grep npmplus
```
3. **Configure proxy host** (via web UI or API):
- Access: `https://192.168.11.166:81`
- Add Proxy Host:
- Domain Names: `explorer.d-bis.org`
- Scheme: `http`
- Forward Hostname/IP: `192.168.11.140`
- Forward Port: `80`
- Cache Assets: Yes
- Block Common Exploits: Yes
- Websockets Support: No
---
### ✅ HOP 4: Target VM (VMID 5000) Configuration
**Status**: ✅ **FULLY OPERATIONAL**
#### Container Status
- **VMID**: 5000
- **Node**: r630-02
- **IP**: 192.168.11.140
- **Status**: ✅ **RUNNING**
#### Nginx Service
- **Status**: ✅ **RUNNING**
- **Port 80**: ✅ **LISTENING**
- **Configuration**: ✅ **VALID**
- **server_name**: ✅ **Includes explorer.d-bis.org**
#### Frontend
- **File**: ✅ **Exists** (`/var/www/html/index.html`)
- **Size**: 157,947 bytes
- **Permissions**: ✅ **Correct** (www-data:www-data)
#### Local HTTP Response
- **Status**: ✅ **HTTP 200**
**No action needed** - VMID 5000 is working perfectly
---
## Complete Path Status
| Hop | Component | Status | Notes |
|-----|-----------|--------|-------|
| 1 | DNS Resolution | ✅ Working | explorer.d-bis.org → 76.53.10.36 |
| 2 | UDM Pro Port Forward | ⚠️ Unknown | Needs verification when NPMplus is up |
| 3 | NPMplus Service | ❌ **NOT RUNNING** | **CRITICAL - Must fix** |
| 3 | NPMplus Config | ❌ **NOT CONFIGURED** | **CRITICAL - Must fix** |
| 4 | VMID 5000 | ✅ Working | All services operational |
---
## Root Cause
**Primary Issue**: NPMplus container (VMID 10233) is not running
This breaks the entire path:
- DNS resolves correctly ✅
- UDM Pro port forwarding cannot be verified (NPMplus down)
- NPMplus cannot route to VMID 5000 ❌
- VMID 5000 is working perfectly ✅
---
## Fix Steps
### Step 1: Start NPMplus Container
```bash
# From Proxmox host or node
ssh root@192.168.11.10
ssh root@r630-01
# Start container
pct start 10233
# Wait for it to start
sleep 10
# Check status
pct status 10233
```
### Step 2: Verify NPMplus Docker Service
```bash
# Check docker container
pct exec 10233 -- docker ps | grep npmplus
# Check if web UI is accessible
pct exec 10233 -- curl -k https://localhost:81
```
### Step 3: Configure Proxy Host
**Option A: Via Web UI**
1. Access: `https://192.168.11.166:81`
2. Login with credentials
3. Go to: **Proxy Hosts** → **Add Proxy Host**
4. Configure:
- **Domain Names**: `explorer.d-bis.org`
- **Scheme**: `http`
- **Forward Hostname/IP**: `192.168.11.140`
- **Forward Port**: `80`
- **Cache Assets**: ✅ Yes
- **Block Common Exploits**: ✅ Yes
- **Websockets Support**: ❌ No
5. Save
**Option B: Via API** (if credentials available)
```bash
# Get auth token
TOKEN=$(curl -s -k -X POST "https://192.168.11.166:81/api/tokens" \
-H "Content-Type: application/json" \
-d '{"identity":"EMAIL","secret":"PASSWORD"}' | jq -r '.token')
# Create/update proxy host
curl -k -X POST "https://192.168.11.166:81/api/nginx/proxy-hosts" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"domain_names": ["explorer.d-bis.org"],
"forward_scheme": "http",
"forward_host": "192.168.11.140",
"forward_port": 80,
"cache_assets": true,
"block_exploits": true,
"websockets_support": false,
"enabled": true
}'
```
### Step 4: Verify UDM Pro Port Forwarding
Once NPMplus is running, verify UDM Pro port forwarding:
- `76.53.10.36:80` → `192.168.11.166:80`
- `76.53.10.36:443` → `192.168.11.166:443`
### Step 5: Test End-to-End
```bash
# Test from NPMplus to target
curl -H "Host: explorer.d-bis.org" http://192.168.11.140:80/
# Test external access
curl -I https://explorer.d-bis.org
```
---
## Configuration Reference
### Current Correct Configuration
**DNS** (Cloudflare):
- Type: A
- Name: explorer.d-bis.org
- Content: 76.53.10.36
- Proxy Status: DNS Only (gray cloud)
**UDM Pro** (Expected):
- External IP: 76.53.10.36:80 → Internal: 192.168.11.166:80
- External IP: 76.53.10.36:443 → Internal: 192.168.11.166:443
**NPMplus** (Required):
- Domain: explorer.d-bis.org
- Forward: http://192.168.11.140:80
- SSL: Let's Encrypt (auto)
**VMID 5000** (Current):
- Nginx: ✅ Running on port 80
- Frontend: ✅ Deployed at /var/www/html/index.html
- Blockscout API: ✅ Running on port 4000
- Configuration: ✅ Valid
---
## Summary
**Working Components**:
- ✅ DNS resolution
- ✅ VMID 5000 (nginx, frontend, Blockscout)
- ✅ Network connectivity
**Issues to Fix**:
- ❌ NPMplus container not running (VMID 10233)
- ❌ NPMplus proxy host not configured
- ⚠️ UDM Pro port forwarding needs verification
**Priority**: **HIGH** - NPMplus is the critical missing link
Once NPMplus is started and configured, the complete path should work end-to-end.
---
**Scripts Created**:
- `scripts/review-full-path-dns-to-vm.sh` - Complete path review
- `scripts/fix-npmplus-for-explorer.sh` - Fix NPMplus configuration
**Next Steps**: Start NPMplus container and configure proxy host
Reference in New Issue View Git Blame Copy Permalink