d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7eebb87b33ea4af3efe689c5a0469df4a134313
proxmox/docs/04-configuration/SSL_FIX_SUMMARY.md

207 lines
6.2 KiB
Markdown
Raw Normal View History

docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00
# SSL Configuration Fix - Summary
Sync workspace: config, docs, scripts, CI, operator rules, and submodule pointers. - Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains - Omit embedded publish git dirs and empty placeholders from index Made-with: Cursor
2026-04-12 06:12:20 -07:00
> Historical note:
> This summary documents a past SSL remediation stage and intentionally preserves then-active upstream mappings. It is historical context, not the live source of truth.
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00
**Last Updated:** 2026-01-31
**Document Version:** 1.0
**Status:** Active Documentation
---
**Date**: 2026-01-15
**Status**: ✅ **IP Addresses Fixed** | ⏳ **SSL Configuration Pending Network Access**
---
## ✅ Completed Fixes
### 1. IP Address Corrections
All invalid IP addresses have been corrected in all scripts and documentation:
| Service | Fixed IP | Previous (Invalid) | Files Updated |
|---------|----------|-------------------|---------------|
| Blockscout | 192.168.11.140 | 192.168.11.280 | ✅ All scripts |
| DBIS API Primary | 192.168.11.155 | 192.168.11.290 | ✅ All scripts |
| DBIS API Secondary | 192.168.11.156 | 192.168.11.291 | ✅ All scripts |
| MIM4U | 192.168.11.36 | 192.168.11.19 | ✅ All scripts |
**Files Updated:**
-`scripts/nginx-proxy-manager/configure-ssl-api.js`
-`scripts/nginx-proxy-manager/configure-ssl-all-domains.js`
-`scripts/nginx-proxy-manager/configure-domains-pct-exec.sh`
-`scripts/nginx-proxy-manager/manual-ssl-config-guide.sh`
### 2. Password Reset Script Updated
- ✅ Updated to use correct email: `nsatoshi2007@hotmail.com`
- ✅ Updated to use Node.js with `better-sqlite3` for database operations
- ✅ Supports creating user if it doesn't exist
### 3. Complete SSL Fix Script Created
- ✅ Created `scripts/nginx-proxy-manager/fix-ssl-complete.sh`
- ✅ Automates password reset and SSL configuration
---
## ⏳ Pending: SSL Certificate Configuration
### Current Issue
NPM is not accessible from the current network:
- ❌ SSH to Proxmox host (192.168.11.11) fails: "No route to host"
- ❌ Direct HTTP access to NPM (192.168.11.26:81) fails: "fetch failed"
### Solution Options
#### Option 1: Run from Proxmox Host (Recommended)
If you have access to the Proxmox host directly:
```bash
# SSH to Proxmox host
ssh root@192.168.11.11
# Run SSL configuration inside NPM container
pct exec 105 -- bash -c '
cd /app
export NPM_URL="http://127.0.0.1:81"
export NPM_EMAIL="nsatoshi2007@hotmail.com"
export NPM_PASSWORD="L@ker\$2010"
node /path/to/configure-ssl-api.js
'
```
#### Option 2: Manual Configuration via Web UI
1. **Access NPM Web UI**: `http://192.168.11.26:81`
2. **Login**:
- Email: `nsatoshi2007@hotmail.com`
- Password: `L@ker$2010`
3. **If login fails**, reset password:
```bash
bash scripts/nginx-proxy-manager/reset-npm-password.sh "L@ker\$2010" "nsatoshi2007@hotmail.com"
```
4. **Configure each domain** (see domain list below)
#### Option 3: Run Script When Network Access Available
Once you have network access to NPM:
```bash
cd /home/intlc/projects/proxmox
export NPM_URL="http://192.168.11.26:81"
export NPM_EMAIL="nsatoshi2007@hotmail.com"
export NPM_PASSWORD="L@ker\$2010"
node scripts/nginx-proxy-manager/configure-ssl-api.js
```
---
## 📋 All 19 Domains to Configure
### sankofa.nexus (5 domains)
- `sankofa.nexus``http://192.168.11.140:80`
- `www.sankofa.nexus``http://192.168.11.140:80`
- `phoenix.sankofa.nexus``http://192.168.11.140:80`
- `www.phoenix.sankofa.nexus``http://192.168.11.140:80`
- `the-order.sankofa.nexus``http://192.168.11.140:80`
### d-bis.org (9 domains)
- `explorer.d-bis.org``http://192.168.11.140:80`
- `rpc-http-pub.d-bis.org``https://192.168.11.252:443` (WebSocket ✅)
- `rpc-ws-pub.d-bis.org``https://192.168.11.252:443` (WebSocket ✅)
- `rpc-http-prv.d-bis.org``https://192.168.11.251:443` (WebSocket ✅)
- `rpc-ws-prv.d-bis.org``https://192.168.11.251:443` (WebSocket ✅)
- `dbis-admin.d-bis.org``http://192.168.11.130:80`
- `dbis-api.d-bis.org``http://192.168.11.155:3000`
- `dbis-api-2.d-bis.org``http://192.168.11.156:3000`
- `secure.d-bis.org``http://192.168.11.130:80`
### mim4u.org (4 domains)
- `mim4u.org``http://192.168.11.36:80`**FIXED**
- `www.mim4u.org``http://192.168.11.36:80`**FIXED**
- `secure.mim4u.org``http://192.168.11.36:80`**FIXED**
- `training.mim4u.org``http://192.168.11.36:80`**FIXED**
### defi-oracle.io (1 domain)
- `rpc.public-0138.defi-oracle.io``https://192.168.11.252:443` (WebSocket ✅)
---
## 🔧 Configuration Settings for Each Domain
For each proxy host, configure:
-**Forward Scheme**: `http` or `https` (based on target)
-**Forward Hostname**: Target IP address
-**Forward Port**: `80`, `3000`, or `443` (based on target)
-**WebSocket Support**: Enable for RPC domains
-**SSL Certificate**: Request Let's Encrypt certificate
-**Force SSL**: Enable
-**HTTP/2 Support**: Enable
-**HSTS**: Enable
-**HSTS Subdomains**: Enable
---
## ✅ Verification Steps
After SSL configuration:
1. **Test HTTPS connectivity**:
```bash
curl -I https://sankofa.nexus
curl -I https://explorer.d-bis.org
curl -I https://mim4u.org
```
2. **Check SSL certificate status**:
```bash
bash scripts/check-east-west-ssl-status.sh
```
3. **Verify all domains**:
```bash
for domain in sankofa.nexus explorer.d-bis.org mim4u.org; do
echo "Testing $domain..."
curl -I https://$domain 2>&1 | head -3
done
```
---
## 📝 Scripts Available
1. **`scripts/nginx-proxy-manager/fix-ssl-complete.sh`**
- Complete automation: password reset + SSL configuration
- Requires network access to Proxmox host
2. **`scripts/nginx-proxy-manager/configure-ssl-api.js`**
- API-based SSL configuration
- Requires network access to NPM (192.168.11.26:81)
3. **`scripts/nginx-proxy-manager/reset-npm-password.sh`**
- Password reset script
- Requires SSH access to Proxmox host
4. **`scripts/nginx-proxy-manager/configure-domains-pct-exec.sh`**
- Container-based configuration
- Requires SSH access to Proxmox host
---
## 🎯 Next Steps
1.**All IP addresses fixed** - Ready for configuration
2.**Obtain network access** to Proxmox host or NPM
3.**Run SSL configuration** using one of the options above
4.**Verify SSL certificates** are issued and working
5.**Test HTTPS connectivity** for all domains
---
**Last Updated**: 2026-01-15
**Status**: ✅ IPs Fixed | ⏳ SSL Configuration Pending Network Access
Reference in New Issue Copy Permalink