d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/docs/05-network/EDGE_PORT_VERIFICATION_RUNBOOK.md

68 lines
2.5 KiB
Markdown
Raw Normal View History

docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00
# Edge Port Verification Runbook (Phase 0)
**Last Updated:** 2026-02-05
**Status:** Active
**Purpose:** Pre-requisite for Fastly/Direct edge design. Verifies whether inbound 80/443 are reachable on the public origin IP so the team can choose Option A (Fastly), Option C (direct), or Option B (tunnel/VPS).
---
## Why This Matters
- **Spectrum** (ISP) gateway at **76.53.10.33** shows ports 21, 22, 23, 80, 110, 143, 443, 3389 as **filtered** when scanned.
- The **origin for public traffic** is **76.53.10.36** (UDM Pro port forward to NPMplus). Reachability of **76.53.10.36:80** and **76.53.10.36:443** from the internet determines whether Fastly or direct-to-origin is viable.
- If both are **open**: proceed with Option A (Fastly) or Option C (DNS direct to 76.53.10.36).
- If **closed/filtered**: Option B required (Cloudflare Tunnel fix, or VPS/outbound connector).
---
## Prerequisite
Run the check from **outside** your network (e.g. mobile hotspot, different ISP, or a cloud VM). Do not rely on LAN or same-Spectrum tests.
---
## Step 1: Port check from outside your network
### Option A: Online port checker
1. Use a public service (e.g. [yougetsignal.com](https://www.yougetsignal.com/tools/open-ports/) or similar).
2. Target: **76.53.10.36**
3. Ports: **80** (HTTP), **443** (HTTPS)
4. Record result: Open / Closed / Filtered for each.
### Option B: nmap from external host
From a host that is **not** on 192.168.11.0/24 and **not** behind the same Spectrum gateway:
```bash
nmap -p 80,443 76.53.10.36
```
Interpret:
- **open**: Proceed with Fastly (Option A) or direct (Option C).
- **filtered** or **closed**: Use Option B (tunnel or VPS origin).
---
## Step 2: Record and decide
| Port | Result | Action |
|------|----------|--------|
| 80 | open | HTTP redirect/origin possible |
| 80 | filtered/closed | Option B or HTTPS-only to 443 |
| 443 | open | Fastly/direct HTTPS viable |
| 443 | filtered/closed | Option B required (no inbound HTTPS to .36) |
**Go/no-go:**
- **Go for Option A/C:** Both 80 and 443 open on 76.53.10.36 from internet.
- **No-go for Option A/C:** 443 closed or filtered → implement Option B (tunnel or VPS origin; see [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md) and edge options in project runbooks).
---
## References
- [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md) Origin IP 76.53.10.36, Spectrum block
- [MASTER_INDEX.md](../MASTER_INDEX.md) Topology and edge design
Reference in New Issue Copy Permalink