docs: EXPECTED_WEB_CONTENT — The Order (10210), studio, www 301
- Hostname model + §2b deployment (HAProxy → portal), alignment summary, diagram, deployment table - Version 1.3; matches FQDN_EXPECTED_CONTENT and live NPM routing Made-with: Cursor
This commit is contained in:
defiQUG
@@ -1,7 +1,7 @@
|
||||
# Web Properties — Ground Truth & Validation
|
||||
|
||||
**Last Updated:** 2026-03-27
|
||||
**Document Version:** 1.2
|
||||
**Document Version:** 1.3
|
||||
**Status:** Active Documentation
|
||||
|
||||
---
|
||||
@@ -20,6 +20,9 @@ This document reconciles **expected intent**, **current deployment state**, and
|
||||
|----------|------|--------|------------------|
|
||||
| `sankofa.nexus` | **Public web** | Unauthenticated visitors | **Sankofa — Sovereign Technologies:** corporate / brand public site (marketing, narrative, entry points). |
|
||||
| `phoenix.sankofa.nexus` | **Public web** | Unauthenticated visitors (for public pages) | **Phoenix Cloud Services** (a division of Sankofa): public-facing web for the cloud services division. |
|
||||
| `the-order.sankofa.nexus` | **Public web** (program portal) | Secure auth (product-dependent) | **OSJ / Order management** portal; application source **the_order**. **NPM** → VMID **10210** order-haproxy `192.168.11.39:80` → Sankofa portal stack **192.168.11.51:3000** (7801). See `scripts/deployment/provision-order-haproxy-10210.sh`. |
|
||||
| `www.the-order.sankofa.nexus` | **Redirect** | Browser follows 301 | **301** → `https://the-order.sankofa.nexus` (same policy as `www.sankofa` / `www.phoenix`). |
|
||||
| `studio.sankofa.nexus` | **Public web** (tooling) | Unauthenticated or app auth per product | **Sankofa Studio** (FusionAI); VMID **7805**, `192.168.11.72:8000`, UI under `/studio/`. |
|
||||
| `keycloak.sankofa.nexus` | **SSO infrastructure** (IdP) | Browser hits login + token flows; operators use admin | **Keycloak:** OIDC/SAML identity provider behind client SSO. Serves realm login UI, well-known and token endpoints, and **admin console** at `/admin`. **Consumes:** `admin.sankofa.nexus` and `portal.sankofa.nexus` (and other registered clients) redirect here for authentication; it does **not** replace those hostnames. |
|
||||
| `admin.sankofa.nexus` | **Client SSO** | SSO (system-mediated) | **Client administration of access:** who can access what (invites, roles, org settings, access policy). |
|
||||
| `portal.sankofa.nexus` | **Client SSO** | SSO | **Client workspace:** Phoenix cloud services, Sankofa Marketplace subscriptions, and other **client-facing** services behind one SSO boundary. |
|
||||
@@ -61,6 +64,24 @@ This document reconciles **expected intent**, **current deployment state**, and
|
||||
|
||||
---
|
||||
|
||||
## 2b. the-order.sankofa.nexus (public hostname — OSJ / Order portal)
|
||||
|
||||
**Role:** Public hostname for the **Order** / OSJ management experience (secure auth as implemented in **the_order**).
|
||||
**Comparable to:** A dedicated program or division portal—not the corporate apex (`sankofa.nexus`) and not the generic client SSO workspace (`portal.sankofa.nexus`) unless product explicitly converges them.
|
||||
|
||||
### Expected content
|
||||
- Order/OSJ management UI and flows behind authentication as defined by the app
|
||||
- Same **Next.js portal stack** as Sankofa public site today, reached via **HAProxy** so NPM and headers can be tuned independently
|
||||
|
||||
### Current deployment (typical)
|
||||
- **Edge:** VMID **10210** (order-haproxy) · **192.168.11.39:80** — proxies to **192.168.11.51:3000** (VMID **7801** portal)
|
||||
- **NPMplus:** `update-npmplus-proxy-hosts-api.sh` defaults `THE_ORDER_UPSTREAM_*` to **.39:80**; bypass with `THE_ORDER_UPSTREAM_IP=192.168.11.51` `THE_ORDER_UPSTREAM_PORT=3000` if 10210 is down
|
||||
|
||||
### Notes
|
||||
- **`www.the-order.sankofa.nexus`** is only for **canonical URL** policy (301 → apex); do not treat it as a separate product surface.
|
||||
|
||||
---
|
||||
|
||||
## 3. keycloak.sankofa.nexus (SSO — identity provider)
|
||||
|
||||
**Role:** **OIDC/SAML IdP** for the Sankofa / Phoenix client ecosystem.
|
||||
@@ -166,6 +187,9 @@ This document reconciles **expected intent**, **current deployment state**, and
|
||||
|--------|---------|------------|------------|-------------|
|
||||
| sankofa.nexus | Sovereign Technologies (corporate) | Yes (intended) | None for public pages | ✅ |
|
||||
| phoenix.sankofa.nexus | Phoenix Cloud Services (division) | Yes (intended) | None for public pages | ✅ |
|
||||
| the-order.sankofa.nexus | OSJ / Order management portal | Yes (app UI) | Per **the_order** | ✅ |
|
||||
| www.the-order.sankofa.nexus | Redirect to apex | — | — | ✅ |
|
||||
| studio.sankofa.nexus | Sankofa Studio (FusionAI) | Yes (`/studio/`) | Per app | ✅ |
|
||||
| keycloak.sankofa.nexus | IdP for client SSO | Login UI only | IdP + admin | ✅ |
|
||||
| admin.sankofa.nexus | Client access administration | No | SSO | ✅ |
|
||||
| portal.sankofa.nexus | Client services + marketplace | No | SSO | ✅ |
|
||||
@@ -178,10 +202,11 @@ This document reconciles **expected intent**, **current deployment state**, and
|
||||
## Confirmed Architectural Intent
|
||||
- **sankofa.nexus** = public brand for **Sankofa — Sovereign Technologies**
|
||||
- **phoenix.sankofa.nexus** = public web for **Phoenix Cloud Services** (division of Sankofa); API surfaces may share deployment
|
||||
- **the-order.sankofa.nexus** = **Order / OSJ** program portal at a dedicated hostname; **edge** at 10210 (HAProxy) then portal **7801** unless bypassed for maintenance
|
||||
- **portal / admin** = **client SSO** tier; **Keycloak** = shared IdP
|
||||
- **dash** = **IP-gated** operator systems admin with **MFA**
|
||||
- **DBIS Explorer** = public transparency + settlement inspection
|
||||
- **No accidental overlap** between public marketing, client SSO, operator dash, and explorer transparency
|
||||
- **No accidental overlap** between public marketing, client SSO, operator dash, explorer transparency, and **Order** program hostname (unless product explicitly merges flows)
|
||||
|
||||
---
|
||||
|
||||
@@ -221,7 +246,7 @@ This document reconciles **expected intent**, **current deployment state**, and
|
||||
|
||||
These are **possible futures**, not commitments:
|
||||
|
||||
- NPM `www.*` → apex **301** policy vs additional marketing hostnames
|
||||
- NPM `www.*` → apex **301** policy (incl. `www.sankofa`, `www.phoenix`, `www.the-order`) vs additional marketing hostnames
|
||||
- `admin` / `portal` / `dash` upstream targets on NPM (when split from legacy single-host deployments)
|
||||
- Delegated Phoenix UI development
|
||||
- Explorer rebrand or federation
|
||||
@@ -243,6 +268,9 @@ NPMplus (Reverse Proxy + SSL)
|
||||
↓
|
||||
├─→ sankofa.nexus → Public web: Sankofa — Sovereign Technologies
|
||||
├─→ phoenix.sankofa.nexus → Public web: Phoenix Cloud Services (division)
|
||||
├─→ the-order.sankofa.nexus → Order/OSJ portal (10210 HAProxy → portal 7801)
|
||||
├─→ www.the-order.sankofa.nexus → 301 → the-order apex
|
||||
├─→ studio.sankofa.nexus → Studio (7805 /studio/)
|
||||
│
|
||||
├─→ admin.sankofa.nexus → Client SSO: administer access
|
||||
├─→ portal.sankofa.nexus → Client SSO: Phoenix cloud + marketplace + client services
|
||||
@@ -256,7 +284,9 @@ NPMplus (Reverse Proxy + SSL)
|
||||
|
||||
Backend (typical):
|
||||
├─→ Keycloak VMID 7802, PostgreSQL VMID 7803
|
||||
└─→ Phoenix API VMID 7800, Sankofa web VMID 7801 (until admin/portal/dash are split to own upstreams)
|
||||
├─→ Phoenix API VMID 7800, Sankofa web VMID 7801
|
||||
└─→ Order edge VMID 10210 (HAProxy .39:80 → .51:3000); Studio VMID 7805
|
||||
(until admin/portal/dash are split to own upstreams)
|
||||
```
|
||||
|
||||
---
|
||||
@@ -269,6 +299,8 @@ Backend (typical):
|
||||
|---------|--------|------|-----|------|--------|----------------|
|
||||
| **Phoenix** (API today; division hostname) | phoenix.sankofa.nexus | 7800 | 192.168.11.50 | 4000 | ✅ Active | Public web **intent**; API paths coexist |
|
||||
| **Sankofa public web** | sankofa.nexus | 7801 | 192.168.11.51 | 3000 | ✅ Active | Public **intent** (see hostname model) |
|
||||
| **The Order (edge)** | the-order.sankofa.nexus | 10210 → 7801 | 192.168.11.39:80 → .51:3000 | 80 → 3000 | ✅ Active | HAProxy then portal; see §2b |
|
||||
| **Sankofa Studio** | studio.sankofa.nexus | 7805 | 192.168.11.72 | 8000 | ✅ Active | `/studio/` |
|
||||
| **Keycloak IdP** | keycloak.sankofa.nexus | 7802 | (see ALL_VMIDS) | 8080 | ✅ Active | IdP + `/admin` |
|
||||
| **Client admin (SSO)** | admin.sankofa.nexus | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | Target hostname | SSO |
|
||||
| **Client portal (SSO)** | portal.sankofa.nexus | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | Target hostname | SSO |
|
||||
@@ -288,6 +320,8 @@ Backend (typical):
|
||||
- **phoenix.sankofa.nexus** = Public division site — **Phoenix Cloud Services**
|
||||
- **portal.sankofa.nexus** / **admin.sankofa.nexus** = **Client SSO** apps (Keycloak as IdP)
|
||||
- **dash.sankofa.nexus** = **IP-gated** operator systems admin (**MFA**)
|
||||
- **the-order.sankofa.nexus** = **Order / OSJ** portal hostname (edge **10210** → portal **7801**)
|
||||
- **studio.sankofa.nexus** = **Studio** tooling (**7805**)
|
||||
- **explorer.d-bis.org** = Blockchain explorer (like Etherscan)
|
||||
- **blockscout.defi-oracle.io** = Generic explorer instance
|
||||
|
||||
|
||||
Reference in New Issue
Block a user