diff --git a/docs/04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md b/docs/04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md index 4f77c3b..ed61779 100644 --- a/docs/04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md +++ b/docs/04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md @@ -1,7 +1,7 @@ # DNS → NPMplus → VM Comprehensive Architecture Table -**Last Updated:** 2026-01-31 -**Document Version:** 1.0 +**Last Updated:** 2026-03-27 +**Document Version:** 1.1 **Status:** Active Documentation --- @@ -62,7 +62,7 @@ Backend VMs (Various IPs) - Services with/without Nginx | `www.sankofa.nexus` | A | 76.53.10.36 | DNS Only | 64 | 22 | `192.168.11.51:3000` | 7801 | 192.168.11.51 | sankofa-portal-1 | r630-01 | Sankofa Portal | ❌ No | 3000 | HTTP → 3000 | | `phoenix.sankofa.nexus` | A | 76.53.10.36 | DNS Only | 51 | 23 | `192.168.11.50:4000` | 7800 | 192.168.11.50 | sankofa-api-1 | r630-01 | Phoenix API | ❌ No | 4000 | HTTP → 4000 | | `www.phoenix.sankofa.nexus` | A | 76.53.10.36 | DNS Only | 63 | 24 | `192.168.11.50:4000` | 7800 | 192.168.11.50 | sankofa-api-1 | r630-01 | Phoenix API | ❌ No | 4000 | HTTP → 4000 | -| `the-order.sankofa.nexus` | A | 76.53.10.36 | DNS Only | 60 | 25 | ⚠️ TBD | TBD | TBD | — | — | The Order Portal | — | — | ⚠️ Configure when deployed | +| `the-order.sankofa.nexus` | A | 76.53.10.36 | DNS Only | 60 | 25 | `192.168.11.39:80` | 10210 | 192.168.11.39 | order-haproxy | r630-01 | The Order (HAProxy→portal) | ❌ No | 80 | HTTP → 80 → `.51:3000` | | **defi-oracle.io Zone** | | `rpc.public-0138.defi-oracle.io` | A | 76.53.10.36 | DNS Only | 56 | 26 | `192.168.11.240:443` | 2400 | 192.168.11.240 | thirdweb-rpc-1 | ml110 | ThirdWeb RPC | ✅ Yes | 443 | HTTPS → 443 | diff --git a/docs/04-configuration/DNS_NPMPLUS_VM_STREAMLINED_TABLE.md b/docs/04-configuration/DNS_NPMPLUS_VM_STREAMLINED_TABLE.md index cb33e1e..5212107 100644 --- a/docs/04-configuration/DNS_NPMPLUS_VM_STREAMLINED_TABLE.md +++ b/docs/04-configuration/DNS_NPMPLUS_VM_STREAMLINED_TABLE.md @@ -1,7 +1,7 @@ # DNS → NPMplus → VM Streamlined Architecture Table -**Last Updated:** 2026-01-31 -**Document Version:** 1.0 +**Last Updated:** 2026-03-27 +**Document Version:** 1.1 **Status:** Active Documentation --- @@ -59,17 +59,17 @@ Backend VMs (Various IPs) - Services with/without Nginx | `secure.mim4u.org` | 59 | 19 | 7810 (mim-web-1) | 192.168.11.37 | 80 | ✅ Yes | MIM4U Secure Portal | | `training.mim4u.org` | 61 | 20 | 7810 (mim-web-1) | 192.168.11.37 | 80 | ✅ Yes | MIM4U Training Portal | -### sankofa.nexus Zone (5 Domains) ⚠️ +### sankofa.nexus zone (live backends) -| Domain | SSL Cert | NPMplus Proxy | Backend VM | IP | Port | Has Nginx | Service Type | Status | -|--------|----------|---------------|------------|----|----|-----------|--------------|--------| -| `sankofa.nexus` | 57 | 21 | ⚠️ TBD | 192.168.11.140 ⚠️ | 80 ⚠️ | ⚠️ TBD | Sankofa Main Portal | ⚠️ Not Deployed | -| `www.sankofa.nexus` | 64 | 22 | ⚠️ TBD | 192.168.11.140 ⚠️ | 80 ⚠️ | ⚠️ TBD | Sankofa Main Portal | ⚠️ Not Deployed | -| `phoenix.sankofa.nexus` | 51 | 23 | ⚠️ TBD | 192.168.11.140 ⚠️ | 80 ⚠️ | ⚠️ TBD | Phoenix Site | ⚠️ Not Deployed | -| `www.phoenix.sankofa.nexus` | 63 | 24 | ⚠️ TBD | 192.168.11.140 ⚠️ | 80 ⚠️ | ⚠️ TBD | Phoenix Site | ⚠️ Not Deployed | -| `the-order.sankofa.nexus` | 60 | 25 | ⚠️ TBD | 192.168.11.140 ⚠️ | 80 ⚠️ | ⚠️ TBD | The Order Portal | ⚠️ Not Deployed | +| Domain | SSL Cert (ex.) | NPMplus Proxy (ex.) | Backend VM | IP | Port | Has Nginx | Service type | Status | +|--------|------------------|---------------------|------------|----|------|-----------|--------------|--------| +| `sankofa.nexus` | 57 | 21 | 7801 | 192.168.11.51 | 3000 | ❌ No | Sankofa portal | ✅ Live | +| `www.sankofa.nexus` | 64 | 22 | 7801 | 192.168.11.51 | 3000 | ❌ No | Sankofa portal (301 apex) | ✅ Live | +| `phoenix.sankofa.nexus` | 51 | 23 | 7800 | 192.168.11.50 | 4000 | ❌ No | Phoenix API | ✅ Live | +| `www.phoenix.sankofa.nexus` | 63 | 24 | 7800 | 192.168.11.50 | 4000 | ❌ No | Phoenix API (301 apex) | ✅ Live | +| `the-order.sankofa.nexus` | 60 | 25 | 10210 | 192.168.11.39 | 80 | ❌ No | Order via HAProxy→portal | ✅ Live | -**⚠️ Note**: All Sankofa domains currently route to Blockscout (192.168.11.140) but services are NOT deployed. This is incorrect routing and needs to be fixed once services are deployed. +**Note:** SSL cert and NPM proxy **IDs** differ per installation—verify in NPM UI. **IPs/ports** are authoritative vs Blockscout (`.140` is only for `explorer.d-bis.org`). See [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md). ### defi-oracle.io Zone (3 Domains) diff --git a/docs/04-configuration/SANKOFA_CUTOVER_PLAN.md b/docs/04-configuration/SANKOFA_CUTOVER_PLAN.md index 5df7d8d..126628f 100644 --- a/docs/04-configuration/SANKOFA_CUTOVER_PLAN.md +++ b/docs/04-configuration/SANKOFA_CUTOVER_PLAN.md @@ -1,8 +1,10 @@ # Sankofa Cutover Plan -**Last Updated:** 2026-01-31 -**Document Version:** 1.0 -**Status:** Active Documentation +**Last Updated:** 2026-03-27 +**Document Version:** 1.1 +**Status:** Active Documentation (historical procedure + live targets) + +**Live NPM routing (2026-03-27):** Sankofa / Phoenix / The Order / Studio are on production backends. Canonical: [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md), [RPC_ENDPOINTS_MASTER.md](RPC_ENDPOINTS_MASTER.md). **The Order:** NPM → **192.168.11.39:80** (VMID **10210** HAProxy) → **192.168.11.51:3000** (portal 7801). Fleet updater: `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh`. NPM proxy host numeric IDs below may differ from your DB—verify in NPM UI. --- @@ -12,23 +14,22 @@ --- -## Current State +## Current state (post-cutover) -### Sankofa Domains (5 Total) +### Sankofa zone domains (authoritative backends) -| Domain | SSL Cert ID | NPMplus Proxy Host ID | Current Backend | Status | -|--------|-------------|----------------------|-----------------|--------| -| `sankofa.nexus` | 57 | 21 | 192.168.11.140:80 (Blockscout) | ⚠️ Temporary | -| `www.sankofa.nexus` | 64 | 22 | 192.168.11.140:80 (Blockscout) | ⚠️ Temporary | -| `phoenix.sankofa.nexus` | 51 | 23 | 192.168.11.140:80 (Blockscout) | ⚠️ Temporary | -| `www.phoenix.sankofa.nexus` | 63 | 24 | 192.168.11.140:80 (Blockscout) | ⚠️ Temporary | -| `the-order.sankofa.nexus` | 60 | 25 | 192.168.11.140:80 (Blockscout) | ⚠️ Temporary | +| Domain | NPMplus forwards to (HTTP) | Origin stack | Notes | +|--------|----------------------------|--------------|--------| +| `sankofa.nexus`, `www.sankofa.nexus` | `192.168.11.51:3000` | VMID 7801 portal | `www` → 301 apex in NPM | +| `phoenix.sankofa.nexus`, `www.phoenix.sankofa.nexus` | `192.168.11.50:4000` | VMID 7800 API | `www` → 301 apex | +| `the-order.sankofa.nexus`, `www.the-order.sankofa.nexus` | `192.168.11.39:80` | VMID 10210 → `.51:3000` | `www` → 301 apex; HAProxy: `provision-order-haproxy-10210.sh` | +| `studio.sankofa.nexus` | `192.168.11.72:8000` | VMID 7805 | — | -**Current Issue**: All 5 Sankofa domains route to Blockscout (VMID 5000) but Sankofa services are NOT deployed. +**SSL:** Terminated at NPMplus (Let’s Encrypt). **Do not** point these hostnames at Blockscout (`192.168.11.140`) except for explorer domains. -**SSL Certificates**: All certificates exist and are valid until 2026-04-16. +### Historical note (pre-2026 cutover) -**NPMplus Proxy Hosts**: All proxy hosts exist and are configured, but point to wrong backend. +Previously these hostnames temporarily targeted Blockscout. The step-by-step below documents that migration; IDs (SSL cert / proxy host #) were examples—confirm in your NPMplus instance. --- @@ -67,9 +68,9 @@ done | `www.sankofa.nexus` | 7801 | 192.168.11.51 | 3000 | Portal | Sankofa Portal (Microsoft Website) | | `phoenix.sankofa.nexus` | 7800 | 192.168.11.50 | 4000 | API | Phoenix API (Azure-like Portal) | | `www.phoenix.sankofa.nexus` | 7800 | 192.168.11.50 | 4000 | API | Phoenix API (Azure-like Portal) | -| `the-order.sankofa.nexus` | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | ⚠️ TBD | To be determined | +| `the-order.sankofa.nexus` | 10210 | 192.168.11.39 | 80 | HAProxy edge | Proxies to portal 7801 `:3000`; app **the_order** | -**Note**: Replace ⚠️ TBD with actual values once Sankofa services are deployed. +**Note:** `www.the-order.sankofa.nexus` uses the same NPM upstream as apex; NPM `advanced_config` 301 → `https://the-order.sankofa.nexus`. ### 3. Health Endpoints Verified @@ -143,10 +144,9 @@ curl -s -k -X GET "$NPM_URL/api/nginx/proxy-hosts" \ jq '.[] | select(.domain_names[] == "sankofa.nexus")' ``` -3. **Document Current State**: - - All 5 Sankofa domains currently route to `192.168.11.140:80` (Blockscout) - - SSL certificates exist (IDs: 51, 57, 60, 63, 64) - - Proxy hosts exist (IDs: 21-25) +3. **Document state (historical pre-cutover)**: + - Before cutover, these domains pointed at `192.168.11.140:80` (Blockscout) + - SSL certificates existed (example IDs: 51, 57, 60, 63, 64); proxy hosts (example 21–25)—**confirm in your NPM DB** --- @@ -167,9 +167,7 @@ for vmid in ; do done ``` -3. **Document Actual IPs/Ports**: - - Update the TBD table above with actual values - - Record VMIDs, IPs, ports, and service types +3. **Document actual IPs/ports** (✅ filled in **Current state** section and [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md)) --- @@ -224,9 +222,9 @@ curl -s -k -X PUT "$NPM_URL/api/nginx/proxy-hosts/$HOST_ID" \ | `www.sankofa.nexus` | 22 | 192.168.11.140:80 | 192.168.11.51:3000 | | `phoenix.sankofa.nexus` | 23 | 192.168.11.140:80 | 192.168.11.50:4000 | | `www.phoenix.sankofa.nexus` | 24 | 192.168.11.140:80 | 192.168.11.50:4000 | -| `the-order.sankofa.nexus` | 25 | 192.168.11.140:80 | ⚠️ TBD (to be determined) | +| `the-order.sankofa.nexus` | 25 (example) | 192.168.11.140:80 (old) | `192.168.11.39:80` (10210 HAProxy) | -**Note**: `the-order.sankofa.nexus` target service needs to be determined. +**Note:** Use `update-npmplus-proxy-hosts-api.sh` for domain-based updates; proxy host IDs vary. --- @@ -319,19 +317,9 @@ cat docs/04-configuration/INGRESS_SOURCE_OF_TRUTH.json | jq '.backend_vms[] | se --- -### Step 7: Update Baseline Documentation +### Step 7: Update baseline documentation -**Update reference docs with actual values**: - -1. **Update Comprehensive Architecture Doc**: - - File: `docs/04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md` - - Replace TBD values with actual Sankofa VM details - - Update status from ⚠️ to ✅ - -2. **Update Streamlined Table Doc**: - - File: `docs/04-configuration/DNS_NPMPLUS_VM_STREAMLINED_TABLE.md` - - Replace TBD values with actual Sankofa VM details - - Update status from ⚠️ Not Deployed to ✅ Active +**Status 2026-03-27:** Comprehensive and streamlined DNS/NPM tables, RPC_ENDPOINTS_MASTER, and ALL_VMIDS_ENDPOINTS list live backends (including The Order via 10210). Re-open this step only if VMIDs or IPs change. --- diff --git a/docs/04-configuration/SANKOFA_THE_ORDER_CHECKLIST.md b/docs/04-configuration/SANKOFA_THE_ORDER_CHECKLIST.md index c4d0e0c..9b85687 100644 --- a/docs/04-configuration/SANKOFA_THE_ORDER_CHECKLIST.md +++ b/docs/04-configuration/SANKOFA_THE_ORDER_CHECKLIST.md @@ -1,3 +1,23 @@ -# Sankofa and The Order deployment checklist +# Sankofa and The Order — routing checklist -Replace TBDs with real IPs and ports when deployed. Update ALL_VMIDS_ENDPOINTS, RPC_ENDPOINTS_MASTER. Add NPMplus proxy for the-order.sankofa.nexus when The Order is live. When done update PLACEHOLDERS_AND_TBD and REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS. See NOT_IMPLEMENTED_FULL_SCOPE in docs/00-meta. +**Canonical:** [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md) (NPM targets), [RPC_ENDPOINTS_MASTER.md](RPC_ENDPOINTS_MASTER.md) (Sankofa table). + +## Done (production) + +- [x] NPMplus **the-order.sankofa.nexus** / **www.the-order.sankofa.nexus** → **192.168.11.39:80** (VMID **10210** order-haproxy), HAProxy → **192.168.11.51:3000** (portal 7801). +- [x] **www.the-order** → **301** `https://the-order.sankofa.nexus` (NPM `advanced_config`). +- [x] HAProxy on 10210: `config/haproxy/order-haproxy-10210.cfg.template`, deploy `scripts/deployment/provision-order-haproxy-10210.sh`. + +## If 10210 is down (bypass) + +```bash +THE_ORDER_UPSTREAM_IP=192.168.11.51 THE_ORDER_UPSTREAM_PORT=3000 \ + bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh +``` + +## Ongoing + +- [ ] Keep **the_order** app and portal 7801 healthy (HAProxy only forwards). +- [ ] Re-run E2E: `scripts/verify/verify-end-to-end-routing.sh --profile=public`. + +Related: [SANKOFA_CUTOVER_PLAN.md](SANKOFA_CUTOVER_PLAN.md) (history + same targets). diff --git a/docs/05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md b/docs/05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md index 9f3203b..d72a3e7 100644 --- a/docs/05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md +++ b/docs/05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md @@ -1,6 +1,6 @@ # E2E Success Runbook: Cloudflare Domains -**Last Updated:** 2026-02-05 +**Last Updated:** 2026-03-27 **Status:** Active **Purpose:** Achieve and verify complete end-to-end success for all public endpoints reachable via Cloudflare DNS (and optionally Fastly). All domains must pass DNS, SSL, and HTTP/RPC/WebSocket tests. @@ -38,7 +38,7 @@ The verification script covers all public domains that require access from Cloud | mim4u.org, www, secure, training | web | 192.168.11.37:80 | | sankofa.nexus, www | web | 192.168.11.51:3000 | | phoenix.sankofa.nexus, www | web | 192.168.11.50:4000 | -| the-order.sankofa.nexus | web | TBD | +| the-order.sankofa.nexus, www.the-order.sankofa.nexus | web | NPM → `192.168.11.39:80` (10210 HAProxy → `192.168.11.51:3000`); www → 301 apex | | studio.sankofa.nexus | web | 192.168.11.72:8000 | | rpc.public-0138.defi-oracle.io | rpc-http | 192.168.11.240:443 | | rpc.defi-oracle.io | rpc-http | 192.168.11.221:8545 |