d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(cloudflare): explorer.d-bis WAN DNS helper + d-bis.org SSL full mode

Browse Source 
- configure-explorer-d-bis-dns-wan.sh: PATCH explorer A (default 76.53.10.36), preserve proxied unless EXPLORER_D_BIS_CF_PROXIED set
- set-d-bis-org-zone-ssl-mode.sh: same SSL API as sankofa script for d-bis.org (fixes Flexible+NPM loops)
- TOKEN_AGGREGATION_REPORT_API_RUNBOOK: operator sequence for 502/522/loops + LAN fallback pointer

Made-with: Cursor
This commit is contained in:
defiQUG
2026-04-13 22:26:26 -07:00
parent 33d594731e
commit 76253586e7
3 changed files with 159 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/04-configuration/TOKEN_AGGREGATION_REPORT_API_RUNBOOK.md
View File

@@ -15,9 +15,22 @@ bash metamask-integration/chain138-snap/scripts/verify-snap-api-and-icons.sh htt
**If you see "no .tokens" or "no .networks":** The `/api/v1/` path is likely proxied to Blockscout (or another backend) instead of token-aggregation. Proceed to §2. **Repo check:** `scripts/verify/check-public-report-api.sh` tries apex `/api/v1/` first, then `/token-aggregation/api/v1/`, and uses whichever returns a `.networks` array.
### 1.1 HTTPS 502 on `/token-aggregation/` while LAN is OK
### 1.1 HTTPS 502 / 522 / redirect loops on `/token-aggregation/` while LAN is OK
If `curl https://explorer.d-bis.org/token-aggregation/api/v1/networks` returns **502** but `curl -H "Host: explorer.d-bis.org" http://192.168.11.140/token-aggregation/api/v1/networks` is **200**, nginx and `token-aggregation` on VMID **5000** are healthy; suspect **WAN port-forward or public IP routing** (one public IP may forward correctly while another does not). Compare `curl -k --resolve explorer.d-bis.org:443:<candidate_wan_ip>` across routed NPM addresses, fix UDM/NAT or Cloudflare **A** for `explorer`, or rely on LAN verification: `bash scripts/verify/check-public-report-api.sh "http://192.168.11.140"`. **`run-completable-tasks-from-anywhere.sh`** retries that LAN URL automatically if the public HTTPS check fails.
If `curl -H "Host: explorer.d-bis.org" http://192.168.11.140/token-aggregation/api/v1/networks` is **200** but the public URL fails, nginx and `token-aggregation` on VMID **5000** are healthy; the break is usually **Cloudflare ↔ NPM ↔ WAN**.
**Operator sequence (repo scripts, from LAN with `.env`):**
1. **d-bis.org SSL mode Full** (fixes Flexible + NPM “SSL forced” redirect loops):
`bash scripts/cloudflare/set-d-bis-org-zone-ssl-mode.sh full`
2. **Explorer A record** (default primary WAN `76.53.10.36`, orange-cloud preserved unless you export `EXPLORER_D_BIS_CF_PROXIED`):
`bash scripts/cloudflare/configure-explorer-d-bis-dns-wan.sh`
If only an alternate WAN forwards cleanly to the NPM row for `explorer`, set e.g. `EXPLORER_D_BIS_WAN_A=76.53.10.34` (see `config/ip-addresses.conf` `PUBLIC_IP_ER605_WAN1`) and re-run.
3. **Verify:** `bash scripts/verify/check-public-report-api.sh` (or `BASE_URL=…` as below).
**LAN-only verification** (bypasses public DNS):
`bash scripts/verify/check-public-report-api.sh "http://192.168.11.140"`
**`run-completable-tasks-from-anywhere.sh`** retries that LAN URL automatically if the public HTTPS check fails.
---