d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Packages Projects Releases Wiki Activity

chore: update submodule references and documentation
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details

Browse Source 
- Marked submodules ai-mcp-pmm-controller, explorer-monorepo, and smom-dbis-138 as dirty to reflect recent changes.
- Updated documentation to clarify operator script usage, including dotenv loading and task execution instructions.
- Enhanced the README and various index files to provide clearer navigation and task completion guidance.

Made-with: Cursor
This commit is contained in:
defiQUG
2026-03-04 02:03:08 -08:00
parent 70eadb7bf0
commit e4c9dda0fd
246 changed files with 17774 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
docs/04-configuration/ACTIVITY_FEED_SPEC.md Normal file
View File

@@ -0,0 +1,91 @@
# Activity Feed — Event Schema and Ingestion
**Purpose:** Canonical event model and ingestion spec for the normalized activity feed: transfers, app events, and bridge stitching. Table: `activity_events` (migration 0014).
**References:** [indexer-architecture.md](../../explorer-monorepo/docs/specs/indexing/indexer-architecture.md), [heatmap-chains.ts](../../smom-dbis-138/services/token-aggregation/src/config/heatmap-chains.ts) (ALT vs B/SBS), [cross-chain-bridges.ts](../../smom-dbis-138/services/token-aggregation/src/config/cross-chain-bridges.ts) (`getRouteFromRegistry`).
---
## 1. Table: `activity_events`
| Column | Type | Description |
|--------|------|-------------|
| `id` | uuid | Primary key (default gen_random_uuid()) |
| `chain_id` | integer | 138 or 651940 (and others when indexed) |
| `transaction_hash` | varchar(66) | Tx hash |
| `log_index` | integer | Log index (0 for tx-level) |
| `block_number` | bigint | Block number |
| `block_timestamp` | timestamptz | Block time |
| `actor` | varchar(42) | Wallet that initiated the action |
| `subject` | varchar(42) | Optional: user/account/tokenId/resource |
| `event_type` | varchar(32) | TRANSFER, APP_ACTION, CLAIM, BRIDGE_OUT, BRIDGE_IN |
| `contract_address` | varchar(42) | Contract that emitted or was called |
| `data` | jsonb | Parsed event fields |
| `routing` | jsonb | `{ "path": "ALT" | "CCIP", "fromChain", "toChain", "bridgeTxHash"?: string }` |
| `created_at` | timestamptz | Insert time |
**Unique:** `(chain_id, transaction_hash, log_index)`.
---
## 2. Ingestion
### 2.1 Transfers
- **Source:** Existing `token_transfers` (and ERC-721/1155 logs when indexed).
- **Mapping:** For each row: insert into `activity_events` with `event_type = 'TRANSFER'`, `actor = from_address`, `subject = to_address` (or token id for NFT), `data = { from, to, value, tokenContract }`, `contract_address = token_contract`. `routing` = NULL for same-chain transfers.
- **Backfill:** One-time or periodic job: `INSERT INTO activity_events (...) SELECT ... FROM token_transfers WHERE NOT EXISTS (...)`.
### 2.2 App events
- **Source:** Application-lifecycle events (create, complete, settle, redeem, etc.) from your contracts.
- **Registry:** Maintain a mapping (event signature → `event_type` + parser). Example: `0x...``APP_ACTION`, parse `data` from log topics/data.
- **Insert:** Decode log; set `event_type`, `actor` (e.g. tx from), `subject` (e.g. orderId), `data` (decoded fields), `contract_address`.
### 2.3 Bridge stitching
- **Source:** Bridge contracts (AlltraAdapter, CCIP WETH9/WETH10); events such as lock/burn on source, mint/release on destination.
- **Routing:** Use [getRouteFromRegistry](../../smom-dbis-138/services/token-aggregation/src/config/cross-chain-bridges.ts) or [config/routing-registry.json](../../config/routing-registry.json): 138↔651940 → `path: "ALT"`, 138↔others → `path: "CCIP"`.
- **Insert:** For each bridge event, set `routing = { path: "ALT"|"CCIP", fromChain, toChain, bridgeTxHash }`. Optionally correlate "bridge out" and "bridge in" with a shared `data.correlationId` so the API can return one stitched feed item per cross-chain move.
---
## 3. Activity feed API
**Queries:**
- **By user:** `WHERE actor = $address OR subject = $address` (paginated).
- **By token/NFT:** `WHERE subject = $tokenId` or `WHERE contract_address = $token AND data->>'tokenId' = $tokenId` (paginated).
- **Global:** `WHERE event_type IN (...)` with pagination by `(block_timestamp DESC, id DESC)`.
**Pagination:** Cursor-based using `(block_timestamp, id)`; limit e.g. 50 per page.
**Example (by user):**
```sql
SELECT * FROM activity_events
WHERE actor = $1 OR subject = $1
ORDER BY block_timestamp DESC, id DESC
LIMIT 50 OFFSET $2;
```
---
## 4. Event type enum (logical)
| event_type | Description |
|------------|-------------|
| TRANSFER | ERC-20/721/1155 transfer |
| APP_ACTION | App-lifecycle (create, complete, settle, etc.) |
| CLAIM | Claim/mint from drop or contract |
| BRIDGE_OUT | Lock/burn on source chain |
| BRIDGE_IN | Mint/release on destination chain |
---
## 5. Migration
- **Up:** [0014_activity_events.up.sql](../../explorer-monorepo/backend/database/migrations/0014_activity_events.up.sql)
- **Down:** `0014_activity_events.down.sql`
Run with your existing migration runner (e.g. golang-migrate, node-pg-migrate) against the explorer/backend DB.

105
docs/04-configuration/ALLTRA_SPONSORSHIP_POLICY_MATRIX.md Normal file
View File

@@ -0,0 +1,105 @@
# Alltra (651940) Gas Sponsorship — Policy Matrix and Method Allowlist
**Purpose:** Define the sponsorship policy for Alltra-native gas (ERC-4337 paymaster on chain 651940): three-tier policy, method allowlist, and anti-abuse controls. Use with thirdweb Engine or an ERC-4337 paymaster contract on 651940.
**References:** [thirdweb Gas Sponsorship](https://portal.thirdweb.com/wallets/sponsor-gas), [ERC-4337 Paymasters](https://docs.erc4337.io/paymasters/index.html), [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](THIRDWEB_ENGINE_CHAIN_OVERRIDES.md).
---
## 1. Policy groups
### Policy Group 1 — Always sponsor (low risk, onboarding)
| Category | Contract | Allowed methods | Notes |
|----------|----------|-----------------|-------|
| Smart account init | AA factory / account | `createAccount`, `initialize` | Required for first use |
| Session / auth proofs | Auth/Session contract (if onchain) | `registerKey`, `rotateKey` | If keys stored onchain |
| First app action | CoreApp contract (TBD) | 12 core functions | Keep small initially |
### Policy Group 2 — Sponsor with caps (medium risk)
| Category | Contract | Allowed methods | Caps |
|----------|----------|-----------------|------|
| App events writes | CoreApp / Modules | Selected write funcs | Per-user/day tx limit + per-user/day gas limit |
| Claims / mints | Token/NFT drop | `claim`, `mintTo` | Restrict to allowlisted drops only |
### Policy Group 3 — Do not sponsor (high risk)
- Arbitrary `approve()` to unknown spenders
- Arbitrary ERC-20 `transfer` / `transferFrom`
- Swaps and bridge calls (user pays gas)
---
## 2. Anti-abuse controls (minimum viable)
- **Per-user daily max sponsored gas** — e.g. 500k gas/day per wallet.
- **Per-IP / per-device burst limits** — e.g. max N requests per minute from same IP.
- **Contract allowlist only** — only contracts in the allowlist can be called in sponsored userOps.
- **Method allowlist only** — only method selectors in the allowlist (see below) are sponsored.
- **Optional:** After first N sponsored tx, require user to hold a small amount of native gas token before further sponsorship.
---
## 3. Method allowlist (production)
Configure the paymaster with a **method allowlist** keyed by `(chainId, contract, method selector)`.
**Chain:** 651940 (Alltra).
**Contract + method selectors:** To be filled when CoreApp (and optional AA factory, session contract) addresses and method names are known. Example shape:
| Contract (address) | Method | Selector (4 bytes) | Policy group |
|--------------------|--------|---------------------|--------------|
| TBD (CoreApp) | `doAction` | `0x...` | 1 or 2 |
| TBD (AA factory) | `createAccount` | `0x...` | 1 |
| TBD (AA factory) | `initialize` | `0x...` | 1 |
**How to add selectors:** For each method, compute `keccak256(methodSignature).slice(0, 10)` (e.g. `doAction(uint256)` → selector). Paste into Engine paymaster policy or into your paymaster contracts allowlist.
**Placeholder JSON (allowlist):** When you have contract addresses and method names, add a file e.g. `config/alltra-sponsorship-allowlist.json`:
```json
{
"chainId": 651940,
"contracts": [
{
"address": "0x...",
"label": "CoreApp",
"methods": [
{ "name": "doAction", "selector": "0x..." }
]
}
]
}
```
---
## 4. Per-user / per-day caps (recommended values)
| Limit | Suggested value | Notes |
|-------|------------------|-------|
| Sponsored gas per user per day | 500_000 | Tune for your app |
| Sponsored tx count per user per day | 10 | For Group 2 |
| Burst (per IP) | 20 req/min | Rate limit |
---
## 5. Implementation checklist
- [ ] Add chain 651940 to Engine (see [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](THIRDWEB_ENGINE_CHAIN_OVERRIDES.md)).
- [ ] Create or configure paymaster on 651940 (thirdweb Engine or custom contract).
- [ ] Set Policy Group 1 contracts and method selectors (AA init, optional session).
- [ ] Set Policy Group 2 contracts and method selectors (CoreApp, claims) with per-user/day caps.
- [ ] Enforce contract + method allowlist; reject all other calls.
- [ ] Add per-user daily gas and tx limits; optional per-IP burst limit.
---
## 6. Separation from x402
- **Sponsorship:** Pays for **gas** of users app actions (onchain writes) on 651940.
- **x402:** User pays **USDC** for API/service access (offchain response gated by onchain payment proof).
They are independent: x402 payment is a user-funded USDC transfer; sponsored txs are paymaster-funded gas.

44
docs/04-configuration/ALLTRA_X402_OPERATOR_GUIDE.md Normal file
View File

@@ -0,0 +1,44 @@
# Alltra + x402 Operator Guide
**Purpose:** Short operator reference for Alltra (651940) and x402: server wallet usage, chain config, and where to look for runbooks.
---
## Server wallet usage
- Use the **server wallet** (e.g. `SERVER_WALLET_ADDRESS` in x402-api) only for:
- Contract admin (roles, pausing, upgrades)
- Allowlist/signature minting
- Indexer repair jobs
- Operational controls (key rotation, emergency)
- **Do not** use it in user flows; keep keys in KMS/HSM/custody.
- Full policy: [THIRDWEB_WALLETS_INTEGRATION.md](THIRDWEB_WALLETS_INTEGRATION.md) §3.1.
---
## Chains
- **138:** Hub (DeFi Oracle Meta Mainnet); RPC and Engine overrides: [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](THIRDWEB_ENGINE_CHAIN_OVERRIDES.md).
- **651940:** Alltra (ALL Mainnet); sponsorship and x402 USDC on this chain.
---
## x402 (Alltra-native)
- **Env:** `X402_USE_ALLTRA=true`, `SERVER_WALLET_ADDRESS`, optional `CHAIN_651940_RPC_URL`. When Alltra is used, local verification does not require `THIRDWEB_SECRET_KEY`.
- **Spec:** [X402_ALLTRA_ENDPOINT_SPEC.md](X402_ALLTRA_ENDPOINT_SPEC.md) — 402 challenge, PAYMENT-SIGNATURE, local verification on 651940 USDC.
- **API:** x402-api returns 402 + `PAYMENT-REQUIRED` when unpaid; accepts `PAYMENT-SIGNATURE` with `txHash` and verifies settlement on 651940.
---
## Sponsorship (paymaster on 651940)
- **Policy:** [ALLTRA_SPONSORSHIP_POLICY_MATRIX.md](ALLTRA_SPONSORSHIP_POLICY_MATRIX.md) — three-tier policy, method allowlist, anti-abuse caps.
- **Engine:** Add chain 651940 per [THIRDWEB_ENGINE_CHAIN_OVERRIDES.md](THIRDWEB_ENGINE_CHAIN_OVERRIDES.md) so paymaster and backend wallets work.
---
## Routing and activity feed
- **Routing registry:** [config/routing-registry.json](../../config/routing-registry.json); ALT for 138↔651940, CCIP for 138↔others. Helper: `getRouteFromRegistry()` in token-aggregation.
- **Activity feed:** [ACTIVITY_FEED_SPEC.md](ACTIVITY_FEED_SPEC.md) — `activity_events` table, ingestion, feed API.

129
docs/04-configuration/CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md Normal file
View File

@@ -0,0 +1,129 @@
# Core RPC 2101 & 2102 — TXPOOL and ADMIN Status
**Last Updated:** 2026-03-04
**Purpose:** Status of Core RPC nodes 2101 and 2102 for tx pool and admin APIs, and whether `txpool_besuClear`, `txpool_clear`, and `admin_removeTransaction` can be supported.
---
## 1. Current status (verified 2026-03-04)
| Node | IP:Port | Container | rpc_modules (exposed) | Block |
|--------|--------------------|-----------|---------------------------|---------|
| **2101** | 192.168.11.211:8545 | Running | admin, eth, net, txpool, web3 | 2,547,803 |
| **2102** | 192.168.11.212:8545 | Running | admin, eth, net, txpool, web3 | — |
- **2101** uses `/etc/besu/config-rpc-core.toml` with `rpc-http-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]`.
- **2102** uses `/etc/besu/config-rpc.toml` with `rpc-http-api=["ETH","NET","WEB3","ADMIN","DEBUG","TXPOOL"]`.
Both nodes already expose the **TXPOOL** and **ADMIN** API groups. No extra config is required for “enabling” these groups.
---
## 2. Requested methods: not implemented in Besu
You want Core RPC nodes 2101 and 2102 to support:
- `txpool_besuClear`
- `txpool_clear`
- `admin_removeTransaction`
**Conclusion: Hyperledger Besu does not implement these JSON-RPC methods.**
- **txpool_besuClear** and **txpool_clear** are not part of Besus JSON-RPC API. Besu only provides:
- `txpool_besuPendingTransactions`
- `txpool_besuStatistics`
- `txpool_besuTransactions`
and does not document or ship a “clear pool” RPC method.
- **admin_removeTransaction** is not documented or implemented in Besu. Admin methods that do exist include things like `admin_peers`, `admin_nodeInfo`, etc., but not transaction removal.
So **no configuration or version change on 2101/2102 can add these three methods**; they are not available in Besu.
---
## 3. What 2101 and 2102 do support
- **TXPOOL:** `txpool_besuTransactions`, `txpool_besuStatistics`, `txpool_besuPendingTransactions` (and any other TXPOOL methods Besu implements). These work today when the TXPOOL API group is enabled (as on 2101 and 2102).
- **ADMIN:** All Besu admin methods (e.g. `admin_peers`, `admin_nodeInfo`, etc.) are available; only `admin_removeTransaction` does not exist in Besu.
Config for Core RPC should keep **TXPOOL** and **ADMIN** (and DEBUG if desired) in `rpc-http-api` and `rpc-ws-api` so that all supported txpool and admin methods remain available. The repos canonical config for Core RPC is:
- **Path:** `smom-dbis-138/config/config-rpc-core.toml`
- **Relevant lines:**
`rpc-http-api=["ETH","NET","WEB3","TXPOOL","QBFT","ADMIN","DEBUG","TRACE"]`
and matching `rpc-ws-api`.
Ensuring 2101 and 2102 use this (or equivalent) gives maximum supported TXPOOL/ADMIN surface; it does not add the three unsupported methods above.
---
## 4. How to clear stuck transactions (operational workaround)
Because Besu does not expose a “clear pool” or “remove transaction” RPC:
1. **Preferred:** Run `./scripts/clear-all-transaction-pools.sh` (clears pool on validators and RPC nodes 2101/2201 by restarting Besu and clearing pool data). Then wait 3060s before sending new transactions.
2. **Alternative:** Use replacement transactions (same nonce, higher gas) so the new tx replaces the stuck one; see `./scripts/cancel-pending-transactions.sh` if available.
3. **Resolve script:** `./scripts/resolve-stuck-transaction-besu-qbft.sh` will try `txpool_besuClear` / `txpool_clear` / `admin_removeTransaction`; on Besu these return “Method not found”. The script is still useful to inspect nonce and suggest the operational workarounds above.
---
## 5. Can we “continue where we left off”?
- **If “continue” means:** deploy contracts, mint, add liquidity, or run other scripts that send transactions via 2101/2102:
- **Yes**, as long as:
- No stuck transaction is blocking the deployer nonce. If there is, run `./scripts/clear-all-transaction-pools.sh` (and optionally wait for validators to sync), then retry.
- Block production is progressing (run `./scripts/monitoring/monitor-blockchain-health.sh`); if its stalled, see `docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md`.
- **If “continue” means:** having 2101/2102 support `txpool_besuClear`, `txpool_clear`, and `admin_removeTransaction`:
- **No.** Those methods are not implemented in Besu; no further “fixes” or config can add them. Use the operational workarounds in §4 instead.
---
## 6. Ensuring 2101 and 2102 use canonical config
To keep 2101 and 2102 in sync with the repo and with maximum TXPOOL/ADMIN support (without adding the three unsupported methods):
- Run:
`./scripts/maintenance/ensure-core-rpc-config-2101-2102.sh`
Options: `--dry-run` (no changes), `--2101-only`, `--2102-only`.
The script sets `rpc-http-api` and `rpc-ws-api` on the node to include ETH, NET, WEB3, TXPOOL, QBFT, ADMIN, DEBUG, TRACE (HTTP) and ETH, NET, WEB3, TXPOOL, QBFT, ADMIN (WS), then restarts Besu.
- After any config change, verify with:
- `./scripts/maintenance/health-check-rpc-2101.sh`
- For 2102:
`curl -s -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' http://192.168.11.212:8545`
---
## 7. Status to continue (run these before mint/deploy)
| Check | Command / target | Last result | Action if fail |
|-------|------------------|------------|----------------|
| Core RPC 2101 healthy | `./scripts/maintenance/health-check-rpc-2101.sh` | All passed | Run `./scripts/maintenance/fix-core-rpc-2101.sh` |
| Tx pool empty | `txpool_besuTransactions` → expect 0 | 1 tx (stuck) | Run `./scripts/clear-all-transaction-pools.sh`; wait 3060s |
| All 5 validators active | `systemctl is-active besu-validator` on 10001004 | 10001003 active; **1004 failed** | On ML110: `ssh root@192.168.11.10 'pct exec 1004 -- systemctl restart besu-validator'` |
| Block production | `./scripts/monitoring/monitor-blockchain-health.sh` | Stalled | Ensure all 5 validators active; wait for sync |
| RPC for mint | `RPC_URL_138=http://192.168.11.211:8545` in smom-dbis-138/.env | Set | Use Core RPC only |
**Order to continue:** (1) Restart validator 1004. (2) Clear tx pool. (3) Re-check tx pool = 0 and validators 5/5. (4) Run monitor-blockchain-health until blocks advance. (5) `cd smom-dbis-138 && ./scripts/mint-for-liquidity.sh` then optionally `--add-liquidity`.
---
## 8. Continue run (2026-03-04)
- ensure-core-rpc-config: 2101 and 2102 updated and restarted. Health-check-rpc-2101 passed.
- Stuck tx: 1 in pool. Clear via `clear-all-transaction-pools.sh`. Validator 1004: **failed** — restart on ML110. Block production stalled until 1004 up and sync; then retry mint.
**Continue run (same day, after “Update the Status”):**
- Validator 1004 restarted on ML110.
- `clear-all-transaction-pools.sh` run to completion (validators 10001004, RPC 2101, 2201 cleared and restarted).
- Tx pool still showed 1 tx after clear (re-broadcast from peers or RPC 2101 pool repopulated).
- Block production still stalled (monitor: “no new blocks in 5s”).
- Mint failed with “Replacement transaction underpriced” until mint script was updated to pass `--gas-price` (uses `GAS_PRICE_138`, default 1 gwei). With `GAS_PRICE_138=500000000000` (500 gwei), first mint tx was **accepted** but **timed out** waiting for confirmation (blocks not advancing).
- **Next:** When blocks advance, run `cd smom-dbis-138 && GAS_PRICE_138=500000000000 ./scripts/mint-for-liquidity.sh` (or re-run clear then mint with default gas). Optional: `--add-liquidity` after mint confirms.
---
## 9. References
- Besu transaction pool concepts: https://besu.hyperledger.org/stable/public-networks/concepts/transactions/pool
- Resolve stuck tx (workarounds): `./scripts/resolve-stuck-transaction-besu-qbft.sh`
- Clear all tx pools: `./scripts/clear-all-transaction-pools.sh`
- Health: `./scripts/maintenance/health-check-rpc-2101.sh`, `./scripts/monitoring/monitor-blockchain-health.sh`

14
docs/04-configuration/DETAILED_GAPS_AND_ISSUES_LIST.md
View File

@@ -166,6 +166,20 @@
---
## 11a. Interpreting verification HTTP codes (301, 404, 000)
When running `verify-backend-vms.sh`, `verify-all-systems.sh`, or NPMplus checks, the following responses are **often expected** and do not necessarily indicate a failure:
| Code | Meaning | Typical cause |
|------|--------|----------------|
| **301** | Redirect | HTTPS redirect (e.g. nginx on :80 redirecting to HTTPS). Service is up. |
| **404** | Not found | Wrong port or path used in the check; or NPMplus/proxy returns 404 for a bare path. Service may still be healthy. |
| **000** | No response | Connection failed from the host running the script: wrong host (e.g. checking NPMplus admin from off-LAN), firewall, or service bound to localhost only (e.g. NPMplus admin on :81 inside CT). |
**Summary:** 301 = HTTPS redirect (normal). 404 = incorrect port/path or NPMplus behaviour. 000 = connectivity/context (host, TLS, or port). Treat as failures only when the intended endpoint and client context match.
---
## 12. Remaining Operator Actions (Requires Proxmox/Server Access)
1. **Apply nginx fix and deploy config on VMID 5000:** Run `./scripts/apply-remaining-operator-fixes.sh` from repo root (LAN/operator). **Applied 2026-03-02:** nginx fix and explorer config deploy completed successfully.

16
docs/04-configuration/EXPLORER_TROUBLESHOOTING.md
View File

@@ -67,6 +67,22 @@ If the NPMplus UI shows **ApiError** with **code: 400** and an empty or vague me
If 400 persists, check the NPMplus container logs (e.g. from the Proxmox host: `pct exec 10233 -- tail -100 /data/logs/*.log` or the path your NPMplus uses) for the actual validation or backend error.
**ApiError 400 on dashboard load (already logged in)**
If you see repeated **ApiError code 400** in the console as soon as the NPMplus UI loads (e.g. "Welcome to NPMplus", "You are logged in as Administrator"), the frontend is calling one or more API endpoints that return 400. Common causes:
1. **Find the failing request:** In the browser, open **Developer Tools****Network** tab → reload the NPMplus page. Filter by "Fetch/XHR". Find any request with status **400** and note the **Request URL** and **Response** body. Typical endpoints the dashboard calls: `/api/nginx/proxy-hosts`, `/api/nginx/certificates`, `/api/nginx/access-lists`, `/api/settings`, etc.
2. **Test the API from the command line** (from a host that can reach NPMplus):
```bash
# From project root, with NPM_PASSWORD and NPM_EMAIL in .env
NPM_URL="https://192.168.11.167:81" bash scripts/verify/export-npmplus-config.sh
```
If the export script succeeds, the same GET endpoints work from curl; the 400 may be limited to a specific endpoint or to the browser (e.g. session, or a different endpoint the UI calls). If the script fails with 400, note which step fails (login vs proxy-hosts vs certificates).
3. **Browser:** Try an **incognito/private** window or another browser; clear cache and log in again.
4. **Backend data:** Sometimes one proxy host or certificate record has invalid or unexpected data and the API returns 400 when returning the list. Check NPMplus container logs (see above). If you have a recent backup, you can compare or restore.
See also: [NPMPLUS_UI_APIERROR_400_RUNBOOK.md](NPMPLUS_UI_APIERROR_400_RUNBOOK.md) for a short runbook and API test commands.
---
## Fixes Applied (2026-01-31)

78
docs/04-configuration/EXPLORER_WALLET_LINK_QUICK_WIN.md Normal file
View File

@@ -0,0 +1,78 @@
# Explorer "Wallet" Link — Quick Win Runbook
**Purpose:** Add a Wallet link to the Blockscout/explorer navbar so users can reach the wallet page (e.g. https://explorer.d-bis.org/wallet).
**Effort:** ~15 minutes.
**Prerequisite:** SSH access to the explorer VM (e.g. VMID 5000).
---
## Option A: Blockscout frontend (recommended)
If the explorer uses a Blockscout frontend with a configurable nav:
1. SSH to the explorer host:
```bash
ssh user@explorer-host # or pct exec if container
```
2. Locate the frontend config or template that defines the navbar (e.g. env `NAV_LINKS`, or a template under the Blockscout app).
3. Add a Wallet entry. Example (env-style):
```bash
# If NAV_LINKS or similar is JSON:
# Add {"label":"Wallet","href":"/wallet"} to the links array
```
4. Restart the frontend service if required; reload the site.
---
## Option B: Static HTML / proxy landing page
If the explorer is served by Nginx with a static landing page (e.g. `/var/www/html/index.html`):
1. SSH to the host that serves the explorer (e.g. VMID 5000 or the NPMplus/proxy host).
2. Find the main HTML file. Common paths:
- `/var/www/html/index.html`
- Nginx root for the explorer vhost
3. Open the file and locate the navigation section (e.g. `<nav>`, `<header>`, or a div with nav links).
4. Add the Wallet link next to existing nav items:
```html
<a href="/wallet">Wallet</a>
```
Example in context:
```html
<nav>
<a href="/">Explorer</a>
<a href="/wallet">Wallet</a>
<!-- other links -->
</nav>
```
5. Save and reload https://explorer.d-bis.org — the Wallet link should appear.
---
## Option C: One-liner (when you know the exact file)
If the nav is in a single file and you can edit it:
```bash
# After SSH to explorer host — backup then append or sed (adjust path and nav structure)
sudo cp /var/www/html/index.html /var/www/html/index.html.bak
# Then edit manually, or use sed only if the structure is known and stable:
# sudo sed -i 's|</nav>| <a href="/wallet">Wallet</a>\n</nav>|' /var/www/html/index.html
```
Prefer manual edit when the HTML structure is not uniform.
---
## Verify
- Open https://explorer.d-bis.org (or your explorer URL).
- Confirm "Wallet" appears in the navbar.
- Click it and confirm the wallet page loads (e.g. MetaMask chain-add / token list).
---
## References
- [REMAINING_TASKS.md](../REMAINING_TASKS.md) § Quick Wins
- [OPTIONAL_RECOMMENDATIONS_INDEX.md](../OPTIONAL_RECOMMENDATIONS_INDEX.md) § Quick win: Explorer "Wallet" link

8
docs/04-configuration/INGRESS_VERIFICATION_RUNBOOK.md
View File

@@ -429,6 +429,14 @@ wscat -c wss://rpc-ws-pub.d-bis.org
- Verify certificate in NPMplus: Check certificate list in API export
- Renew certificate if expired: NPMplus UI → SSL Certificates → Renew
### Public URL Timeout (000) — DNS OK but explorer.d-bis.org unreachable
**Symptoms**: `curl https://explorer.d-bis.org` times out; `dig explorer.d-bis.org` returns 76.53.10.36.
**Cause**: Often NAT hairpin (client on LAN; router does not loop 76.53.10.36 back to NPMplus), or firewall blocking 443.
**Solutions**: See [EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md](../05-network/EXPLORER_PUBLIC_URL_UNREACHABLE_FIX.md): enable hairpin on UDM Pro, or use hosts entry `192.168.11.167 explorer.d-bis.org` for LAN; verify port forward; test from external network.
### Internal Connectivity Fails
**Symptoms**: Cannot connect to NPMplus or backend VMs

50
docs/04-configuration/NPMPLUS_CUSTOM_NGINX_CONFIG.md Normal file
View File

@@ -0,0 +1,50 @@
# NPMplus custom Nginx configuration
**Purpose:** Reference for editing proxy hosts in NPMplus when adding security headers or custom directives.
**Important:** Adding `location '/'` in custom config **overwrites** the proxy; use headers only or a custom `'/'` location as needed.
---
## Proxy details as Nginx variables
In **Custom Nginx Configuration** for a proxy host, these variables are available:
| Variable | Meaning |
|----------|--------|
| `$server` | Backend domain or IP (e.g. `192.168.11.140`) |
| `$port` | Backend port (e.g. `80`) |
| `$forward_scheme` | Scheme to backend: `http` or `https` |
| `$forward_path` | Optional path forwarded to backend |
Use them if you need to reference the proxy target in custom blocks.
---
## Safe custom config (headers only)
To add **security headers** (including CSP with `'unsafe-eval'` for ethers.js v5) **without** replacing the proxy, paste the following in **Custom Nginx Configuration**. Do **not** add a `location '/'` block here, or it will overwrite the proxy to the backend.
```nginx
# Security Headers (unsafe-eval for ethers.js v5)
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests" always;
```
These directives apply in the context where NPMplus injects them (typically the proxy location). If your NPMplus version supports **more_set_headers** (from the headers-more module), you can use that instead of `add_header` for more control.
---
## Caveats (from NPMplus)
- **Adding `location '/'`** in custom config **overwrites** the proxy configuration for that host. The request will no longer be forwarded to `$server:$port`.
- If you need directives **inside** the `'/'` location, create a **custom location** for `'/'` in the UI (e.g. “Custom locations” → add location path `/`) instead of putting `location / { ... }` in the custom Nginx snippet.
- For **headers only**, prefer the snippet above (or **more_set_headers** if available); no `location` block is needed.
---
## Example use
- **Explorer (explorer.d-bis.org):** Proxy target `http://192.168.11.140:80`. Pasting the security-headers block above into “Custom Nginx Configuration” adds CSP and other headers without changing the proxy. Backend (VMID 5000) still serves the custom frontend and APIs.

86
docs/04-configuration/NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md Normal file
View File

@@ -0,0 +1,86 @@
# NPMplus Proxy Hosts — Snapshot (March 2026)
**Source:** NPMplus UI (main instance, VMID 10233).
**Snapshot date:** 2026-03-02.
**Purpose:** Reference of current proxy destinations and their VMID/service mapping.
---
## Unique backends (destination IP:port)
Deduplicated by destination. Multiple proxy hosts (domains) can point to the same backend.
| Destination | TLS | Status | VMID / Service |
|-------------|-----|--------|----------------|
| http://192.168.11.140:80 | Certbot | Online | **5000** blockscout-1 (Explorer) |
| http://192.168.11.211:80 | Certbot | Online | **2101** besu-rpc-core-1 (or legacy web?) |
| http://192.168.11.211:8545 | Certbot | Online | **2101** besu-rpc-core-1 |
| http://192.168.11.211:8546 | Certbot | Online | **2101** besu-rpc-core-1 (WS) |
| http://192.168.11.221:8545 | Certbot | Online | **2201** besu-rpc-public-1 |
| http://192.168.11.221:8546 | Certbot | Online | **2201** besu-rpc-public-1 (WS) |
| http://192.168.11.232:8545 | Certbot | Online | **2301** besu-rpc-private-1 |
| http://192.168.11.232:8546 | Certbot | Online | **2301** besu-rpc-private-1 (WS) |
| http://192.168.11.240:443 | Certbot | Online | **2400** thirdweb-rpc-1 (HTTPS) |
| http://192.168.11.246:8545 | Certbot | Online | **2503** besu-rpc-hybx-1 |
| http://192.168.11.247:8545 | Certbot | Online | **2504** besu-rpc-hybx-2 |
| http://192.168.11.248:8545 | Certbot | Online | **2505** besu-rpc-hybx-3 |
| http://192.168.11.172:8545 | Certbot | Online | **2500** besu-rpc-alltra-1 |
| http://192.168.11.173:8545 | Certbot | Online | **2501** besu-rpc-alltra-2 |
| http://192.168.11.174:8545 | Certbot | Online | **2502** besu-rpc-alltra-3 |
| http://192.168.11.177:80 | Certbot | Online | **5201** cacti-alltra-1 |
| http://192.168.11.251:80 | Certbot | Online | Legacy / verify (2501 destroyed; 2201 → .221) |
| http://192.168.11.58:80 | Certbot | Online | **5801** dapp-smom |
| http://192.168.11.130:80 | Certbot | Online | **10130** dbis-frontend |
| http://192.168.11.155:3000 | Certbot | Online | **10150** dbis-api-primary |
| http://192.168.11.156:3000 | Certbot | Online | **10151** dbis-api-secondary |
| http://192.168.11.54:3001 | Certbot | Public | **7804** Gov Portals (dbis.xom-dev.phoenix.sankofa.nexus) |
| http://192.168.11.54:3002 | HTTP only | **Unknown** | **7804** Gov Portals (iccc.xom-dev) |
| http://192.168.11.54:3003 | HTTP only | **Unknown** | **7804** Gov Portals (omnl.xom-dev) |
| http://192.168.11.54:3004 | HTTP only | **Unknown** | **7804** Gov Portals (xom.xom-dev) |
| http://192.168.11.60:3000 | Certbot | Online | **3000** or **5700** (ML / Dev VM — confirm which has .60) |
| http://192.168.11.37:80 | Certbot | Online | **7810** mim-web-1 (MIM4U) |
| http://192.168.11.36:80 | Certbot | Online | **7811** mim-api-1 |
| http://192.168.11.50:4000 | Certbot | Online | **7800** sankofa-api-1 (Phoenix API) |
| http://192.168.11.51:3000 | Certbot | Online | **7801** sankofa-portal-1 (Sankofa Portal) |
| http://192.168.11.72:8000 | Certbot | Online | **7805** sankofa-studio |
| http://192.168.11.10:8006 | Certbot | Online | Proxmox ml110 API |
| http://192.168.11.11:8006 | Certbot | Online | Proxmox r630-01 API |
| http://192.168.11.12:8006 | Certbot | Online | Proxmox r630-02 API |
---
## Not in this NPMplus instance
- **192.168.11.85** (Mifos, VMID 5800): Proxied by **NPMplus Mifos (VMID 10237)** at 192.168.11.171, not by main NPMplus (10233). Target is **https://192.168.11.85:443** (Mifos serves HTTPS only on this VM).
---
## Proper ports (from health checks)
| VMID | Hostname | Use this port for health/NPMplus |
|------|----------|-----------------------------------|
| 5000 | blockscout-1 | **80** (redirect), **443**, **4000** (API) |
| 2400 | thirdweb-rpc-1 | **443** (HTTPS proxy) or **8545** (RPC direct) |
| 5800 | mifos | **443** (HTTPS only; no :80 listener) — on NPMplus 10237 |
| 10130 | dbis-frontend | **80** |
| 10150 | dbis-api-primary | **3000** |
| 10151 | dbis-api-secondary | **3000** |
---
## Status notes
- **Online:** NPMplus reports the backend as reachable.
- **Unknown:** NPMplus reports Unknown (e.g. 192.168.11.54:3002, :3003, :3004) — may need TLS or backend check.
- **192.168.11.251:80:** Likely legacy; VMID 2501 (besu-rpc-2) was destroyed; core/public RPC are .211 and .221. Confirm or remove.
- **Duplicates in UI:** Same destination can appear multiple times (different domains), e.g. 192.168.11.140:80, 192.168.11.37:80, 192.168.11.221:8545/8546.
---
## Related docs
- [NPMPLUS_CUSTOM_NGINX_CONFIG.md](NPMPLUS_CUSTOM_NGINX_CONFIG.md) — proxy variables (`$server`, `$port`, `$forward_scheme`, `$forward_path`), safe custom config (headers only), and caveat: do not add `location '/'` or it overwrites the proxy.
- [ALL_VMIDS_ENDPOINTS.md](ALL_VMIDS_ENDPOINTS.md) — canonical VMID ↔ IP:port
- [RPC_ENDPOINTS_MASTER.md](RPC_ENDPOINTS_MASTER.md) — domain → backend
- [NPMPLUS_SERVICE_MAPPING_COMPLETE.md](NPMPLUS_SERVICE_MAPPING_COMPLETE.md) — NPMplus configuration reference
- [DETAILED_GAPS_AND_ISSUES_LIST.md](DETAILED_GAPS_AND_ISSUES_LIST.md) §11a — interpreting 301/404/000

103
docs/04-configuration/NPMPLUS_UI_APIERROR_400_RUNBOOK.md Normal file
View File

@@ -0,0 +1,103 @@
# NPMplus UI — ApiError 400 runbook
**Symptom:** NPMplus at https://192.168.11.167:81 shows "Welcome to NPMplus", "You are logged in as Administrator", but the browser console shows repeated **ApiError** with **code: 400** and empty or vague **message**.
**Meaning:** The UI is logged in, but one or more API calls (e.g. loading proxy hosts, certificates, settings) return HTTP 400 Bad Request. The frontend (main.bundle.js) turns that into ApiError.
---
## 1. Identify which request returns 400
1. Open NPMplus in the browser: `https://192.168.11.167:81`
2. Open **Developer Tools** (F12) → **Network** tab
3. Enable "Preserve log" if available
4. Reload the page (or navigate to the tab that triggers the errors)
5. In the Network list, filter by **Fetch/XHR** (or look for requests to `/api/`)
6. Find any request with status **400** (red). Click it and check:
- **Request URL** (e.g. `https://192.168.11.167:81/api/nginx/proxy-hosts`)
- **Response** body (often JSON with an error message or validation detail)
Note the exact URL and response; that tells you which backend endpoint is failing.
---
## 2. Test the same endpoint from the command line
From a machine that can reach NPMplus (e.g. on the same LAN), with `NPM_EMAIL` and `NPM_PASSWORD` set (e.g. from `.env`):
```bash
cd /path/to/proxmox
source .env 2>/dev/null || true
NPM_URL="${NPM_URL:-https://192.168.11.167:81}"
# Login and get token
TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" \
-H "Content-Type: application/json" \
-d "{\"identity\":\"$NPM_EMAIL\",\"secret\":\"$NPM_PASSWORD\"}")
TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // empty')
if [ -z "$TOKEN" ]; then
echo "Login failed: $TOKEN_RESPONSE"
exit 1
fi
echo "Login OK"
# Test endpoints the dashboard typically calls
for path in "/api/nginx/proxy-hosts" "/api/nginx/certificates" "/api/nginx/access-lists"; do
CODE=$(curl -s -k -o /tmp/npm_test_body -w "%{http_code}" -X GET "$NPM_URL$path" -H "Authorization: Bearer $TOKEN")
echo "$path -> HTTP $CODE"
[ "$CODE" != "200" ] && echo " Body: $(head -c 500 /tmp/npm_test_body)"
done
```
- If **login** fails with 400: credentials or request body may be wrong.
- If **proxy-hosts** or **certificates** returns 400: the backend may be rejecting the request or returning bad data (e.g. invalid record in DB). Check NPMplus logs.
---
## 3. NPMplus container logs
From the Proxmox host that runs NPMplus (VMID 10233, typically 192.168.11.11):
```bash
ssh root@192.168.11.11 "pct exec 10233 -- docker logs npmplus --tail 200 2>&1"
```
Or, if NPMplus runs without Docker inside the container:
```bash
ssh root@192.168.11.11 "pct exec 10233 -- tail -200 /data/logs/*.log 2>/dev/null"
```
Look for lines containing "400", "Bad Request", or validation errors around the time you load the UI.
---
## 4. Quick fixes to try
| Action | When it helps |
|--------|----------------|
| **Hard refresh / clear cache** | Cached frontend or bad session |
| **Incognito window** | Extensions or cache affecting requests |
| **Different browser** | Browser-specific behavior |
| **Re-login** | Session or token format issue |
| **Use .166 instead of .167** | If NPMplus is bound to .166 and .167 is a VIP, try `https://192.168.11.166:81` |
---
## 5. If one endpoint always returns 400
- **GET /api/nginx/proxy-hosts** or **/api/nginx/certificates** returning 400 can mean the backend has a record that fails validation when serialized. Options: restore from backup, or (if you have DB access) inspect and fix or remove the offending row. See [NPMPLUS_BACKUP_RESTORE.md](NPMPLUS_BACKUP_RESTORE.md).
- **NPMplus version:** You are on 2.12.3+0a85402. Check release notes or issues for that version for known 400s on list endpoints.
---
## 6. Export config (full API test)
Running the full export script exercises login + proxy-hosts + certificates:
```bash
NPM_URL="https://192.168.11.167:81" bash scripts/verify/export-npmplus-config.sh
```
If this completes without error, the main GET APIs work from curl; the UI 400 may be a different endpoint or browser-specific. If it fails, the script output shows which step returned an error.

65
docs/04-configuration/PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md Normal file
View File

@@ -0,0 +1,65 @@
# Adding a third and/or fourth R630 before migration — decision guide
**Context:** You are about to balance load by migrating containers from r630-01 to r630-02 (and optionally ml110). You asked whether it makes sense to add a **third** and/or **fourth** R630 to Proxmox **before** starting that migration.
---
## 1. You may already have a third and fourth R630
The repo documents **r630-03** (192.168.11.13) and **r630-04** (192.168.11.14):
- **Status:** Powered off; **not currently in the Proxmox cluster** (only ml110, r630-01, r630-02 are active).
- **Hardware (per report):** Dell R630, 512 GB RAM each, 2×600 GB boot, 6×250 GB SSD.
- **Issues when last used:** Not in cluster, SSL/certificate issues, and others — all with documented fixes.
**If these servers are still available and you are willing to power them on and fix them:**
- **Add them to the cluster first** (power on → fix SSL/join cluster per [reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md)).
- Then you have **four** Proxmox nodes (ml110 + r630-01, -02, -03, -04) or **three R630s + ml110**. Migration can then spread workload to r630-03 and r630-04 as well, instead of only to r630-02 and ml110.
- That gives more headroom and better HA (see below) **without** buying new hardware.
**If r630-03/04 are decommissioned or unavailable:** Treat this as “add new R630(s)” below.
---
## 2. Does it make sense to add a third/fourth R630 (or bring r630-03/04 online) before migration?
**Yes, it can make sense**, depending on goals.
| Goal | Add 3rd/4th R630 before migration? | Notes |
|------|-------------------------------------|--------|
| **Reduce load on r630-01 quickly** | Optional | Migration to **existing** r630-02 (and ml110) already helps. You can migrate first and add nodes later. |
| **More headroom long term** | Yes | With 34 R630s (+ ml110), workload is spread across more nodes; no single node is as hot as r630-01 today. |
| **Proxmox HA + Ceph** | Yes (3 min, 4 better) | Per [PROXMOX_HA_CLUSTER_ROADMAP.md](../02-architecture/PROXMOX_HA_CLUSTER_ROADMAP.md): **3 R630s** minimum for HA + Ceph; **4 R630s** better for Ceph recovery. You currently have 2 R630s + ml110; adding a 3rd (and 4th) R630 aligns with that. |
| **Avoid “just moving the problem”** | Yes | If you only move workload to r630-02, r630-02 may become the new bottleneck. Adding nodes gives more capacity so migration actually balances. |
| **Cost / complexity** | Your call | New hardware = cost and setup. Bringing r630-03/04 back = no new purchase, but time to power on, fix, and join cluster. |
**Practical recommendation:**
1. **If r630-03 and/or r630-04 exist and are usable:**
**Power them on and add them to the cluster first**, then run migration. You get a 4- (or 5-) node cluster and can move workload to r630-03 and r630-04 as well as r630-02. Use [reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md) for the fix sequence.
2. **If you do not have extra R630s (or theyre gone):**
**Migration first** is still valid: move candidates from r630-01 to r630-02 (and optionally ml110) per [PROXMOX_LOAD_BALANCING_RUNBOOK.md](PROXMOX_LOAD_BALANCING_RUNBOOK.md). That reduces r630-01 load with no new hardware. If after that you still want more capacity or HA, **then** add a 3rd (and 4th) R630.
3. **If you are buying new R630s:**
For HA + Ceph, the docs recommend **at least 3 R630s** (4 is better). So adding a **third** R630 is the minimum for that path; a **fourth** improves Ceph and spread. You can add them before or after the current migration; adding before gives more migration targets.
---
## 3. Order of operations (suggested)
| Scenario | Order |
|----------|--------|
| **r630-03 / r630-04 exist and you will use them** | 1) Power on r630-03 (and -04). 2) Fix and join cluster. 3) Run load-balance migration (including to r630-03 / -04 if desired). |
| **No extra R630s yet; migration only** | 1) Run migration r630-01 → r630-02 (and optionally ml110). 2) Re-check load. 3) If needed, plan 3rd/4th R630. |
| **Buying new 3rd/4th R630** | 1) Install Proxmox and join cluster. 2) Run migration so new nodes take part of the workload. |
---
## 4. References
- **r630-03/04 issues and fixes:** [reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md](../../reports/R630_03_04_POWER_ON_ISSUES_AND_FIXES.md)
- **HA and how many R630s:** [PROXMOX_HA_CLUSTER_ROADMAP.md](../02-architecture/PROXMOX_HA_CLUSTER_ROADMAP.md) — “At least 3 R630s for full HA with Ceph; 4 is better.”
- **Load-balance migration:** [PROXMOX_LOAD_BALANCING_RUNBOOK.md](PROXMOX_LOAD_BALANCING_RUNBOOK.md)
- **13-node long-term plan:** [R630_13_NODE_DOD_HA_MASTER_PLAN.md](../02-architecture/R630_13_NODE_DOD_HA_MASTER_PLAN.md)

116
docs/04-configuration/PROXMOX_LOAD_BALANCING_RUNBOOK.md Normal file
View File

@@ -0,0 +1,116 @@
# Proxmox load balancing runbook
**Purpose:** Reduce load on the busiest node (r630-01) by migrating selected LXC containers to r630-02. Also frees space on r630-01 when moving to another host. **Note:** ml110 is being repurposed to OPNsense/pfSense (WAN aggregator); migrate workloads *off* ml110 to r630-01/r630-02 before repurpose — see [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](../11-references/ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md).
**Before you start:** If you are considering adding a **third or fourth R630** to the cluster first, see [PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md](PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md) — including whether you already have r630-03/r630-04 (powered off) to bring online.
**Current imbalance (typical):**
| Node | IP | LXC count | Load (1/5/15) | Notes |
|----------|---------------|-----------|------------------|--------------|
| r630-01 | 192.168.11.11 | 58 | 56 / 81 / 92 | Heavily loaded |
| r630-02 | 192.168.11.12 | 23 | ~4 / 4 / 4 | Light |
| ml110 | 192.168.11.10 | 18 | ~7 / 7 / 9 | **Repurposing to OPNsense/pfSense** — migrate workloads off to r630-01/r630-02 |
**Ways to balance:**
1. **Cross-host migration (r630-01 → r630-02)** — Moves workload off r630-01. IP stays the same if the container uses a static IP; only the Proxmox host changes. (ml110 is no longer a migration target; migrate containers *off* ml110 first.)
2. **Same-host storage migration (r630-01 data → thin1)** — Frees space on the `data` pool and can improve I/O; does not reduce CPU/load by much. See [MIGRATION_PLAN_R630_01_DATA.md](MIGRATION_PLAN_R630_01_DATA.md).
---
## 1. Check cluster (live migrate vs backup/restore)
If all nodes are in the **same Proxmox cluster**, you can try **live migration** (faster, less downtime):
```bash
ssh root@192.168.11.11 "pvecm status"
ssh root@192.168.11.12 "pvecm status"
```
- If both show the **same cluster name** and list each other: use `pct migrate <VMID> <target_node> --restart` from any cluster node (run on r630-01 or from a host that SSHs to r630-01).
- If nodes are **not** in a cluster (or migrate fails due to storage): use **backup → copy → restore** with the script below.
---
## 2. Cross-host migration (r630-01 → r630-02)
**Script (backup/restore; works without shared storage):**
```bash
cd /path/to/proxmox
# One container (replace VMID and target storage)
./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh <VMID> [target_storage] [--destroy-source]
# Examples
./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh 3501 thin1 --dry-run
./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh 3501 thin1 --destroy-source
```
**Target storage on r630-02:** Check with `ssh root@192.168.11.12 "pvesm status"`. Common: `thin1`, `thin2`, `thin5`, `thin6`.
**If cluster works (live migrate):**
```bash
ssh root@192.168.11.11 "pct migrate <VMID> r630-02 --storage thin1 --restart"
# Then remove source CT if desired: pct destroy <VMID> --purge 1
```
---
## 3. Good candidates to move (r630-01 → r630-02)
Containers that **reduce load** and are **safe to move** (no critical chain/consensus; IP can stay static). Prefer moving several smaller ones rather than one critical RPC.
| VMID | Name / role | Notes |
|--------|------------------------|-------|
| 3500 | oracle-publisher-1 | Oracle publisher |
| 3501 | ccip-monitor-1 | CCIP monitor |
| 7804 | gov-portals-dev | Gov portals (already migrated in past; verify current host) |
| 8640 | vault-phoenix-1 | Vault (if not critical path) |
| 8642 | vault-phoenix-3 | Vault |
| 10232 | CT10232 | Small service |
| 10235 | npmplus-alltra-hybx | NPMplus instance (has its own NPM; update UDM port forward if needed) |
| 10236 | npmplus-fourth | NPMplus instance |
| 1003010092 | order-* (identity, intake, finance, etc.) | Order stack; move as a group if desired |
| 1020010210 | order-prometheus, grafana, opensearch, haproxy | Monitoring/HA; move with order-* or after |
**Do not move (keep on r630-01 for now):**
- **10233** — npmplus (main NPMplus; 76.53.10.36 → .167)
- **2101** — besu-rpc-core-1 (core RPC for deploy/admin)
- **25002505** — RPC alltra/hybx (critical RPCs)
- **10001002, 15001502** — validators and sentries (consensus)
- **10130, 10150, 10151** — dbis-frontend, dbis-api (core apps; move only with a plan)
- **100, 101, 102, 103, 104, 105** — mail, datacenter, cloudflared, omada, gitea (infra)
---
## 4. Migrating workloads *off* ml110 (before OPNsense/pfSense repurpose)
ml110 (192.168.11.10) is being **repurposed to OPNsense/pfSense** (WAN aggregator between 610 cable modems and UDM Pros). All containers/VMs on ml110 must be **migrated to r630-01 or r630-02** before the repurpose.
- **If cluster:** `ssh root@192.168.11.10 "pct migrate <VMID> r630-01 --storage <storage> --restart"` or `... r630-02 ...`
- **If no cluster:** Use backup on ml110, copy to r630-01 or r630-02, restore there (see [MIGRATE_CT_R630_01_TO_R630_02.md](../03-deployment/MIGRATE_CT_R630_01_TO_R630_02.md) and adapt for source=ml110, target=r630-01 or r630-02).
After all workloads are off ml110, remove ml110 from the cluster (or reinstall the node with OPNsense/pfSense). See [ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md](../11-references/ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md).
---
## 5. After migration
- **IP:** Containers keep the same IP if they use static IP in the CT config; no change needed for NPM/DNS if they point by IP.
- **Docs:** Update any runbooks or configs that assume “VMID X is on r630-01” (e.g. `config/ip-addresses.conf` comments, backup scripts).
- **Verify:** Re-run `bash scripts/check-all-proxmox-hosts.sh` and confirm load and container counts.
---
## 6. Quick reference
| Goal | Command / doc |
|------|----------------|
| Check current load | `bash scripts/check-all-proxmox-hosts.sh` |
| Migrate one CT (r630-01 → r630-02) | `./scripts/maintenance/migrate-ct-r630-01-to-r630-02.sh <VMID> thin1 [--destroy-source]` |
| Same-host (data → thin1) | [MIGRATION_PLAN_R630_01_DATA.md](MIGRATION_PLAN_R630_01_DATA.md), `migrate-ct-r630-01-data-to-thin1.sh` |
| Full migration doc | [MIGRATE_CT_R630_01_TO_R630_02.md](../03-deployment/MIGRATE_CT_R630_01_TO_R630_02.md) |

6
docs/04-configuration/README.md
View File

@@ -21,6 +21,11 @@ This directory contains setup and configuration guides.
- **[cloudflare/](cloudflare)** ⭐⭐⭐ - Cloudflare configuration documentation
- **[CLOUDFLARE_CREDENTIALS_BOTH_METHODS.md](CLOUDFLARE_CREDENTIALS_BOTH_METHODS.md)** ⭐⭐ - API token vs email+key; Certbot one method per file
- **[NPMPLUS_CERTBOT_CLOUDNS_CREDENTIALS.md](NPMPLUS_CERTBOT_CLOUDNS_CREDENTIALS.md)** ⭐ - ClouDNS credentials from .env for NPMplus Certbot DNS challenge
- **[NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md](NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md)** - Snapshot of NPMplus proxy destinations (IP:port) and VMID mapping (March 2026)
- **[NPMPLUS_CUSTOM_NGINX_CONFIG.md](NPMPLUS_CUSTOM_NGINX_CONFIG.md)** - NPMplus custom config: proxy variables, security headers (CSP with unsafe-eval for ethers.js), and caveat (do not add `location '/'`)
- **[NPMPLUS_UI_APIERROR_400_RUNBOOK.md](NPMPLUS_UI_APIERROR_400_RUNBOOK.md)** - NPMplus UI ApiError 400 on dashboard load: find failing request, test API with curl, logs, fixes
- **[PROXMOX_LOAD_BALANCING_RUNBOOK.md](PROXMOX_LOAD_BALANCING_RUNBOOK.md)** - Balance Proxmox load: migrate containers from r630-01 to r630-02/ml110; candidates, script, cluster vs backup/restore
- **[PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md](PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md)** - Add 3rd/4th R630 before migration? r630-03/04 status, HA/Ceph (34 nodes), order of operations
- **[ER605_ROUTER_CONFIGURATION.md](ER605_ROUTER_CONFIGURATION.md)** ⭐⭐ - ER605 router configuration
- **[OMADA_API_SETUP.md](OMADA_API_SETUP.md)** ⭐⭐ - Omada API integration setup
- **[OMADA_HARDWARE_CONFIGURATION_REVIEW.md](OMADA_HARDWARE_CONFIGURATION_REVIEW.md)** ⭐⭐⭐ - Comprehensive Omada hardware and configuration review
@@ -96,6 +101,7 @@ This directory contains setup and configuration guides.
**Explorer (explorer.d-bis.org):**
- **[EXPLORER_FUNCTIONALITY_REVIEW.md](EXPLORER_FUNCTIONALITY_REVIEW.md)** - Routes, API URLs, contract verification, Snap send HTTPS.
- **[EXPLORER_GAPS_AND_RECOMMENDATIONS.md](EXPLORER_GAPS_AND_RECOMMENDATIONS.md)** - Loading on all pages, bridge/lanes, **Verify & Publish** (UI) and batch verification (Forge + proxy), user/API key issuance, operator checklist.
- **[EXPLORER_WALLET_LINK_QUICK_WIN.md](EXPLORER_WALLET_LINK_QUICK_WIN.md)** — Add Wallet link to explorer navbar (quick win runbook)
- **[EXPLORER_TROUBLESHOOTING.md](EXPLORER_TROUBLESHOOTING.md)** - SSL, NPMplus, 502/verification failures, common errors.
- **Contract verification (Forge + Blockscout):** [../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) — proxy, manual UI, 502/HTML troubleshooting.

110
docs/04-configuration/THIRDWEB_ENGINE_CHAIN_OVERRIDES.md Normal file
View File

@@ -0,0 +1,110 @@
# thirdweb Engine — Custom Chain Overrides
**Purpose:** Document chain overrides for thirdweb Engine so it can resolve RPC and metadata for Chain 138 and ALL Mainnet (651940). Required for AA (account abstraction), paymaster, and backend wallet flows on these chains.
**Reference:** [Custom Chains \| thirdweb Engine](https://portal.thirdweb.com/engine/v2/features/custom-chains).
---
## Why override
Engine needs to know RPC URLs and chain metadata for every chain your app uses. Public chain lists may not include 138 or 651940; adding overrides prevents "unknown chain" errors and keeps AA + paymaster stable.
---
## Chain override shape
Per chain, configure at least:
| Field | Type | Description |
|-------|------|-------------|
| `chainId` | number | 138 or 651940 |
| `rpc` | string[] | Primary RPC first; fallback URLs optional |
| `nativeCurrency` | object | `{ name, symbol, decimals }` |
| `blockExplorers` | array | `[{ name, url }]` (optional but recommended) |
| `name` | string | Human-readable name |
| `slug` | string | Optional; used in logs/APIs |
---
## Chain 138 (DeFi Oracle Meta Mainnet)
```json
{
"chainId": 138,
"name": "DeFi Oracle Meta Mainnet",
"slug": "chain-138",
"rpc": [
"https://rpc-http-pub.d-bis.org",
"https://rpc.d-bis.org",
"https://rpc.defi-oracle.io"
],
"nativeCurrency": {
"name": "Ether",
"symbol": "ETH",
"decimals": 18
},
"blockExplorers": [
{
"name": "Explorer",
"url": "https://explorer.d-bis.org"
}
]
}
```
**Admin/deployment RPC:** Set via `RPC_URL_138` (e.g. `http://192.168.11.211:8545`) when running from LAN; use public RPC in Engine for external clients.
---
## Chain 651940 (ALL Mainnet / Alltra)
```json
{
"chainId": 651940,
"name": "ALL Mainnet",
"slug": "alltra",
"rpc": [
"https://mainnet-rpc.alltra.global"
],
"nativeCurrency": {
"name": "Ether",
"symbol": "ETH",
"decimals": 18
},
"blockExplorers": [
{
"name": "Alltra",
"url": "https://alltra.global"
}
]
}
```
**Usage:** Alltra-native sponsorship and x402 USDC payments use this chain. Add fallback RPC in `rpc[]` if Alltra provides one.
---
## Where to configure
- **Engine dashboard:** Add custom chains in the Engine project settings (Custom Chains / Chain Overrides).
- **Config file:** If your Engine deployment uses a config file, add the above objects to the chain overrides section per [Engine Custom Chains docs](https://portal.thirdweb.com/engine/v2/features/custom-chains).
---
## Checklist
- [ ] Add chain **138** with production RPC (and fallback if available).
- [ ] Add chain **651940** with production RPC so paymaster and backend wallets work on Alltra.
- [ ] Ensure `nativeCurrency` and `blockExplorers` are set so fee display and explorer links work.
---
## Single source of truth
RPC and explorer URLs are aligned with:
- [smom-dbis-138/services/token-aggregation/src/config/chains.ts](../../smom-dbis-138/services/token-aggregation/src/config/chains.ts) — `CHAIN_CONFIGS[138]`, `CHAIN_CONFIGS[651940]`
- [metamask-integration/provider/config/DUAL_CHAIN_NETWORKS.json](../../metamask-integration/provider/config/DUAL_CHAIN_NETWORKS.json)
Update this doc if you add new RPC endpoints or explorers.

21
docs/04-configuration/THIRDWEB_WALLETS_INTEGRATION.md
View File

@@ -56,7 +56,26 @@ Relevant for backend or headless flows:
**Secrets / env:**
- **frontend-dapp:** `VITE_THIRDWEB_CLIENT_ID`, `VITE_WALLETCONNECT_PROJECT_ID` (see [MASTER_SECRETS.md](MASTER_SECRETS.md), [DAPP_LXC_DEPLOYMENT.md](../03-deployment/DAPP_LXC_DEPLOYMENT.md)).
- **x402-api:** `THIRDWEB_SECRET_KEY` (backend only).
- **x402-api:** `THIRDWEB_SECRET_KEY` (backend only), `SERVER_WALLET_ADDRESS` (treasury for x402). When `X402_USE_ALLTRA=true`, local verification does not require `THIRDWEB_SECRET_KEY`.
---
## 3.1 Server wallet (admin signer) — usage policy
Use the **server wallet** (e.g. the key backing `SERVER_WALLET_ADDRESS` or an Engine backend wallet) only for:
- **Contract admin actions:** roles, pausing, upgrades.
- **Allowlist / signature minting** (if your contracts support it).
- **Indexer repair jobs** (rare, e.g. backfill or reconciliation).
- **Operational controls:** key rotation, emergency ops.
**Do not** use it for user flows (no user impersonation). Keep keys in **KMS, HSM, or secure custody**. See [ALLTRA_X402_OPERATOR_GUIDE.md](ALLTRA_X402_OPERATOR_GUIDE.md) for Alltra/x402 operator context.
**User wallets vs server wallet:**
- **External connect:** power users (MetaMask, WalletConnect, etc.).
- **Embedded:** email/social/passkeys for smooth onboarding; both are user-controlled.
- **Server wallet:** backend-only; never exposed to or used on behalf of end users.
---

116
docs/04-configuration/X402_ALLTRA_ENDPOINT_SPEC.md Normal file
View File

@@ -0,0 +1,116 @@
# x402 Endpoint Contract — Alltra (651940) + USDC
**Purpose:** Spec for Alltra-native x402 paid endpoints: 402 challenge, retry with PAYMENT-SIGNATURE, and local verification on chain 651940 with USDC. Settlement is on Alltra; no dependency on Base or external facilitator.
**References:** [coinbase/x402](https://github.com/coinbase/x402), [HTTP 402 — x402](https://docs.x402.org/core-concepts/http-402), [ADDRESS_MATRIX_AND_STATUS.md](../11-references/ADDRESS_MATRIX_AND_STATUS.md) §2.3 (Alltra USDC).
---
## 1. Overview
- **Chain:** `eip155:651940` (ALL Mainnet / Alltra)
- **Payment token:** USDC at `0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881`
- **Recipient:** Server treasury (e.g. `SERVER_WALLET_ADDRESS`)
- **Verification:** Local (recommended): server verifies signature, intent, and on-chain settlement; optional facilitator-like `/verify` later.
---
## 2. Step 1 — Client calls paid endpoint (unpaid)
**Request:** `GET /api/resource` (or any paid route)
**Response when unpaid:** `402 Payment Required`
**Headers:**
- `PAYMENT-REQUIRED: <base64 PaymentRequired>`
**PaymentRequired (JSON, then base64-encoded):**
| Field | Type | Description |
|-------|------|-------------|
| `network` | string | `eip155:651940` |
| `asset` | string | USDC contract address (0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881) |
| `amount` | string | Price in base units (e.g. "10000" for 0.01 USDC if 6 decimals) |
| `recipient` | string | Treasury address |
| `nonce` | string | Unique per request (e.g. UUID) |
| `expiresAt` | string | ISO 8601 (e.g. now + 5 minutes) |
| `resourceId` | string | Identifies the resource (e.g. URL or hash) so payment is bound to the request |
**Example (decoded):**
```json
{
"network": "eip155:651940",
"asset": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881",
"amount": "10000",
"recipient": "0x...",
"nonce": "550e8400-e29b-41d4-a716-446655440000",
"expiresAt": "2026-03-04T12:05:00.000Z",
"resourceId": "GET /api/premium"
}
```
---
## 3. Step 2 — Client pays and retries
Client performs USDC transfer (or authorization) on chain 651940 to `recipient` for `amount`, then retries the same request with:
**Headers:**
- `PAYMENT-SIGNATURE: <base64 PaymentPayload>`
**PaymentPayload (JSON, then base64-encoded):**
| Field | Type | Description |
|-------|------|-------------|
| `payer` | string | Payer wallet address |
| `signature` | string | Signature over the payment intent (e.g. EIP-191 or EIP-712 of PaymentRequired or its hash) |
| `paymentRequired` | object | Copy of PaymentRequired so server can verify match |
| `txHash` | string (optional) | Transaction hash on 651940 proving transfer (for on-chain verification) |
Server uses `txHash` to verify settlement via `eth_getTransactionReceipt` on 651940 when doing local verification.
---
## 4. Step 3 — Server verification (Alltra-native local)
1. **Decode** PaymentPayload from base64.
2. **Verify signature** — signature belongs to `payer` (recover signer from signature over payment intent).
3. **Verify intent** — PaymentPayload.paymentRequired matches the server-issued PaymentRequired (same amount, asset, chain, recipient, resourceId); `expiresAt` is in the future.
4. **Verify settlement:**
- If `txHash` present: call 651940 RPC `eth_getTransactionReceipt(txHash)`; confirm success and that transfer is to `recipient` for `amount` (USDC) from `payer`.
- If authorization-based: verify authorization and that a transfer occurred (per your scheme).
5. **Replay:** Mark `(payer, resourceId, nonce)` as consumed (store in DB or cache with TTL); reject if already consumed.
6. **Respond:** Return 200 with resource body; optionally set `PAYMENT-RESPONSE` header (per x402) with settlement response.
---
## 5. Replay protection
- Key: `(payer, resourceId, nonce)`.
- Store consumed keys with expiry ≥ `expiresAt` so the same nonce cannot be reused.
- Production: use Redis or DB; development: in-memory Map with TTL is acceptable.
---
## 6. PAYMENT-RESPONSE (optional)
Per [docs.x402.org](https://docs.x402.org/core-concepts/http-402), server may return `PAYMENT-RESPONSE` header with settlement confirmation (e.g. txHash, status). Optional for minimal implementation.
---
## 7. Separation from sponsorship
- **Sponsorship (paymaster):** Covers gas for app actions (e.g. CoreApp writes) on 651940.
- **x402:** User-paid USDC for API/service access; validated by this flow.
The two are independent: x402 payment tx is user-funded; sponsored txs are paymaster-funded.
---
## 8. Implementation
- **x402-api:** When `X402_USE_ALLTRA=true`, the server can use this local verification path: return 402 + PAYMENT-REQUIRED when unpaid; on PAYMENT-SIGNATURE, run steps 16 and serve the resource on success.
- **USDC decimals:** 6 for Alltra USDC; `amount` in PaymentRequired is in base units (e.g. 10000 = 0.01 USDC).

307
docs/04-configuration/mifos-omnl-central-bank/ADF_ASIAN_PACIFIC_SINGAPORE_OFFICE_RUNBOOK.md Normal file
View File

@@ -0,0 +1,307 @@
# OMNL HYBX Operational Run Book
## Office Onboarding ADF Asian Pacific Holding Singapore PTE LTD
---
## 1. Run Book Overview
This run book defines the **step-by-step operational procedure** to onboard a new corporate office into the **OMNL HYBX financial infrastructure** running on **Apache Fineract (Mifos X)**.
The procedure ensures:
- Consistent office creation
- CIS (Client Information Sheet) verification
- KYC/KYB validation
- Wallet provisioning
- ISO 20022 transaction readiness
- Audit trail compliance
**Instance:** [omnl.hybxfinance.io](https://omnl.hybxfinance.io/) (or omnl.hybx.global). Set `OMNL_FINERACT_BASE_URL` in `.env` accordingly.
---
## 2. System Environment
| Component | System |
| --------------------- | -------------------- |
| Core Banking | Apache Fineract |
| Interface | Mifos X |
| Treasury | OMNL HYBX |
| Messaging | ISO 20022 |
| Wallet Infrastructure | HYBX Treasury Wallet |
| Audit Logs | OMNL Ledger |
---
## 3. Office Identity
| Field | Value |
| ----------------- | -------------------------------------------- |
| Office Name | ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD |
| Company Number | 202328126M |
| Representative | MR. ANG KOK YONG |
| Title | CEO |
| Jurisdiction | Singapore |
| Parent Office | OMNL |
| Parent Office ID | 1 |
---
## 4. Roles & Responsibilities
| Role | Responsibility |
| ---------------------- | ---------------------------- |
| Platform Administrator | Creates Office in Fineract |
| Compliance Officer | Verifies CIS and KYB |
| Treasury Operator | Creates institutional wallet |
| DevOps | Configures ISO-20022 node |
| Risk & Audit | Reviews onboarding log |
---
## 5. Required Documents
The following documents must be verified prior to office creation:
1. Client Information Sheet (CIS)
2. Company Registration
3. Director Identification
4. Corporate Address
5. Banking Coordinates
6. Compliance Verification
Documents are archived in:
```
HYBX/KYC/ADF_APAC_SINGAPORE/
```
---
## 6. Office Creation Procedure
### Step 1 — Authenticate to OMNL HYBX
Ensure API access: load credentials from `omnl-fineract/.env` or repo root `.env` (`OMNL_FINERACT_BASE_URL`, `OMNL_FINERACT_USER`, `OMNL_FINERACT_PASSWORD`, `OMNL_FINERACT_TENANT`). Fineract uses **Basic auth** on each request (no separate token endpoint). Verify access with:
```bash
curl -s -u "${OMNL_FINERACT_USER}:${OMNL_FINERACT_PASSWORD}" \
-H "Fineract-Platform-TenantId: ${OMNL_FINERACT_TENANT:-omnl}" \
"${OMNL_FINERACT_BASE_URL}/offices"
```
Expected: HTTP 200 and a JSON array of offices.
### Step 2 — Create Office
**Endpoint:** `POST /fineract-provider/api/v1/offices`
**Payload:**
```json
{
"name": "ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD",
"parentId": 1,
"openingDate": "2023-07-11",
"dateFormat": "yyyy-MM-dd",
"locale": "en",
"externalId": "202328126M"
}
```
**cURL (from repo root with env loaded):**
```bash
curl -X POST "${OMNL_FINERACT_BASE_URL}/offices" \
-u "${OMNL_FINERACT_USER}:${OMNL_FINERACT_PASSWORD}" \
-H "Fineract-Platform-TenantId: ${OMNL_FINERACT_TENANT:-omnl}" \
-H "Content-Type: application/json" \
-d '{
"name": "ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD",
"parentId": 1,
"openingDate": "2023-07-11",
"dateFormat": "yyyy-MM-dd",
"locale": "en",
"externalId": "202328126M"
}'
```
**Script (recommended, idempotent by externalId):**
```bash
DRY_RUN=1 bash scripts/omnl/omnl-office-create-adf-singapore.sh # preview
bash scripts/omnl/omnl-office-create-adf-singapore.sh # create
```
Optional overrides: `OPENING_DATE`, `ADF_SINGAPORE_EXTERNAL_ID`, `ADF_SINGAPORE_OFFICE_NAME`. Script outputs `OFFICE_ID_ADF_SINGAPORE=<id>` on success.
### Step 3 — Verify Office Creation
Confirm via:
```bash
GET ${OMNL_FINERACT_BASE_URL}/offices
```
(e.g. `curl -s -u "..." -H "Fineract-Platform-TenantId: omnl" "${OMNL_FINERACT_BASE_URL}/offices"`)
**Expected result:**
- Office ID: &lt;auto-generated&gt;
- Parent Office: OMNL (id: 1)
- externalId: 202328126M
- Status: Active
Log entry created in **HYBX_LEDGER / OFFICE_REGISTRY**.
---
## 7. Corporate Profile Attachment
Create additional corporate data using **Fineract Datatable**.
**Datatable name:** `office_corporate_profile`
| Field | Value |
| --------------------- | ------------------ |
| representative_name | MR. ANG KOK YONG |
| representative_title | CEO |
| jurisdiction | Singapore |
| entity_type | Private Limited |
Create the datatable in Fineract (Administration → Register Datatables), link it to the **Office** entity, then populate a row for this office after creation.
---
## 8. Treasury Wallet Creation
After office creation, create the institutional treasury wallet.
| Parameter | Value |
| ---------------- | ------------------ |
| Wallet type | Corporate Treasury Wallet |
| Wallet ID format | HYBX-SG-ADF-001 |
| Currency | Multi-Currency |
| Vault | HYBX Treasury |
| Liquidity Access | Enabled |
| Settlement Mode | ISO 20022 |
*(Wallet creation steps and API are defined in the Institutional Client Onboarding Run Book.)*
---
## 9. ISO-20022 Messaging Enablement
Configure messaging endpoint for the office.
**Required channels:**
| Channel | Purpose |
| -------- | -------------------- |
| pacs.008 | Credit transfer |
| pacs.009 | Interbank settlement |
| camt.053 | Statement reporting |
| camt.056 | Payment recall |
**Node registration:** `OMNL-HYBX-NODE-SG-ADF`
---
## 10. Compliance Verification
Compliance officer confirms:
- ✔ CIS verified
- ✔ Corporate registration validated
- ✔ Representative identity verified
- ✔ Sanctions screening completed
Compliance approval logged in **HYBX_COMPLIANCE_LEDGER**.
---
## 11. Operational Activation
Once all steps are completed:
**System status:** `OFFICE_STATUS = ACTIVE`
**Operational capabilities enabled:**
- Wallet transactions
- Treasury participation
- Liquidity routing
- ISO-20022 transfers
---
## 12. Audit Trail
All steps recorded in:
- **HYBX_LEDGER**
- **HYBX_AUDIT_LOG**
Audit data includes:
- Timestamp
- Operator ID
- API request hash
- System response
---
## 13. Disaster Recovery
If onboarding fails:
1. Rollback office creation (if created).
2. Archive CIS and failure details in `HYBX/KYC/ADF_APAC_SINGAPORE/`.
3. Generate failure log.
**Rollback (delete office):**
```bash
DELETE /fineract-provider/api/v1/offices/{officeId}
```
*Note:* Deleting an office may be restricted if the office has dependent data (clients, accounts). Resolve dependencies in UI/API first or contact platform admin.
---
## 14. Final Validation Checklist
| Validation | Status |
| ----------------------- | ------ |
| Office created | ☐ |
| Corporate data attached | ☐ |
| Wallet created | ☐ |
| ISO-20022 enabled | ☐ |
| Compliance approved | ☐ |
| Audit logged | ☐ |
---
## 15. Office Hierarchy
```
OMNL (Head Office, ID: 1)
└── ADF ASIAN PACIFIC HOLDING SINGAPORE PTE LTD
```
---
## 16. Run Book Completion
Run book execution is **complete when all validation checks pass and treasury wallet is active.**
---
## 17. Related Documentation
- [OMNL_FINERACT_CONFIGURATION.md](../OMNL_FINERACT_CONFIGURATION.md) — Base URL, tenant, credentials.
- [PELICAN_MOTORS_OFFICE_RUNBOOK.md](PELICAN_MOTORS_OFFICE_RUNBOOK.md) — Same POST /offices pattern.
- [OMNL_OFFICES_POPULATE.md](OMNL_OFFICES_POPULATE.md) — Bulk office creation from entity master data.
- **Institutional Client Onboarding Run Book** (when available) — Client creation, wallet provisioning, KYB automation, and ISO-20022 routing under this office.

140
docs/04-configuration/verification-evidence/BESU_NODES_HEALTH_AND_TXPOOL_20260304.md Normal file
View File

@@ -0,0 +1,140 @@
# Besu Nodes Health, Block Production & Transaction Pool Check
**Date:** 2026-03-04
**Scope:** Block production, transaction pools (stuck txs), all Besu VM nodes health, storage.
---
## 1. Block production
| Check | Result |
|-------|--------|
| **Core RPC (192.168.11.211:8545)** | Reachable; Chain ID 138 |
| **Latest block** | 2,547,803 (0x26e05b) |
| **Block advance (5s window)** | No new blocks (monitor: stalled) |
| **Block advance (12s window)** | No new blocks (diff=0) |
**Conclusion:** Block production is currently **stalled**. Validators are all active and RPC has 24 peers; likely cause is validators in sync or consensus not producing (see docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md).
---
## 2. Transaction pools / stuck transactions
| Source | Result |
|-------|--------|
| **txpool_status** | Method not found (Besu uses different APIs) |
| **txpool_besuTransactions** | **1 transaction** in pool |
| **Tx hash** | `0x1c206b659cbb00cbe45557eda3fb3acbab86231820ed0f9ea41e836d7e07f591` |
| **Added to pool** | 2026-03-04T07:44:45.584Z |
| **Deployer pending (monitor)** | 1 pending (nonce 13486) |
**Conclusion:** One stuck transaction in the RPC node pool. Clearing options:
- Run `./scripts/clear-all-transaction-pools.sh` (clears pool DB on all nodes; requires restart).
- Or try RPC-side clear first: `./scripts/resolve-stuck-transaction-besu-qbft.sh` (uses `txpool_besuClear` / `txpool_clear` if available on this RPC).
---
## 3. RPC VMID 2101 (Core) health
| Check | Status |
|-------|--------|
| Container 2101 | Running |
| besu-rpc.service | active |
| Port 8545 | Listening |
| RPC eth_chainId | 0x8a (Chain 138) |
| RPC eth_blockNumber | 0x26e05b |
| Database path /data/besu/database | **Writable** |
All checks passed (script: `./scripts/maintenance/health-check-rpc-2101.sh`).
---
## 4. All RPC node VMs (health script)
Run: `bash ./scripts/health/check-rpc-vms-health.sh`
| VMID | Host | Status | Block |
|------|------|--------|-------|
| 2101 | 192.168.11.11 | running, besu-rpc active | 2547803 |
| 2201 | 192.168.11.12 | running, besu-rpc active | 2547803 |
| 2301 | 192.168.11.10 | running, besu-rpc active | 2547803 |
| 2303 | 192.168.11.12 | running, besu-rpc active | 2547803 |
| 23042307, 2400 | 192.168.11.10 / .12 | running, besu-rpc active | 2547803 |
| **2308** | 192.168.11.10 | running, besu-rpc active | **2372719** (behind) |
**Note:** VMID 2308 is ~175k blocks behind; may need sync or investigation.
---
## 5. Validator status (10001004)
| VMID | Host | Service status |
|------|------|----------------|
| 1000, 1001, 1002 | 192.168.11.11 (R630-01) | besu-validator active |
| 1003, 1004 | 192.168.11.10 (ML110) | besu-validator active |
All 5 validators reported **active** by `./scripts/monitoring/monitor-blockchain-health.sh`.
---
## 6. Storage (Besu nodes)
| Node | VMID | Host | Root disk | /data/besu size |
|------|------|------|-----------|-----------------|
| Validator | 1000 | 192.168.11.11 | 98G, 6% used | 3.3G |
| Validator | 1001 | 192.168.11.11 | 98G, 6% used | 3.3G |
| Validator | 1002 | 192.168.11.11 | 98G, 6% used | 3.3G |
| Validator | 1003 | 192.168.11.10 | 98G, 10% used | 3.2G |
| Validator | 1004 | 192.168.11.10 | 98G, 10% used | 3.2G |
| RPC Core | 2101 | 192.168.11.11 | 196G, 4% used | 3.2G |
| RPC Public | 2201 | 192.168.11.12 | 196G, 5% used | 3.1G |
No storage issues observed; all nodes have ample free space.
---
## 7. Summary and next steps
| Item | Status |
|------|--------|
| Block production | Stalled (no new blocks in 5s and 12s checks) |
| Stuck tx in pool | 1 tx (hash 0x1c20…f591; nonce 13486) |
| RPC 2101 health | All passed, storage writable |
| RPC VMs (2101, 2201, 230x, 2400) | Running; 2308 behind |
| Validators 10001004 | All active |
| Storage (all Besu nodes) | Healthy, sufficient free space |
**Recommended next steps:**
1. **Unblock chain:** If block production does not resume, check validator logs (e.g. `journalctl -u besu-validator` on 10001004) and docs/06-besu/CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md.
2. **Clear stuck tx:** Run `./scripts/clear-all-transaction-pools.sh` then wait 3060s; or try `./scripts/resolve-stuck-transaction-besu-qbft.sh` first (ensure RPC_URL_138 in smom-dbis-138/.env points to Core RPC).
3. **RPC 2308:** Investigate why it is ~175k blocks behind (sync or connectivity).
---
## 8. Recommended steps executed (2026-03-04)
| Step | Action | Result |
|------|--------|--------|
| **Stuck tx** | Ran `resolve-stuck-transaction-besu-qbft.sh` with RPC_URL_138=Core RPC | TXPOOL + ADMIN enabled; `txpool_besuClear` and `txpool_clear` **Method not found** on this RPC; `admin_removeTransaction` also not found. Nonce 13485 (latest). |
| **Stuck tx** | Ran `clear-all-transaction-pools.sh` | Validators 10001004 cleared and restarted ✅. RPC 2101 and 2201 clear runs after validators (script was clearing 2101 when checked). Wait 3060s then re-check `txpool_besuTransactions`. |
| **Validator logs** | Checked VMID 1000 and 1003 | 1000: had "QBFT mining coordinator not starting while initial sync in progress" then "Starting QBFT mining coordinator following initial sync", "Starting full sync"; then stopped by pool-clear. **Block production stall** is consistent with validators in/after full sync (or restarted and syncing again). See CRITICAL_ISSUE_BLOCK_PRODUCTION_STOPPED.md. |
| **resolve script** | SOURCE_PROJECT | Updated script to use `PROJECT_ROOT_SCRIPT/smom-dbis-138` when present so it runs from proxmox repo. |
**RPC 2308 (behind ~175k blocks):** No automatic fix run. Options: (1) Let it sync (if it is catching up), (2) Check logs on VMID 2308 for errors, (3) Restart the container if sync is stuck. See `bash ./scripts/health/check-rpc-vms-health.sh` for current block per node.
---
## 9. Status to continue (updated)
| Check | Result | Action |
|-------|--------|--------|
| RPC 2101 | Healthy | — |
| Tx pool (2101) | May repopulate | If mint fails with “Replacement transaction underpriced”, run mint with `GAS_PRICE_138=500000000000`. |
| Validators 10001004 | 1004 **restarted** (2026-03-04) | All 5 active after restart; if 1004 fails again, restart on ML110. |
| Block production | **Stalled** (blocker) | Mint tx accepted with 500 gwei but confirmation times out until blocks advance. Run `./scripts/monitoring/monitor-blockchain-health.sh`; when blocks advance, re-run mint. |
**Continue run (2026-03-04):** Validator 1004 restarted; `clear-all-transaction-pools.sh` completed (10001004, 2101, 2201). Mint script updated to use `GAS_PRICE_138`; with 500 gwei first mint tx was accepted by RPC but timed out waiting for confirmation (blocks not advancing). **Next:** When blocks advance, run `cd smom-dbis-138 && ./scripts/mint-for-liquidity.sh` (optionally `GAS_PRICE_138=500000000000`).
**Continue with:** [CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md](../CORE_RPC_2101_2102_TXPOOL_ADMIN_STATUS.md) §78 and [REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md](../../03-deployment/REMAINING_DEPLOYMENTS_FOR_FULL_NETWORK_COVERAGE.md) “Status to continue”.

47
docs/04-configuration/verification-evidence/UDM_PRO_CHECK_20260303.md Normal file
View File

@@ -0,0 +1,47 @@
# UDM Pro check — 2026-03-03
**Checked from:** ASERET (192.168.11.23), LAN.
---
## Summary
| Check | Result |
|-------|--------|
| **Gateway** | 192.168.11.1 reachable (ping OK) |
| **UDM Pro management** | https://192.168.11.1:443 → **HTTP 200** (UniFi controller) |
| **Public IP from LAN** | https://76.53.10.36:443 → **timeout (000)** — expected without NAT hairpin |
| **NPMplus internal** | 192.168.11.166 / 192.168.11.167:80,443 — not reachable from this host (timeout) |
---
## Expected port forwarding (manual verification in UniFi UI)
In **UniFi Network****Settings****Firewall & Security****Port Forwarding** confirm:
| Rule | Destination IP | Dest Port | Forward to IP | Forward to Port | Protocol |
|------|-----------------|-----------|---------------|-----------------|----------|
| NPMplus HTTPS | 76.53.10.36 | 443 | 192.168.11.167 | 443 | TCP |
| NPMplus HTTP | 76.53.10.36 | 80 | 192.168.11.167 | 80 | TCP |
**Verified 2026-03-03 (screenshot):** UI shows **Nginx HTTP** and **Nginx HTTPS** on 76.53.10.36 → 192.168.11.167:80 and :443. Also present: 76.53.10.38→.169 (Alltra/HYBX), 76.53.10.40→.170/.60 (Dev), 76.53.10.41→.171 (Mifos). Full table: [UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md](UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md).
---
## Interpretation
- **UDM Pro device:** Online and responding; management at https://192.168.11.1 works.
- **Public URL from LAN:** Traffic to 76.53.10.36 from 192.168.11.23 times out — typical when **NAT hairpin (loopback)** is disabled. Enable it in UniFi if you want explorer.d-bis.org to work from LAN without a hosts entry.
- **External access:** Test from a device off the LAN (e.g. phone on cellular): if https://explorer.d-bis.org works there, port forward and NPMplus are correct and the issue is LAN-only (hairpin).
- **Prior run (2026-02-07):** From another host, internal and public tests all passed — so port forward and NPMplus were working from that segment.
---
## Manual steps
1. Open **https://192.168.11.1** in a browser (on the LAN).
2. Go to **Settings****Firewall & Security****Port Forwarding**.
3. Confirm the two rules above exist and are enabled.
4. (Optional) Look for **NAT loopback** / **Hairpin NAT** and enable so LAN clients can reach 76.53.10.36.
Script: `bash scripts/verify/verify-udm-pro-port-forwarding.sh` (runs connectivity tests and writes evidence to `verification-evidence/udm-pro-verification-*`).

35
docs/04-configuration/verification-evidence/UDM_PRO_PORT_FORWARDING_SNAPSHOT_20260303.md Normal file
View File

@@ -0,0 +1,35 @@
# UDM Pro port forwarding — verified snapshot 2026-03-03
**Source:** Screenshot from UniFi Network → Settings → Firewall & Security → Port Forwarding.
**Interface:** Internet 1. Protocol: TCP/UDP. Source: Any.
---
## Rules (as shown in UI)
| Name | External WAN IP | Ext Port | Forward to (Internal) | Int Port |
|------|------------------|----------|------------------------|----------|
| Nginx HTTP | 76.53.10.36 | 80 | 192.168.11.167 | 80 |
| Nginx HTTPS | 76.53.10.36 | 443 | 192.168.11.167 | 443 |
| NPMplus Alltra/HYBX HTTP | 76.53.10.38 | 80 | 192.168.11.169 | 80 |
| NPMplus Alltra/HYBX HTTPS | 76.53.10.38 | 443 | 192.168.11.169 | 443 |
| NPMplus Alltra/HYBX Admin | 76.53.10.38 | 81 | 192.168.11.169 | 81 |
| NPMplus Dev (HTTP/HTTPS/Admin) | 76.53.10.40 | 80, 443, 81 | 192.168.11.170 | 80, 443, 81 |
| NPMplus Dev (SSH) | 76.53.10.40 | 22 | 192.168.11.60 | 22 |
| NPMplus Dev (port 3000) | 76.53.10.40 | 3000 | 192.168.11.60 | 3000 |
| NPMplus Mifos HTTP | 76.53.10.41 | 80 | 192.168.11.171 | 80 |
| NPMplus Mifos HTTPS | 76.53.10.41 | 443 | 192.168.11.171 | 443 |
| NPMplus Mifos Admin | 76.53.10.41 | 81 | 192.168.11.171 | 81 |
---
## Verification vs docs
| Item | Doc expectation | Snapshot | Status |
|------|-----------------|----------|--------|
| Explorer / Nginx | 76.53.10.36:80/443 → 192.168.11.167 | Nginx HTTP/HTTPS → .167:80, .167:443 | ✅ Match |
| Alltra/HYBX | 76.53.10.38 → 192.168.11.169 (80, 81, 443) | NPMplus Alltra/HYBX → .169:80, .169:443, .169:81 | ✅ Match |
| Mifos | 76.53.10.41 → 192.168.11.171 | NPMplus Mifos → .171:80, .171:443, .171:81 | ✅ Match |
| Dev | 76.53.10.40 → .170 (and .60 for SSH/3000) | NPMplus Dev → .170 (80,443,81), .60 (22, 3000) | ✅ Match |
**Conclusion:** Port forwarding for explorer (76.53.10.36 → 192.168.11.167) and for Alltra/HYBX, Mifos, and Dev is correctly configured. Explorer timeout from LAN is due to NAT hairpin not being required for the forward itself; enable NAT loopback on UDM Pro if LAN clients should reach 76.53.10.36 without a hosts entry.

380
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/all_vms_verification.json Normal file
View File

@@ -0,0 +1,380 @@
[
{
"vmid": 2101,
"hostname": "besu-rpc-core-1",
"host": "r630-01",
"host_ip": "192.168.11.11",
"expected_ip": "192.168.11.211",
"actual_ip": "192.168.11.211",
"status": "running",
"has_nginx": false,
"service_type": "besu",
"config_path": "8545,8546",
"public_domains": [
"rpc-http-prv.d-bis.org",
"rpc-ws-prv.d-bis.org"
],
"services": [
{
"name": "besu-rpc",
"type": "direct",
"status": "running"
}
],
"listening_ports": [
{
"port": 8545,
"protocol": "tcp",
"process": "besu"
},
{
"port": 8546,
"protocol": "tcp",
"process": "besu"
}
],
"health_endpoints": [
{
"path": "http://192.168.11.211:8545",
"expected_code": 200,
"actual_code": 200,
"status": "pass"
}
],
"verified_at": "2026-03-02T14:21:42-08:00"
},
{
"vmid": 7810,
"hostname": "mim-web-1",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.37",
"actual_ip": "192.168.11.37",
"status": "running",
"has_nginx": true,
"service_type": "nginx",
"config_path": "/etc/nginx/sites-available/mim4u",
"public_domains": [
"mim4u.org",
"www.mim4u.org",
"secure.mim4u.org",
"training.mim4u.org"
],
"services": [
{
"name": "nginx",
"type": "systemd",
"status": "active"
}
],
"listening_ports": [],
"health_endpoints": [
{
"path": "http://192.168.11.37:80",
"expected_code": 200,
"actual_code": 200,
"status": "pass"
}
],
"verified_at": "2026-03-02T14:21:51-08:00"
},
{
"vmid": 10150,
"hostname": "dbis-api-primary",
"host": "r630-01",
"host_ip": "192.168.11.11",
"expected_ip": "192.168.11.155",
"actual_ip": "192.168.11.155",
"status": "running",
"has_nginx": false,
"service_type": "nodejs",
"config_path": "3000",
"public_domains": [
"dbis-api.d-bis.org"
],
"services": [
{
"name": "nodejs-api",
"type": "systemd",
"status": "running"
}
],
"listening_ports": [
{
"port": 3000,
"protocol": "tcp",
"process": "nodejs"
}
],
"health_endpoints": [
{
"path": "http://192.168.11.155:3000",
"expected_code": 200,
"actual_code": 0,
"status": "fail"
}
],
"verified_at": "2026-03-02T14:22:03-08:00"
},
{
"vmid": 10151,
"hostname": "dbis-api-secondary",
"host": "r630-01",
"host_ip": "192.168.11.11",
"expected_ip": "192.168.11.156",
"actual_ip": "192.168.11.156",
"status": "running",
"has_nginx": false,
"service_type": "nodejs",
"config_path": "3000",
"public_domains": [
"dbis-api-2.d-bis.org"
],
"services": [
{
"name": "nodejs-api",
"type": "systemd",
"status": "running"
}
],
"listening_ports": [
{
"port": 3000,
"protocol": "tcp",
"process": "nodejs"
}
],
"health_endpoints": [
{
"path": "http://192.168.11.156:3000",
"expected_code": 200,
"actual_code": 0,
"status": "fail"
}
],
"verified_at": "2026-03-02T14:22:13-08:00"
},
{
"vmid": 2201,
"hostname": "besu-rpc-public-1",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.221",
"actual_ip": "192.168.11.221",
"status": "running",
"has_nginx": false,
"service_type": "besu",
"config_path": "8545,8546",
"public_domains": [
"rpc-http-pub.d-bis.org",
"rpc-ws-pub.d-bis.org"
],
"services": [
{
"name": "besu-rpc",
"type": "direct",
"status": "running"
}
],
"listening_ports": [
{
"port": 8545,
"protocol": "tcp",
"process": "besu"
},
{
"port": 8546,
"protocol": "tcp",
"process": "besu"
}
],
"health_endpoints": [
{
"path": "http://192.168.11.221:8545",
"expected_code": 200,
"actual_code": 200,
"status": "pass"
}
],
"verified_at": "2026-03-02T14:22:22-08:00"
},
{
"vmid": 2400,
"hostname": "thirdweb-rpc-1",
"host": "ml110",
"host_ip": "192.168.11.10",
"expected_ip": "192.168.11.240",
"actual_ip": "192.168.11.240",
"status": "running",
"has_nginx": true,
"service_type": "nginx",
"config_path": "/etc/nginx/sites-available/rpc-thirdweb",
"public_domains": [
"rpc.public-0138.defi-oracle.io"
],
"services": [
{
"name": "nginx",
"type": "systemd",
"status": "active"
}
],
"listening_ports": [],
"health_endpoints": [
{
"path": "http://192.168.11.240:80",
"expected_code": 200,
"actual_code": 404,
"status": "fail"
}
],
"verified_at": "2026-03-02T14:22:34-08:00"
},
{
"vmid": 5800,
"hostname": "mifos",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.85",
"actual_ip": "192.168.11.85",
"status": "running",
"has_nginx": false,
"service_type": "web",
"config_path": "-",
"public_domains": [
"mifos.d-bis.org"
],
"services": [
{
"name": "http",
"type": "direct",
"status": "running"
}
],
"listening_ports": [
{
"port": 80,
"protocol": "tcp",
"process": "http"
}
],
"health_endpoints": [
{
"path": "http://192.168.11.85:80",
"expected_code": 200,
"actual_code": 0,
"status": "fail"
}
],
"verified_at": "2026-03-02T14:22:40-08:00"
},
{
"vmid": 5801,
"hostname": "dapp-smom",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.58",
"actual_ip": "192.168.11.58",
"status": "running",
"has_nginx": false,
"service_type": "web",
"config_path": "-",
"public_domains": [
"dapp.d-bis.org"
],
"services": [
{
"name": "http",
"type": "direct",
"status": "running"
}
],
"listening_ports": [
{
"port": 80,
"protocol": "tcp",
"process": "http"
}
],
"health_endpoints": [
{
"path": "http://192.168.11.58:80",
"expected_code": 200,
"actual_code": 200,
"status": "pass"
}
],
"verified_at": "2026-03-02T14:22:46-08:00"
},
{
"vmid": 10130,
"hostname": "dbis-frontend",
"host": "r630-01",
"host_ip": "192.168.11.11",
"expected_ip": "192.168.11.130",
"actual_ip": "192.168.11.130",
"status": "running",
"has_nginx": false,
"service_type": "web",
"config_path": "/etc/nginx/sites-available/dbis-frontend",
"public_domains": [
"dbis-admin.d-bis.org",
"secure.d-bis.org"
],
"services": [
{
"name": "http",
"type": "direct",
"status": "running"
}
],
"listening_ports": [
{
"port": 80,
"protocol": "tcp",
"process": "http"
}
],
"health_endpoints": [
{
"path": "http://192.168.11.130:80",
"expected_code": 200,
"actual_code": 0,
"status": "fail"
}
],
"verified_at": "2026-03-02T14:22:56-08:00"
},
{
"vmid": 5000,
"hostname": "blockscout-1",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.140",
"actual_ip": "192.168.11.140",
"status": "running",
"has_nginx": true,
"service_type": "nginx",
"config_path": "/etc/nginx/sites-available/blockscout",
"public_domains": [
"explorer.d-bis.org"
],
"services": [
{
"name": "nginx",
"type": "systemd",
"status": "active"
}
],
"listening_ports": [],
"health_endpoints": [
{
"path": "http://192.168.11.140:80",
"expected_code": 200,
"actual_code": 301,
"status": "pass"
}
],
"verified_at": "2026-03-02T14:23:06-08:00"
}
]

95
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/verification_report.md Normal file
View File

@@ -0,0 +1,95 @@
# Backend VMs Verification Report
**Date**: 2026-03-02T14:23:06-08:00
**Verifier**: intlc
## Summary
Total VMs verified: 10
## VM Verification Results
### VMID 2101: besu-rpc-core-1
- Status: running
- Expected IP: 192.168.11.211
- Actual IP: 192.168.11.211
- Has Nginx: false
- Details: See `vmid_2101_verification.json`
### VMID 7810: mim-web-1
- Status: running
- Expected IP: 192.168.11.37
- Actual IP: 192.168.11.37
- Has Nginx: true
- Details: See `vmid_7810_verification.json`
### VMID 10150: dbis-api-primary
- Status: running
- Expected IP: 192.168.11.155
- Actual IP: 192.168.11.155
- Has Nginx: false
- Details: See `vmid_10150_verification.json`
### VMID 10151: dbis-api-secondary
- Status: running
- Expected IP: 192.168.11.156
- Actual IP: 192.168.11.156
- Has Nginx: false
- Details: See `vmid_10151_verification.json`
### VMID 2201: besu-rpc-public-1
- Status: running
- Expected IP: 192.168.11.221
- Actual IP: 192.168.11.221
- Has Nginx: false
- Details: See `vmid_2201_verification.json`
### VMID 2400: thirdweb-rpc-1
- Status: running
- Expected IP: 192.168.11.240
- Actual IP: 192.168.11.240
- Has Nginx: true
- Details: See `vmid_2400_verification.json`
### VMID 5800: mifos
- Status: running
- Expected IP: 192.168.11.85
- Actual IP: 192.168.11.85
- Has Nginx: false
- Details: See `vmid_5800_verification.json`
### VMID 5801: dapp-smom
- Status: running
- Expected IP: 192.168.11.58
- Actual IP: 192.168.11.58
- Has Nginx: false
- Details: See `vmid_5801_verification.json`
### VMID 10130: dbis-frontend
- Status: running
- Expected IP: 192.168.11.130
- Actual IP: 192.168.11.130
- Has Nginx: false
- Details: See `vmid_10130_verification.json`
### VMID 5000: blockscout-1
- Status: running
- Expected IP: 192.168.11.140
- Actual IP: 192.168.11.140
- Has Nginx: true
- Details: See `vmid_5000_verification.json`
## Files Generated
- `all_vms_verification.json` - Complete VM verification results
- `vmid_*_verification.json` - Individual VM verification details
- `vmid_*_listening_ports.txt` - Listening ports output per VM
- `verification_report.md` - This report
## Next Steps
1. Review verification results for each VM
2. Investigate any VMs with mismatched IPs or failed health checks
3. Document any missing nginx config paths
4. Update source-of-truth JSON after verification

2
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_10130_listening_ports.txt Normal file
View File

@@ -0,0 +1,2 @@
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=130,fd=14))
LISTEN 0 5 0.0.0.0:80 0.0.0.0:* users:(("python3",pid=1006,fd=3))

17
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_10130_verification.json Normal file
View File

@@ -0,0 +1,17 @@
{
"vmid": 10130,
"hostname": "dbis-frontend",
"host": "r630-01",
"host_ip": "192.168.11.11",
"expected_ip": "192.168.11.130",
"actual_ip": "192.168.11.130",
"status": "running",
"has_nginx": false,
"service_type": "web",
"config_path": "/etc/nginx/sites-available/dbis-frontend",
"public_domains": ["dbis-admin.d-bis.org","secure.d-bis.org"],
"services": [{"name":"http","type":"direct","status":"running"}],
"listening_ports": [{"port":80,"protocol":"tcp","process":"http"}],
"health_endpoints": [{"path":"http://192.168.11.130:80","expected_code":200,"actual_code":000000,"status":"fail"}],
"verified_at": "2026-03-02T14:22:56-08:00"
}

13
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2201_listening_ports.txt Normal file
View File

@@ -0,0 +1,13 @@
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=203,fd=10),("nginx",pid=202,fd=10),("nginx",pid=201,fd=10),("nginx",pid=198,fd=10),("nginx",pid=197,fd=10),("nginx",pid=196,fd=10),("nginx",pid=195,fd=10),("nginx",pid=194,fd=10),("nginx",pid=193,fd=10),("nginx",pid=192,fd=10),("nginx",pid=191,fd=10),("nginx",pid=189,fd=10),("nginx",pid=188,fd=10),("nginx",pid=187,fd=10),("nginx",pid=186,fd=10),("nginx",pid=185,fd=10),("nginx",pid=184,fd=10),("nginx",pid=183,fd=10),("nginx",pid=182,fd=10),("nginx",pid=181,fd=10),("nginx",pid=180,fd=10),("nginx",pid=179,fd=10),("nginx",pid=178,fd=10),("nginx",pid=177,fd=10),("nginx",pid=176,fd=10),("nginx",pid=175,fd=10),("nginx",pid=174,fd=10),("nginx",pid=173,fd=10),("nginx",pid=172,fd=10),("nginx",pid=171,fd=10),("nginx",pid=170,fd=10),("nginx",pid=169,fd=10),("nginx",pid=168,fd=10),("nginx",pid=167,fd=10),("nginx",pid=166,fd=10),("nginx",pid=165,fd=10),("nginx",pid=164,fd=10),("nginx",pid=163,fd=10),("nginx",pid=162,fd=10),("nginx",pid=161,fd=10),("nginx",pid=160,fd=10),("nginx",pid=159,fd=10),("nginx",pid=158,fd=10),("nginx",pid=157,fd=10),("nginx",pid=156,fd=10),("nginx",pid=154,fd=10),("nginx",pid=153,fd=10),("nginx",pid=152,fd=10),("nginx",pid=151,fd=10),("nginx",pid=150,fd=10),("nginx",pid=149,fd=10),("nginx",pid=148,fd=10),("nginx",pid=147,fd=10),("nginx",pid=146,fd=10),("nginx",pid=144,fd=10),("nginx",pid=143,fd=10),("nginx",pid=142,fd=10))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=203,fd=12),("nginx",pid=202,fd=12),("nginx",pid=201,fd=12),("nginx",pid=198,fd=12),("nginx",pid=197,fd=12),("nginx",pid=196,fd=12),("nginx",pid=195,fd=12),("nginx",pid=194,fd=12),("nginx",pid=193,fd=12),("nginx",pid=192,fd=12),("nginx",pid=191,fd=12),("nginx",pid=189,fd=12),("nginx",pid=188,fd=12),("nginx",pid=187,fd=12),("nginx",pid=186,fd=12),("nginx",pid=185,fd=12),("nginx",pid=184,fd=12),("nginx",pid=183,fd=12),("nginx",pid=182,fd=12),("nginx",pid=181,fd=12),("nginx",pid=180,fd=12),("nginx",pid=179,fd=12),("nginx",pid=178,fd=12),("nginx",pid=177,fd=12),("nginx",pid=176,fd=12),("nginx",pid=175,fd=12),("nginx",pid=174,fd=12),("nginx",pid=173,fd=12),("nginx",pid=172,fd=12),("nginx",pid=171,fd=12),("nginx",pid=170,fd=12),("nginx",pid=169,fd=12),("nginx",pid=168,fd=12),("nginx",pid=167,fd=12),("nginx",pid=166,fd=12),("nginx",pid=165,fd=12),("nginx",pid=164,fd=12),("nginx",pid=163,fd=12),("nginx",pid=162,fd=12),("nginx",pid=161,fd=12),("nginx",pid=160,fd=12),("nginx",pid=159,fd=12),("nginx",pid=158,fd=12),("nginx",pid=157,fd=12),("nginx",pid=156,fd=12),("nginx",pid=154,fd=12),("nginx",pid=153,fd=12),("nginx",pid=152,fd=12),("nginx",pid=151,fd=12),("nginx",pid=150,fd=12),("nginx",pid=149,fd=12),("nginx",pid=148,fd=12),("nginx",pid=147,fd=12),("nginx",pid=146,fd=12),("nginx",pid=144,fd=12),("nginx",pid=143,fd=12),("nginx",pid=142,fd=12))
LISTEN 0 5 127.0.0.1:8888 0.0.0.0:* users:(("python3",pid=108,fd=3))
LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=370,fd=13))
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=97,fd=14))
LISTEN 0 4096 *:30303 *:* users:(("java",pid=14903,fd=359))
LISTEN 0 4096 *:9545 *:* users:(("java",pid=14903,fd=356))
LISTEN 0 4096 *:8545 *:* users:(("java",pid=14903,fd=357))
LISTEN 0 4096 *:8546 *:* users:(("java",pid=14903,fd=358))
LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=370,fd=14))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=203,fd=11),("nginx",pid=202,fd=11),("nginx",pid=201,fd=11),("nginx",pid=198,fd=11),("nginx",pid=197,fd=11),("nginx",pid=196,fd=11),("nginx",pid=195,fd=11),("nginx",pid=194,fd=11),("nginx",pid=193,fd=11),("nginx",pid=192,fd=11),("nginx",pid=191,fd=11),("nginx",pid=189,fd=11),("nginx",pid=188,fd=11),("nginx",pid=187,fd=11),("nginx",pid=186,fd=11),("nginx",pid=185,fd=11),("nginx",pid=184,fd=11),("nginx",pid=183,fd=11),("nginx",pid=182,fd=11),("nginx",pid=181,fd=11),("nginx",pid=180,fd=11),("nginx",pid=179,fd=11),("nginx",pid=178,fd=11),("nginx",pid=177,fd=11),("nginx",pid=176,fd=11),("nginx",pid=175,fd=11),("nginx",pid=174,fd=11),("nginx",pid=173,fd=11),("nginx",pid=172,fd=11),("nginx",pid=171,fd=11),("nginx",pid=170,fd=11),("nginx",pid=169,fd=11),("nginx",pid=168,fd=11),("nginx",pid=167,fd=11),("nginx",pid=166,fd=11),("nginx",pid=165,fd=11),("nginx",pid=164,fd=11),("nginx",pid=163,fd=11),("nginx",pid=162,fd=11),("nginx",pid=161,fd=11),("nginx",pid=160,fd=11),("nginx",pid=159,fd=11),("nginx",pid=158,fd=11),("nginx",pid=157,fd=11),("nginx",pid=156,fd=11),("nginx",pid=154,fd=11),("nginx",pid=153,fd=11),("nginx",pid=152,fd=11),("nginx",pid=151,fd=11),("nginx",pid=150,fd=11),("nginx",pid=149,fd=11),("nginx",pid=148,fd=11),("nginx",pid=147,fd=11),("nginx",pid=146,fd=11),("nginx",pid=144,fd=11),("nginx",pid=143,fd=11),("nginx",pid=142,fd=11))
LISTEN 0 4096 *:22 *:* users:(("systemd",pid=1,fd=41))
LISTEN 0 511 [::]:443 [::]:* users:(("nginx",pid=203,fd=13),("nginx",pid=202,fd=13),("nginx",pid=201,fd=13),("nginx",pid=198,fd=13),("nginx",pid=197,fd=13),("nginx",pid=196,fd=13),("nginx",pid=195,fd=13),("nginx",pid=194,fd=13),("nginx",pid=193,fd=13),("nginx",pid=192,fd=13),("nginx",pid=191,fd=13),("nginx",pid=189,fd=13),("nginx",pid=188,fd=13),("nginx",pid=187,fd=13),("nginx",pid=186,fd=13),("nginx",pid=185,fd=13),("nginx",pid=184,fd=13),("nginx",pid=183,fd=13),("nginx",pid=182,fd=13),("nginx",pid=181,fd=13),("nginx",pid=180,fd=13),("nginx",pid=179,fd=13),("nginx",pid=178,fd=13),("nginx",pid=177,fd=13),("nginx",pid=176,fd=13),("nginx",pid=175,fd=13),("nginx",pid=174,fd=13),("nginx",pid=173,fd=13),("nginx",pid=172,fd=13),("nginx",pid=171,fd=13),("nginx",pid=170,fd=13),("nginx",pid=169,fd=13),("nginx",pid=168,fd=13),("nginx",pid=167,fd=13),("nginx",pid=166,fd=13),("nginx",pid=165,fd=13),("nginx",pid=164,fd=13),("nginx",pid=163,fd=13),("nginx",pid=162,fd=13),("nginx",pid=161,fd=13),("nginx",pid=160,fd=13),("nginx",pid=159,fd=13),("nginx",pid=158,fd=13),("nginx",pid=157,fd=13),("nginx",pid=156,fd=13),("nginx",pid=154,fd=13),("nginx",pid=153,fd=13),("nginx",pid=152,fd=13),("nginx",pid=151,fd=13),("nginx",pid=150,fd=13),("nginx",pid=149,fd=13),("nginx",pid=148,fd=13),("nginx",pid=147,fd=13),("nginx",pid=146,fd=13),("nginx",pid=144,fd=13),("nginx",pid=143,fd=13),("nginx",pid=142,fd=13))

17
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2201_verification.json Normal file
View File

@@ -0,0 +1,17 @@
{
"vmid": 2201,
"hostname": "besu-rpc-public-1",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.221",
"actual_ip": "192.168.11.221",
"status": "running",
"has_nginx": false,
"service_type": "besu",
"config_path": "8545,8546",
"public_domains": ["rpc-http-pub.d-bis.org","rpc-ws-pub.d-bis.org"],
"services": [{"name":"besu-rpc","type":"direct","status":"running"}],
"listening_ports": [{"port":8545,"protocol":"tcp","process":"besu"},{"port":8546,"protocol":"tcp","process":"besu"}],
"health_endpoints": [{"path":"http://192.168.11.221:8545","expected_code":200,"actual_code":200,"status":"pass"}],
"verified_at": "2026-03-02T14:22:22-08:00"
}

14
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2400_listening_ports.txt Normal file
View File

@@ -0,0 +1,14 @@
LISTEN 0 4096 127.0.0.1:20241 0.0.0.0:* users:(("cloudflared",pid=543700,fd=3))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=186,fd=7),("nginx",pid=185,fd=7),("nginx",pid=184,fd=7),("nginx",pid=183,fd=7),("nginx",pid=182,fd=7))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=186,fd=9),("nginx",pid=185,fd=9),("nginx",pid=184,fd=9),("nginx",pid=183,fd=9),("nginx",pid=182,fd=9))
LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=334,fd=13))
LISTEN 0 511 *:9645 *:* users:(("node",pid=170005,fd=21))
LISTEN 0 511 *:9646 *:* users:(("node",pid=170005,fd=20))
LISTEN 0 4096 *:9547 *:* users:(("java",pid=118,fd=350))
LISTEN 0 4096 *:8545 *:* users:(("java",pid=118,fd=351))
LISTEN 0 4096 *:8546 *:* users:(("java",pid=118,fd=352))
LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=334,fd=14))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=186,fd=8),("nginx",pid=185,fd=8),("nginx",pid=184,fd=8),("nginx",pid=183,fd=8),("nginx",pid=182,fd=8))
LISTEN 0 4096 *:22 *:* users:(("sshd",pid=194,fd=3),("systemd",pid=1,fd=42))
LISTEN 0 511 [::]:443 [::]:* users:(("nginx",pid=186,fd=10),("nginx",pid=185,fd=10),("nginx",pid=184,fd=10),("nginx",pid=183,fd=10),("nginx",pid=182,fd=10))
LISTEN 0 4096 *:30303 *:* users:(("java",pid=118,fd=353))

17
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_2400_verification.json Normal file
View File

@@ -0,0 +1,17 @@
{
"vmid": 2400,
"hostname": "thirdweb-rpc-1",
"host": "ml110",
"host_ip": "192.168.11.10",
"expected_ip": "192.168.11.240",
"actual_ip": "192.168.11.240",
"status": "running",
"has_nginx": true,
"service_type": "nginx",
"config_path": "/etc/nginx/sites-available/rpc-thirdweb",
"public_domains": ["rpc.public-0138.defi-oracle.io"],
"services": [{"name":"nginx","type":"systemd","status":"active"}],
"listening_ports": [],
"health_endpoints": [{"path":"http://192.168.11.240:80","expected_code":200,"actual_code":404,"status":"fail"}],
"verified_at": "2026-03-02T14:22:34-08:00"
}

13
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5000_listening_ports.txt Normal file
View File

@@ -0,0 +1,13 @@
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=98,fd=14))
LISTEN 0 4096 127.0.0.1:34981 0.0.0.0:* users:(("containerd",pid=122,fd=8))
LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=470,fd=13))
LISTEN 0 4096 0.0.0.0:4000 0.0.0.0:* users:(("docker-proxy",pid=1640248,fd=7))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=1628657,fd=9),("nginx",pid=1628656,fd=9),("nginx",pid=1628655,fd=9),("nginx",pid=1628654,fd=9),("nginx",pid=1628653,fd=9))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=1628657,fd=11),("nginx",pid=1628656,fd=11),("nginx",pid=1628655,fd=11),("nginx",pid=1628654,fd=11),("nginx",pid=1628653,fd=11))
LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=470,fd=14))
LISTEN 0 4096 [::]:4000 [::]:* users:(("docker-proxy",pid=1640254,fd=7))
LISTEN 0 511 *:3001 *:* users:(("node",pid=1676505,fd=18))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=1628657,fd=10),("nginx",pid=1628656,fd=10),("nginx",pid=1628655,fd=10),("nginx",pid=1628654,fd=10),("nginx",pid=1628653,fd=10))
LISTEN 0 4096 *:22 *:* users:(("systemd",pid=1,fd=39))
LISTEN 0 511 [::]:443 [::]:* users:(("nginx",pid=1628657,fd=12),("nginx",pid=1628656,fd=12),("nginx",pid=1628655,fd=12),("nginx",pid=1628654,fd=12),("nginx",pid=1628653,fd=12))
LISTEN 0 4096 *:8081 *:* users:(("explorer-config",pid=116,fd=5))

17
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5000_verification.json Normal file
View File

@@ -0,0 +1,17 @@
{
"vmid": 5000,
"hostname": "blockscout-1",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.140",
"actual_ip": "192.168.11.140",
"status": "running",
"has_nginx": true,
"service_type": "nginx",
"config_path": "/etc/nginx/sites-available/blockscout",
"public_domains": ["explorer.d-bis.org"],
"services": [{"name":"nginx","type":"systemd","status":"active"}],
"listening_ports": [],
"health_endpoints": [{"path":"http://192.168.11.140:80","expected_code":200,"actual_code":301,"status":"pass"}],
"verified_at": "2026-03-02T14:23:06-08:00"
}

8
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5800_listening_ports.txt Normal file
View File

@@ -0,0 +1,8 @@
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=80,fd=14))
LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=171,fd=6),("nginx",pid=170,fd=6),("nginx",pid=169,fd=6),("nginx",pid=168,fd=6),("nginx",pid=167,fd=6),("nginx",pid=166,fd=6),("nginx",pid=165,fd=6),("nginx",pid=164,fd=6),("nginx",pid=163,fd=6),("nginx",pid=162,fd=6),("nginx",pid=161,fd=6),("nginx",pid=160,fd=6),("nginx",pid=159,fd=6),("nginx",pid=158,fd=6),("nginx",pid=157,fd=6),("nginx",pid=156,fd=6),("nginx",pid=155,fd=6),("nginx",pid=154,fd=6),("nginx",pid=153,fd=6),("nginx",pid=152,fd=6),("nginx",pid=151,fd=6),("nginx",pid=150,fd=6),("nginx",pid=149,fd=6),("nginx",pid=148,fd=6),("nginx",pid=147,fd=6),("nginx",pid=146,fd=6),("nginx",pid=145,fd=6),("nginx",pid=144,fd=6),("nginx",pid=143,fd=6),("nginx",pid=142,fd=6),("nginx",pid=141,fd=6),("nginx",pid=140,fd=6),("nginx",pid=139,fd=6),("nginx",pid=138,fd=6),("nginx",pid=137,fd=6),("nginx",pid=136,fd=6),("nginx",pid=135,fd=6),("nginx",pid=134,fd=6),("nginx",pid=133,fd=6),("nginx",pid=132,fd=6),("nginx",pid=131,fd=6),("nginx",pid=130,fd=6),("nginx",pid=129,fd=6),("nginx",pid=128,fd=6),("nginx",pid=127,fd=6),("nginx",pid=126,fd=6),("nginx",pid=125,fd=6),("nginx",pid=123,fd=6),("nginx",pid=122,fd=6),("nginx",pid=121,fd=6),("nginx",pid=120,fd=6),("nginx",pid=119,fd=6),("nginx",pid=118,fd=6),("nginx",pid=117,fd=6),("nginx",pid=116,fd=6),("nginx",pid=115,fd=6),("nginx",pid=114,fd=6))
LISTEN 0 4096 0.0.0.0:3308 0.0.0.0:* users:(("docker-proxy",pid=859,fd=8))
LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=357,fd=13))
LISTEN 0 4096 127.0.0.1:20241 0.0.0.0:* users:(("cloudflared",pid=187,fd=3))
LISTEN 0 4096 *:22 *:* users:(("systemd",pid=1,fd=48))
LISTEN 0 4096 [::]:3308 [::]:* users:(("docker-proxy",pid=868,fd=8))
LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=357,fd=14))

17
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5800_verification.json Normal file
View File

@@ -0,0 +1,17 @@
{
"vmid": 5800,
"hostname": "mifos",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.85",
"actual_ip": "192.168.11.85",
"status": "running",
"has_nginx": false,
"service_type": "web",
"config_path": "-",
"public_domains": ["mifos.d-bis.org"],
"services": [{"name":"http","type":"direct","status":"running"}],
"listening_ports": [{"port":80,"protocol":"tcp","process":"http"}],
"health_endpoints": [{"path":"http://192.168.11.85:80","expected_code":200,"actual_code":000000,"status":"fail"}],
"verified_at": "2026-03-02T14:22:40-08:00"
}

5
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5801_listening_ports.txt Normal file
View File

@@ -0,0 +1,5 @@
LISTEN 0 100 127.0.0.1:25 0.0.0.0:* users:(("master",pid=300,fd=13))
LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=14267,fd=5),("nginx",pid=14266,fd=5),("nginx",pid=14265,fd=5),("nginx",pid=14264,fd=5),("nginx",pid=1727,fd=5))
LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=300,fd=14))
LISTEN 0 511 [::]:80 [::]:* users:(("nginx",pid=14267,fd=6),("nginx",pid=14266,fd=6),("nginx",pid=14265,fd=6),("nginx",pid=14264,fd=6),("nginx",pid=1727,fd=6))
LISTEN 0 4096 *:22 *:* users:(("sshd",pid=121,fd=3),("systemd",pid=1,fd=53))

17
docs/04-configuration/verification-evidence/backend-vms-verification-20260302_142132/vmid_5801_verification.json Normal file
View File

@@ -0,0 +1,17 @@
{
"vmid": 5801,
"hostname": "dapp-smom",
"host": "r630-02",
"host_ip": "192.168.11.12",
"expected_ip": "192.168.11.58",
"actual_ip": "192.168.11.58",
"status": "running",
"has_nginx": false,
"service_type": "web",
"config_path": "-",
"public_domains": ["dapp.d-bis.org"],
"services": [{"name":"http","type":"direct","status":"running"}],
"listening_ports": [{"port":80,"protocol":"tcp","process":"http"}],
"health_endpoints": [{"path":"http://192.168.11.58:80","expected_code":200,"actual_code":200,"status":"pass"}],
"verified_at": "2026-03-02T14:22:46-08:00"
}

984
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/all_e2e_results.json Normal file
View File

@@ -0,0 +1,984 @@
[
{
"domain": "ws.rpc-fireblocks.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:12:49-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "ws.rpc-fireblocks.d-bis.org",
"issuer": "E8",
"expires": "May 22 21:48:21 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "dbis-admin.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:12:52-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "dbis-admin.d-bis.org",
"issuer": "E8",
"expires": "Apr 16 20:56:11 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 3.126302
}
}
},
{
"domain": "rpc-alltra-3.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:12:55-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "mifos.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:12:56-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 0.125696
}
}
},
{
"domain": "rpc-hybx-2.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:12:56-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "cacti-hybx.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:12:57-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 0.093134
}
}
},
{
"domain": "sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:12:57-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "sankofa.nexus",
"issuer": "E7",
"expires": "Apr 16 20:58:17 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.089084,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "rpc-alltra.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:12:57-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "rpc-http-pub.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:12:58-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "rpc.public-0138.defi-oracle.io",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:12:58-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.91.43",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "defi-oracle.io",
"issuer": "Cloudflare TLS Issuing ECC CA 3",
"expires": "Jun 2 08:38:04 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "studio.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:12:58-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.39.10",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "sankofa.nexus",
"issuer": "WE1",
"expires": "May 6 03:30:54 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 404,
"response_time_seconds": 0.130726
}
}
},
{
"domain": "dbis-api.d-bis.org",
"domain_type": "api",
"timestamp": "2026-03-04T01:12:59-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "dbis-api.d-bis.org",
"issuer": "E8",
"expires": "Apr 16 20:56:33 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 3.126570
}
}
},
{
"domain": "rpc-hybx-3.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:13:03-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "rpc.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:13:04-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "dapp.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:04-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.119344,
"has_hsts": true,
"has_csp": true,
"has_xfo": false
}
}
},
{
"domain": "www.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:04-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "www.sankofa.nexus",
"issuer": "E7",
"expires": "Apr 16 20:59:41 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.075866,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "mim4u.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:05-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "mim4u.org",
"issuer": "E7",
"expires": "Apr 16 20:57:01 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.054379,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "ws.rpc.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:13:06-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "ws.rpc.d-bis.org",
"issuer": "E8",
"expires": "Apr 30 03:43:05 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "phoenix.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:08-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "phoenix.sankofa.nexus",
"issuer": "E8",
"expires": "Apr 16 20:57:08 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.053991,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "www.mim4u.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:09-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "www.mim4u.org",
"issuer": "E7",
"expires": "Apr 16 20:59:17 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.033360,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "wss.defi-oracle.io",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:13:09-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "wss.defi-oracle.io",
"issuer": "E8",
"expires": "Apr 30 03:44:57 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "the-order.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:11-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "the-order.sankofa.nexus",
"issuer": "E8",
"expires": "Apr 16 20:58:53 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.031307,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "rpc2.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:13:12-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "rpc-ws-pub.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:13:12-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "rpc-ws-pub.d-bis.org",
"issuer": "E7",
"expires": "Apr 16 20:57:51 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "dev.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:14-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.091475,
"has_hsts": true,
"has_csp": false,
"has_xfo": true
}
}
},
{
"domain": "rpc-alltra-2.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:13:15-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "rpc-http-prv.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:13:15-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "www.phoenix.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:15-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "www.phoenix.sankofa.nexus",
"issuer": "E8",
"expires": "Apr 16 20:59:28 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.025857,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "gitea.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:16-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.116253,
"has_hsts": true,
"has_csp": false,
"has_xfo": true
}
}
},
{
"domain": "secure.mim4u.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:16-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "secure.mim4u.org",
"issuer": "E8",
"expires": "Apr 16 20:58:40 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.042557,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "rpc-fireblocks.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:13:16-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "rpc-fireblocks.d-bis.org",
"issuer": "E8",
"expires": "May 22 21:47:15 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "training.mim4u.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:16-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "training.mim4u.org",
"issuer": "E7",
"expires": "Apr 16 20:59:06 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.035898,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "explorer.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:17-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "explorer.d-bis.org",
"issuer": "R13",
"expires": "Mar 23 20:48:12 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.010479,
"has_hsts": false,
"has_csp": false,
"has_xfo": false
},
"blockscout_api": {
"status": "pass",
"http_code": 200
}
}
},
{
"domain": "dbis-api-2.d-bis.org",
"domain_type": "api",
"timestamp": "2026-03-04T01:13:17-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "dbis-api-2.d-bis.org",
"issuer": "E8",
"expires": "Apr 16 20:56:22 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 3.094985
}
}
},
{
"domain": "secure.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:20-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "secure.d-bis.org",
"issuer": "E7",
"expires": "Apr 16 20:58:28 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 3.091145
}
}
},
{
"domain": "rpc-hybx.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:13:24-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "codespaces.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:24-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.106187,
"has_hsts": true,
"has_csp": false,
"has_xfo": true
}
}
},
{
"domain": "rpc.defi-oracle.io",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:13:24-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.91.43",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "rpc.defi-oracle.io",
"issuer": "Cloudflare TLS Issuing ECC CA 3",
"expires": "May 7 09:51:23 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "rpc-ws-prv.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:13:25-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "rpc-ws-prv.d-bis.org",
"issuer": "E7",
"expires": "Apr 16 20:57:38 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "cacti-alltra.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:13:27-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 0.105093
}
}
},
{
"domain": "ws.rpc2.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:13:28-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "ws.rpc2.d-bis.org",
"issuer": "E7",
"expires": "Apr 30 03:43:58 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
}
]

14
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/cacti-alltra_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,14 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:13:28 GMT
content-type: text/plain; charset=UTF-8
content-length: 15
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 9d6fc3de2eb76d31-LAX
alt-svc: h3=":443"; ma=86400
0.105093

14
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/cacti-hybx_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,14 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:12:57 GMT
content-type: text/plain; charset=UTF-8
content-length: 15
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 9d6fc31de8ff5126-LAX
alt-svc: h3=":443"; ma=86400
0.093134

17
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/codespaces_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,17 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:24 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qcGNKSl%2B1%2FhpZwhct9EaLDagq7IWtDHkEu2oS6Lo%2FUWgaiwE51zIt6Yezia8u7P6opUyzaluK8AprwkuF%2FL0XERSyVu6l3AduDyZS9JCIZYTxBP0"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 9d6fc3c95e0e2ec6-LAX
alt-svc: h3=":443"; ma=86400
0.106187

17
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dapp_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,17 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:04 GMT
content-type: text/html
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https: wss: http://192.168.11.221:8545 ws://192.168.11.221:8546 https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org; frame-src 'self' https:; frame-ancestors 'self';
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KxOr8L%2F%2FUwRNWcWqJJf%2BIFs9ARU6eNty3NSDyo4YVAImfqWN7FF0zQMBLNqcJ1LzrWPqzIzCOxDVYK30Ue3GAZKlJ3nXiUG3ypTGHNe9"}]}
last-modified: Sun, 22 Feb 2026 04:25:15 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 9d6fc34cde8b19db-LAX
alt-svc: h3=":443"; ma=86400
0.119344

18
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-admin_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,18 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:12:55 GMT
content-type: text/html
content-length: 122
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests
3.126302

18
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-api-2_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,18 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:13:20 GMT
content-type: text/html
content-length: 122
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests
3.094985

18
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dbis-api_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,18 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:13:03 GMT
content-type: text/html
content-length: 122
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests
3.126570

17
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/dev_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,17 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:15 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jtptiHBbOF1Y6MMarNhpKn6Yn%2FX9IISgmgj2aYgKE5E8fCTMepKblTf5HzA%2BcphjwRiCiPpmKW%2FwLbT%2Bk2IntjQP0jvzbA8HLELeUrw%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 9d6fc38d6a81b8d4-LAX
alt-svc: h3=":443"; ma=86400
0.091475

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/explorer_d-bis_org_blockscout_api.txt Normal file
View File

@@ -0,0 +1 @@
{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1969.73","coin_price_change_percentage":-2.89,"gas_price_updated_at":"2026-03-04T09:13:08.999454Z","gas_prices":{"slow":0.01,"average":0.01,"fast":0.01},"gas_prices_update_in":23065,"gas_used_today":"680967","market_cap":"0.000","network_utilization_percentage":0.0,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"233","total_blocks":"2547804","total_gas_used":"0","total_transactions":"13578","transactions_today":"16","tvl":null}

12
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/explorer_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,12 @@
HTTP/2 200
server: nginx/1.18.0 (Ubuntu)
date: Wed, 04 Mar 2026 09:13:17 GMT
content-type: text/html
content-length: 60718
last-modified: Sun, 01 Mar 2026 19:27:01 GMT
etag: "69a49305-ed2e"
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
0.010479

17
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/gitea_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,17 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:16 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DADqu2sx18WR1tYPUg6vJ2ATks9BkJV6XPNvZZ7Ejbd3%2FnSxv5KJ9tZq4sEqcEOKtfRZLk29CKzK6R7mXSSV75EUbrm6gAMO8v4eBrmGqQ%3D%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 9d6fc394fd149dfc-LAX
alt-svc: h3=":443"; ma=86400
0.116253

14
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/mifos_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,14 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:12:56 GMT
content-type: text/plain; charset=UTF-8
content-length: 15
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 9d6fc31959f108d0-LAX
alt-svc: h3=":443"; ma=86400
0.125696

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/mim4u_org_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:06 GMT
content-type: text/html
content-length: 2710
vary: Accept-Encoding
last-modified: Fri, 27 Feb 2026 06:24:33 GMT
etag: "69a138a1-a96"
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/phoenix_sankofa_nexus_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:09 GMT
content-type: text/html
content-length: 60718
vary: Accept-Encoding
last-modified: Sun, 01 Mar 2026 19:27:01 GMT
etag: "69a49305-ed2e"
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546;
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra-2_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra-3_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-alltra_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-fireblocks_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-http-prv_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-http-pub_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx-2_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx-3_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc-hybx_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc2_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_defi-oracle_io_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/rpc_public-0138_defi-oracle_io_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","result":"0x8a","id":1}

19
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/sankofa_nexus_https_headers.txt Normal file
View File

@@ -0,0 +1,19 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:12:57 GMT
content-type: text/html
content-length: 60718
vary: Accept-Encoding
last-modified: Sun, 01 Mar 2026 19:27:01 GMT
etag: "69a49305-ed2e"
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546;
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests
0.089084

18
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/secure_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,18 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:13:24 GMT
content-type: text/html
content-length: 122
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests
3.091145

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/secure_mim4u_org_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:16 GMT
content-type: text/html
content-length: 2710
vary: Accept-Encoding
last-modified: Fri, 27 Feb 2026 06:24:33 GMT
etag: "69a138a1-a96"
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

13
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/studio_sankofa_nexus_https_headers.txt Normal file
View File

@@ -0,0 +1,13 @@
HTTP/2 404
date: Wed, 04 Mar 2026 09:12:59 GMT
content-type: application/json
vary: Accept-Encoding
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uPpiXv3dqzJldasZIWQPpjLwK3Ld%2BicomTPz0JrKuQUXahX98AGj%2BkcuPLqauyotqEl0z2ia8%2F%2BWAb9pMEvr2IwBgY%2FHlvGbvN6%2Be9gJ%2F6MxSeZC"}]}
server: cloudflare
cf-ray: 9d6fc32abb29d4d9-LAX
alt-svc: h3=":443"; ma=86400
0.130726

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/the-order_sankofa_nexus_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:12 GMT
content-type: text/html
content-length: 60718
vary: Accept-Encoding
last-modified: Sun, 01 Mar 2026 19:27:01 GMT
etag: "69a49305-ed2e"
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546;
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/training_mim4u_org_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:17 GMT
content-type: text/html
content-length: 2710
vary: Accept-Encoding
last-modified: Fri, 27 Feb 2026 06:24:33 GMT
etag: "69a138a1-a96"
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

321
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/verification_report.md Normal file
View File

@@ -0,0 +1,321 @@
# End-to-End Routing Verification Report
**Date**: 2026-03-04T01:13:30-08:00
**Public IP**: 76.53.10.36
**Verifier**: intlc
## Summary
- **Total domains tested**: 41
- **DNS tests passed**: 41
- **HTTPS tests passed**: 14
- **Failed tests**: 6
- **Skipped / optional (not configured or unreachable)**: 0
- **Average response time**: 0.6263494545454547s
## Test Results by Domain
### ws.rpc-fireblocks.d-bis.org
- Type: rpc-ws
- DNS: pass
- SSL: pass
- Details: See `all_e2e_results.json`
### dbis-admin.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: warn
- Details: See `all_e2e_results.json`
### rpc-alltra-3.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: fail
- Details: See `all_e2e_results.json`
### mifos.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: warn
- Details: See `all_e2e_results.json`
### rpc-hybx-2.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: fail
- Details: See `all_e2e_results.json`
### cacti-hybx.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: warn
- Details: See `all_e2e_results.json`
### sankofa.nexus
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### rpc-alltra.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: fail
- Details: See `all_e2e_results.json`
### rpc-http-pub.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: pass
- Details: See `all_e2e_results.json`
### rpc.public-0138.defi-oracle.io
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: pass
- Details: See `all_e2e_results.json`
### studio.sankofa.nexus
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: warn
- Details: See `all_e2e_results.json`
### dbis-api.d-bis.org
- Type: api
- DNS: pass
- SSL: pass
- HTTPS: warn
- Details: See `all_e2e_results.json`
### rpc-hybx-3.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: fail
- Details: See `all_e2e_results.json`
### rpc.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: pass
- Details: See `all_e2e_results.json`
### dapp.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### www.sankofa.nexus
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### mim4u.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### ws.rpc.d-bis.org
- Type: rpc-ws
- DNS: pass
- SSL: pass
- Details: See `all_e2e_results.json`
### phoenix.sankofa.nexus
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### www.mim4u.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### wss.defi-oracle.io
- Type: rpc-ws
- DNS: pass
- SSL: pass
- Details: See `all_e2e_results.json`
### the-order.sankofa.nexus
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### rpc2.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: pass
- Details: See `all_e2e_results.json`
### rpc-ws-pub.d-bis.org
- Type: rpc-ws
- DNS: pass
- SSL: pass
- Details: See `all_e2e_results.json`
### dev.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### rpc-alltra-2.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: fail
- Details: See `all_e2e_results.json`
### rpc-http-prv.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: pass
- Details: See `all_e2e_results.json`
### www.phoenix.sankofa.nexus
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### gitea.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### secure.mim4u.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### rpc-fireblocks.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: pass
- Details: See `all_e2e_results.json`
### training.mim4u.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### explorer.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Blockscout API: pass
- Details: See `all_e2e_results.json`
### dbis-api-2.d-bis.org
- Type: api
- DNS: pass
- SSL: pass
- HTTPS: warn
- Details: See `all_e2e_results.json`
### secure.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: warn
- Details: See `all_e2e_results.json`
### rpc-hybx.d-bis.org
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: fail
- Details: See `all_e2e_results.json`
### codespaces.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: pass
- Details: See `all_e2e_results.json`
### rpc.defi-oracle.io
- Type: rpc-http
- DNS: pass
- SSL: pass
- RPC: pass
- Details: See `all_e2e_results.json`
### rpc-ws-prv.d-bis.org
- Type: rpc-ws
- DNS: pass
- SSL: pass
- Details: See `all_e2e_results.json`
### cacti-alltra.d-bis.org
- Type: web
- DNS: pass
- SSL: pass
- HTTPS: warn
- Details: See `all_e2e_results.json`
### ws.rpc2.d-bis.org
- Type: rpc-ws
- DNS: pass
- SSL: pass
- Details: See `all_e2e_results.json`
## Files Generated
- `all_e2e_results.json` - Complete E2E test results
- `*_https_headers.txt` - HTTP response headers per domain
- `*_rpc_response.txt` - RPC response per domain
- `verification_report.md` - This report
## Notes
- **Optional domains:** Domains in `E2E_OPTIONAL_WHEN_FAIL` (default: many d-bis.org/sankofa/mim4u/rpc) have any fail treated as skip so the run passes when off-LAN or services unreachable. Set `E2E_OPTIONAL_WHEN_FAIL=` (empty) for strict mode.
- WebSocket tests require `wscat` tool: `npm install -g wscat`
- Internal connectivity tests require access to NPMplus container
- Explorer (explorer.d-bis.org): optional Blockscout API check; use `SKIP_BLOCKSCOUT_API=1` to skip when backend is unreachable (e.g. off-LAN). Fix runbook: docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md
## Next Steps
1. Review test results for each domain
2. Investigate any failed tests
3. Test WebSocket connections for RPC WS domains (if wscat available)
4. Test internal connectivity from NPMplus container
5. Update source-of-truth JSON after verification

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_mim4u_org_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:09 GMT
content-type: text/html
content-length: 2710
vary: Accept-Encoding
last-modified: Fri, 27 Feb 2026 06:24:33 GMT
etag: "69a138a1-a96"
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_phoenix_sankofa_nexus_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:16 GMT
content-type: text/html
content-length: 60718
vary: Accept-Encoding
last-modified: Sun, 01 Mar 2026 19:27:01 GMT
etag: "69a49305-ed2e"
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546;
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_011249/www_sankofa_nexus_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:13:05 GMT
content-type: text/html
content-length: 60718
vary: Accept-Encoding
last-modified: Sun, 01 Mar 2026 19:27:01 GMT
etag: "69a49305-ed2e"
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546;
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

984
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/all_e2e_results.json Normal file
View File

@@ -0,0 +1,984 @@
[
{
"domain": "ws.rpc-fireblocks.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:29:23-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "ws.rpc-fireblocks.d-bis.org",
"issuer": "E8",
"expires": "May 22 21:48:21 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "dbis-admin.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:26-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "dbis-admin.d-bis.org",
"issuer": "E8",
"expires": "Apr 16 20:56:11 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 3.116652
}
}
},
{
"domain": "rpc-alltra-3.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:29-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "mifos.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:29-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 0.105002
}
}
},
{
"domain": "rpc-hybx-2.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:29-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "cacti-hybx.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:30-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 0.106441
}
}
},
{
"domain": "sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:30-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "sankofa.nexus",
"issuer": "E7",
"expires": "Apr 16 20:58:17 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.081754,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "rpc-alltra.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:31-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "rpc-http-pub.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:31-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "rpc.public-0138.defi-oracle.io",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:31-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.209.228",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "defi-oracle.io",
"issuer": "Cloudflare TLS Issuing ECC CA 3",
"expires": "Jun 2 08:38:04 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "studio.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:32-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.39.10",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "sankofa.nexus",
"issuer": "WE1",
"expires": "May 6 03:30:54 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 404,
"response_time_seconds": 0.137508
}
}
},
{
"domain": "dbis-api.d-bis.org",
"domain_type": "api",
"timestamp": "2026-03-04T01:29:32-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "dbis-api.d-bis.org",
"issuer": "E8",
"expires": "Apr 16 20:56:33 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 3.135939
}
}
},
{
"domain": "rpc-hybx-3.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:35-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "rpc.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:36-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "dapp.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:36-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.128018,
"has_hsts": true,
"has_csp": true,
"has_xfo": false
}
}
},
{
"domain": "www.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:36-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "www.sankofa.nexus",
"issuer": "E7",
"expires": "Apr 16 20:59:41 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.038849,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "mim4u.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:37-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "mim4u.org",
"issuer": "E7",
"expires": "Apr 16 20:57:01 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.039079,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "ws.rpc.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:29:37-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "ws.rpc.d-bis.org",
"issuer": "E8",
"expires": "Apr 30 03:43:05 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "phoenix.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:39-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "phoenix.sankofa.nexus",
"issuer": "E8",
"expires": "Apr 16 20:57:08 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.024291,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "www.mim4u.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:40-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "www.mim4u.org",
"issuer": "E7",
"expires": "Apr 16 20:59:17 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.024778,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "wss.defi-oracle.io",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:29:40-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "wss.defi-oracle.io",
"issuer": "E8",
"expires": "Apr 30 03:44:57 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "the-order.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:42-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "the-order.sankofa.nexus",
"issuer": "E8",
"expires": "Apr 16 20:58:53 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.031438,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "rpc2.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:43-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "rpc-ws-pub.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:29:43-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "rpc-ws-pub.d-bis.org",
"issuer": "E7",
"expires": "Apr 16 20:57:51 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "dev.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:46-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.094902,
"has_hsts": true,
"has_csp": false,
"has_xfo": true
}
}
},
{
"domain": "rpc-alltra-2.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:46-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "rpc-http-prv.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:46-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "www.phoenix.sankofa.nexus",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:47-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "www.phoenix.sankofa.nexus",
"issuer": "E8",
"expires": "Apr 16 20:59:28 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.031716,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "gitea.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:47-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.094488,
"has_hsts": true,
"has_csp": false,
"has_xfo": true
}
}
},
{
"domain": "secure.mim4u.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:47-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "secure.mim4u.org",
"issuer": "E8",
"expires": "Apr 16 20:58:40 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.030639,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "rpc-fireblocks.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:48-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "rpc-fireblocks.d-bis.org",
"issuer": "E8",
"expires": "May 22 21:47:15 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "training.mim4u.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:48-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "training.mim4u.org",
"issuer": "E7",
"expires": "Apr 16 20:59:06 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.033677,
"has_hsts": true,
"has_csp": true,
"has_xfo": true
}
}
},
{
"domain": "explorer.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:48-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "explorer.d-bis.org",
"issuer": "R13",
"expires": "Mar 23 20:48:12 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.008496,
"has_hsts": false,
"has_csp": false,
"has_xfo": false
},
"blockscout_api": {
"status": "pass",
"http_code": 200
}
}
},
{
"domain": "dbis-api-2.d-bis.org",
"domain_type": "api",
"timestamp": "2026-03-04T01:29:48-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "dbis-api-2.d-bis.org",
"issuer": "E8",
"expires": "Apr 16 20:56:22 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 3.116963
}
}
},
{
"domain": "secure.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:52-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "secure.d-bis.org",
"issuer": "E7",
"expires": "Apr 16 20:58:28 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 3.088830
}
}
},
{
"domain": "rpc-hybx.d-bis.org",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:55-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"rpc_http": {
"status": "fail",
"http_code": "502",
"error": "error code: 502"
}
}
},
{
"domain": "codespaces.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:55-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "172.67.220.49",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "pass",
"http_code": 200,
"response_time_seconds": 0.117443,
"has_hsts": true,
"has_csp": false,
"has_xfo": true
}
}
},
{
"domain": "rpc.defi-oracle.io",
"domain_type": "rpc-http",
"timestamp": "2026-03-04T01:29:55-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.91.43",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "rpc.defi-oracle.io",
"issuer": "Cloudflare TLS Issuing ECC CA 3",
"expires": "May 7 09:51:23 2026 GMT"
},
"rpc_http": {
"status": "pass",
"chain_id": "0x8a"
}
}
},
{
"domain": "rpc-ws-prv.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:29:56-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "rpc-ws-prv.d-bis.org",
"issuer": "E7",
"expires": "Apr 16 20:57:38 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
},
{
"domain": "cacti-alltra.d-bis.org",
"domain_type": "web",
"timestamp": "2026-03-04T01:29:58-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "104.21.86.131",
"expected_ip": "any"
},
"ssl": {
"status": "pass",
"cn": "d-bis.org",
"issuer": "WE1",
"expires": "May 27 07:40:56 2026 GMT"
},
"https": {
"status": "warn",
"http_code": 502,
"response_time_seconds": 0.102323
}
}
},
{
"domain": "ws.rpc2.d-bis.org",
"domain_type": "rpc-ws",
"timestamp": "2026-03-04T01:29:59-08:00",
"tests": {
"dns": {
"status": "pass",
"resolved_ip": "76.53.10.36",
"expected_ip": "76.53.10.36"
},
"ssl": {
"status": "pass",
"cn": "ws.rpc2.d-bis.org",
"issuer": "E7",
"expires": "Apr 30 03:43:58 2026 GMT"
},
"websocket": {
"status": "pass",
"http_code": "400",
"full_test": true
}
}
}
]

14
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/cacti-alltra_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,14 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:29:58 GMT
content-type: text/plain; charset=UTF-8
content-length: 15
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 9d6fdc0f7fe7f472-LAX
alt-svc: h3=":443"; ma=86400
0.102323

14
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/cacti-hybx_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,14 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:29:30 GMT
content-type: text/plain; charset=UTF-8
content-length: 15
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 9d6fdb5dde2bf644-LAX
alt-svc: h3=":443"; ma=86400
0.106441

17
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/codespaces_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,17 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:29:55 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cHY4doyyhvKYjQr8fXfCegmWRrBKkPIka4AVIUx%2F83aq4Jz10UF8EZ5XZ%2B5BvSbngd4hS85rZpmfJVisEZ0G5ktEBaBnwkNX7ntT2XNwp8U4NBY8"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 9d6fdbfc5b95792b-LAX
alt-svc: h3=":443"; ma=86400
0.117443

17
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dapp_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,17 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:29:36 GMT
content-type: text/html
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https:; connect-src 'self' https: wss: http://192.168.11.221:8545 ws://192.168.11.221:8546 https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org; frame-src 'self' https:; frame-ancestors 'self';
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WNfI679OrWbBJ9Da%2FI9D2Q6wY%2BKqcUMBZkfFx9UqoPIuf2Sme1dZ58FpaVOP9p85QNhhuNECS0L16LClwlv%2B6iV32IZ7S%2FKvpRrHn2D1"}]}
last-modified: Sun, 22 Feb 2026 04:25:15 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 9d6fdb854f412b6a-LAX
alt-svc: h3=":443"; ma=86400
0.128018

18
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-admin_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,18 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:29:29 GMT
content-type: text/html
content-length: 122
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests
3.116652

18
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-api-2_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,18 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:29:52 GMT
content-type: text/html
content-length: 122
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests
3.116963

18
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dbis-api_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,18 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:29:35 GMT
content-type: text/html
content-length: 122
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests
3.135939

17
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/dev_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,17 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:29:46 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QXDHS%2FsWWkgLIKzfmV1O1HBziueE%2BSOa284IyBIOu56U%2BgjUEpF9t7z%2FBldFe9rBqpiDd5jQS2V84d3yzOzOM3n%2BP%2BqvVL6uGBpipwU%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 9d6fdbc0399aa158-LAX
alt-svc: h3=":443"; ma=86400
0.094902

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/explorer_d-bis_org_blockscout_api.txt Normal file
View File

@@ -0,0 +1 @@
{"average_block_time":2.0e3,"coin_image":"https://coin-images.coingecko.com/coins/images/39140/small/ETH.png?1720706783","coin_price":"1971.35","coin_price_change_percentage":-2.81,"gas_price_updated_at":"2026-03-04T09:29:41.994544Z","gas_prices":{"slow":0.01,"average":0.01,"fast":0.01},"gas_prices_update_in":24828,"gas_used_today":"680967","market_cap":"0.000","network_utilization_percentage":0.0,"secondary_coin_image":null,"secondary_coin_price":null,"static_gas_price":null,"total_addresses":"233","total_blocks":"2547804","total_gas_used":"0","total_transactions":"13578","transactions_today":"16","tvl":null}

12
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/explorer_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,12 @@
HTTP/2 200
server: nginx/1.18.0 (Ubuntu)
date: Wed, 04 Mar 2026 09:29:48 GMT
content-type: text/html
content-length: 60718
last-modified: Sun, 01 Mar 2026 19:27:01 GMT
etag: "69a49305-ed2e"
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
0.008496

17
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/gitea_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,17 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:29:47 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RAjSZOkwKCm2mhUUwPf8boBiw0ipXjgVrfgE9y7CQ2GKu%2FJahuDmT3mpyEv7SWHcL0rkSA6IqByxwxZn%2BBcIMtuC3X%2BsBPkJYBmqS8ZWOQ%3D%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 9d6fdbc8ca786f97-LAX
alt-svc: h3=":443"; ma=86400
0.094488

14
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/mifos_d-bis_org_https_headers.txt Normal file
View File

@@ -0,0 +1,14 @@
HTTP/2 502
date: Wed, 04 Mar 2026 09:29:29 GMT
content-type: text/plain; charset=UTF-8
content-length: 15
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
server: cloudflare
cf-ray: 9d6fdb59ce770fbb-LAX
alt-svc: h3=":443"; ma=86400
0.105002

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/mim4u_org_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:29:37 GMT
content-type: text/html
content-length: 2710
vary: Accept-Encoding
last-modified: Fri, 27 Feb 2026 06:24:33 GMT
etag: "69a138a1-a96"
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

20
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/phoenix_sankofa_nexus_https_headers.txt Normal file
View File

@@ -0,0 +1,20 @@
HTTP/2 200
date: Wed, 04 Mar 2026 09:29:40 GMT
content-type: text/html
content-length: 60718
vary: Accept-Encoding
last-modified: Sun, 01 Mar 2026 19:27:01 GMT
etag: "69a49305-ed2e"
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546;
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra-2_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra-3_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-alltra_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-fireblocks_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-http-prv_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-http-pub_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx-2_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx-3_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc-hybx_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
error code: 502

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc2_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_d-bis_org_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

1
docs/04-configuration/verification-evidence/e2e-verification-20260304_012923/rpc_defi-oracle_io_rpc_response.txt Normal file
View File

@@ -0,0 +1 @@
{"jsonrpc":"2.0","id":1,"result":"0x8a"}

Some files were not shown because too many files have changed in this diff Show More