docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
defiQUG
60
scripts/mifos/install-nginx-https-5800.sh
Executable file
60
scripts/mifos/install-nginx-https-5800.sh
Executable file
@@ -0,0 +1,60 @@
|
||||
#!/usr/bin/env bash
|
||||
# Install Nginx on LXC 5800 to serve HTTPS on 443 (self-signed cert) and proxy to Mifos on 80.
|
||||
# Use with Cloudflare Tunnel Service https://192.168.11.85:443 and Origin config "No TLS Verify".
|
||||
# Run from project root: ./scripts/mifos/install-nginx-https-5800.sh
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
||||
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
|
||||
|
||||
HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
|
||||
VMID="${MIFOS_VMID:-5800}"
|
||||
SSH_OPTS="-o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
|
||||
DOMAIN="mifos.d-bis.org"
|
||||
|
||||
# Commands to run inside 5800
|
||||
INNER_SCRIPT='
|
||||
set -e
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt-get update -qq
|
||||
apt-get install -y -qq nginx openssl
|
||||
|
||||
SSL_DIR="/etc/nginx/ssl"
|
||||
mkdir -p "$SSL_DIR"
|
||||
if [ ! -f "$SSL_DIR/mifos.crt" ]; then
|
||||
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
|
||||
-keyout "$SSL_DIR/mifos.key" -out "$SSL_DIR/mifos.crt" \
|
||||
-subj "/CN=mifos.d-bis.org" -addext "subjectAltName=DNS:mifos.d-bis.org,DNS:192.168.11.85,IP:192.168.11.85,IP:127.0.0.1"
|
||||
chmod 600 "$SSL_DIR/mifos.key"
|
||||
chmod 644 "$SSL_DIR/mifos.crt"
|
||||
echo "Created self-signed cert in $SSL_DIR"
|
||||
fi
|
||||
|
||||
# Nginx snippet for 443 -> 80 (single-quoted heredoc so nginx gets literal $host etc.)
|
||||
cat > /etc/nginx/sites-available/mifos-https << '\''NGINX_EOF'\''
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name mifos.d-bis.org 192.168.11.85 127.0.0.1;
|
||||
ssl_certificate /etc/nginx/ssl/mifos.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/mifos.key;
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:80;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
NGINX_EOF
|
||||
|
||||
ln -sf /etc/nginx/sites-available/mifos-https /etc/nginx/sites-enabled/
|
||||
rm -f /etc/nginx/sites-enabled/default
|
||||
nginx -t && systemctl enable nginx && systemctl reload nginx
|
||||
echo "Nginx HTTPS (443) -> http://127.0.0.1:80 enabled."
|
||||
'
|
||||
|
||||
echo "Installing Nginx + self-signed SSL in LXC $VMID on $HOST (HTTPS 443 -> Mifos:80)..."
|
||||
ssh $SSH_OPTS root@$HOST "pct exec $VMID -- bash -s" <<< "$INNER_SCRIPT"
|
||||
echo "Done. In Cloudflare: set Service to https://192.168.11.85:443 and add Origin configuration 'No TLS Verify'."
|
||||
echo "Verify: ssh root@$HOST 'pct exec $VMID -- curl -sk https://127.0.0.1:443 -o /dev/null -w \"%{http_code}\n\"'"
|
||||
Reference in New Issue
Block a user