# SSL Configuration Fix - Summary **Last Updated:** 2026-01-31 **Document Version:** 1.0 **Status:** Active Documentation --- **Date**: 2026-01-15 **Status**: ✅ **IP Addresses Fixed** | ⏳ **SSL Configuration Pending Network Access** --- ## ✅ Completed Fixes ### 1. IP Address Corrections All invalid IP addresses have been corrected in all scripts and documentation: | Service | Fixed IP | Previous (Invalid) | Files Updated | |---------|----------|-------------------|---------------| | Blockscout | 192.168.11.140 | 192.168.11.280 | ✅ All scripts | | DBIS API Primary | 192.168.11.155 | 192.168.11.290 | ✅ All scripts | | DBIS API Secondary | 192.168.11.156 | 192.168.11.291 | ✅ All scripts | | MIM4U | 192.168.11.36 | 192.168.11.19 | ✅ All scripts | **Files Updated:** - ✅ `scripts/nginx-proxy-manager/configure-ssl-api.js` - ✅ `scripts/nginx-proxy-manager/configure-ssl-all-domains.js` - ✅ `scripts/nginx-proxy-manager/configure-domains-pct-exec.sh` - ✅ `scripts/nginx-proxy-manager/manual-ssl-config-guide.sh` ### 2. Password Reset Script Updated - ✅ Updated to use correct email: `nsatoshi2007@hotmail.com` - ✅ Updated to use Node.js with `better-sqlite3` for database operations - ✅ Supports creating user if it doesn't exist ### 3. Complete SSL Fix Script Created - ✅ Created `scripts/nginx-proxy-manager/fix-ssl-complete.sh` - ✅ Automates password reset and SSL configuration --- ## ⏳ Pending: SSL Certificate Configuration ### Current Issue NPM is not accessible from the current network: - ❌ SSH to Proxmox host (192.168.11.11) fails: "No route to host" - ❌ Direct HTTP access to NPM (192.168.11.26:81) fails: "fetch failed" ### Solution Options #### Option 1: Run from Proxmox Host (Recommended) If you have access to the Proxmox host directly: ```bash # SSH to Proxmox host ssh root@192.168.11.11 # Run SSL configuration inside NPM container pct exec 105 -- bash -c ' cd /app export NPM_URL="http://127.0.0.1:81" export NPM_EMAIL="nsatoshi2007@hotmail.com" export NPM_PASSWORD="L@ker\$2010" node /path/to/configure-ssl-api.js ' ``` #### Option 2: Manual Configuration via Web UI 1. **Access NPM Web UI**: `http://192.168.11.26:81` 2. **Login**: - Email: `nsatoshi2007@hotmail.com` - Password: `L@ker$2010` 3. **If login fails**, reset password: ```bash bash scripts/nginx-proxy-manager/reset-npm-password.sh "L@ker\$2010" "nsatoshi2007@hotmail.com" ``` 4. **Configure each domain** (see domain list below) #### Option 3: Run Script When Network Access Available Once you have network access to NPM: ```bash cd /home/intlc/projects/proxmox export NPM_URL="http://192.168.11.26:81" export NPM_EMAIL="nsatoshi2007@hotmail.com" export NPM_PASSWORD="L@ker\$2010" node scripts/nginx-proxy-manager/configure-ssl-api.js ``` --- ## 📋 All 19 Domains to Configure ### sankofa.nexus (5 domains) - `sankofa.nexus` → `http://192.168.11.140:80` - `www.sankofa.nexus` → `http://192.168.11.140:80` - `phoenix.sankofa.nexus` → `http://192.168.11.140:80` - `www.phoenix.sankofa.nexus` → `http://192.168.11.140:80` - `the-order.sankofa.nexus` → `http://192.168.11.140:80` ### d-bis.org (9 domains) - `explorer.d-bis.org` → `http://192.168.11.140:80` - `rpc-http-pub.d-bis.org` → `https://192.168.11.252:443` (WebSocket ✅) - `rpc-ws-pub.d-bis.org` → `https://192.168.11.252:443` (WebSocket ✅) - `rpc-http-prv.d-bis.org` → `https://192.168.11.251:443` (WebSocket ✅) - `rpc-ws-prv.d-bis.org` → `https://192.168.11.251:443` (WebSocket ✅) - `dbis-admin.d-bis.org` → `http://192.168.11.130:80` - `dbis-api.d-bis.org` → `http://192.168.11.155:3000` - `dbis-api-2.d-bis.org` → `http://192.168.11.156:3000` - `secure.d-bis.org` → `http://192.168.11.130:80` ### mim4u.org (4 domains) - `mim4u.org` → `http://192.168.11.36:80` ✅ **FIXED** - `www.mim4u.org` → `http://192.168.11.36:80` ✅ **FIXED** - `secure.mim4u.org` → `http://192.168.11.36:80` ✅ **FIXED** - `training.mim4u.org` → `http://192.168.11.36:80` ✅ **FIXED** ### defi-oracle.io (1 domain) - `rpc.public-0138.defi-oracle.io` → `https://192.168.11.252:443` (WebSocket ✅) --- ## 🔧 Configuration Settings for Each Domain For each proxy host, configure: - ✅ **Forward Scheme**: `http` or `https` (based on target) - ✅ **Forward Hostname**: Target IP address - ✅ **Forward Port**: `80`, `3000`, or `443` (based on target) - ✅ **WebSocket Support**: Enable for RPC domains - ✅ **SSL Certificate**: Request Let's Encrypt certificate - ✅ **Force SSL**: Enable - ✅ **HTTP/2 Support**: Enable - ✅ **HSTS**: Enable - ✅ **HSTS Subdomains**: Enable --- ## ✅ Verification Steps After SSL configuration: 1. **Test HTTPS connectivity**: ```bash curl -I https://sankofa.nexus curl -I https://explorer.d-bis.org curl -I https://mim4u.org ``` 2. **Check SSL certificate status**: ```bash bash scripts/check-east-west-ssl-status.sh ``` 3. **Verify all domains**: ```bash for domain in sankofa.nexus explorer.d-bis.org mim4u.org; do echo "Testing $domain..." curl -I https://$domain 2>&1 | head -3 done ``` --- ## 📝 Scripts Available 1. **`scripts/nginx-proxy-manager/fix-ssl-complete.sh`** - Complete automation: password reset + SSL configuration - Requires network access to Proxmox host 2. **`scripts/nginx-proxy-manager/configure-ssl-api.js`** - API-based SSL configuration - Requires network access to NPM (192.168.11.26:81) 3. **`scripts/nginx-proxy-manager/reset-npm-password.sh`** - Password reset script - Requires SSH access to Proxmox host 4. **`scripts/nginx-proxy-manager/configure-domains-pct-exec.sh`** - Container-based configuration - Requires SSH access to Proxmox host --- ## 🎯 Next Steps 1. ✅ **All IP addresses fixed** - Ready for configuration 2. ⏳ **Obtain network access** to Proxmox host or NPM 3. ⏳ **Run SSL configuration** using one of the options above 4. ⏳ **Verify SSL certificates** are issued and working 5. ⏳ **Test HTTPS connectivity** for all domains --- **Last Updated**: 2026-01-15 **Status**: ✅ IPs Fixed | ⏳ SSL Configuration Pending Network Access