# Complete Deployment Scripts - Ready **Date**: 2026-01-09 **Status**: ✅ All Scripts Created and Ready --- ## Summary All automation scripts for the complete direct public IP routing deployment have been created and are ready to use. This replaces Cloudflare tunnels with stable NAT-based routing. --- ## Scripts Created (7 Total) ### 1. DNS Update Scripts #### `update-all-dns-to-public-ip.sh` - **Purpose**: Updates all Cloudflare DNS records to point to 76.53.10.35 - **Features**: Multi-zone support, smart record management, DNS only mode - **Status**: ✅ Ready #### `get-cloudflare-zone-ids.sh` - **Purpose**: Retrieves Cloudflare Zone IDs for all domains - **Features**: Interactive credential input, formatted output - **Status**: ✅ Ready #### `verify-dns-resolution.sh` - **Purpose**: Verifies all domains resolve to expected IP - **Features**: Tests multiple DNS servers, detailed reporting - **Status**: ✅ Ready --- ### 2. Network Configuration Scripts #### `configure-er605-nat-rules.sh` - **Purpose**: Generates ER605 NAT rule configuration - **Features**: Detailed rule specifications, firewall guidance - **Status**: ✅ Ready - **Note**: Manual application required in Omada Controller --- ### 3. Nginx Configuration Scripts #### `deploy-complete-nginx-config.sh` - **Purpose**: Deploys complete Nginx configuration to VMID 105 - **Features**: Complete config for all 19 domains, path-based routing - **Status**: ✅ Ready - **Note**: Update placeholder IPs for Phoenix and The Order --- ### 4. SSL Certificate Scripts #### `obtain-all-ssl-certificates.sh` - **Purpose**: Obtains Let's Encrypt certificates for all domains - **Features**: Automatic certbot installation, batch processing - **Status**: ✅ Ready - **Requirements**: DNS + NAT must be configured first --- ### 5. Orchestration Script #### `deploy-complete-solution.sh` - **Purpose**: Orchestrates all deployment steps - **Features**: Step-by-step execution, error handling, progress tracking - **Status**: ✅ Ready --- ## Quick Start ### Option 1: Automated (Recommended) ```bash cd /home/intlc/projects/proxmox ./scripts/deploy-complete-solution.sh ``` ### Option 2: Manual Step-by-Step ```bash # Step 1: Get Zone IDs ./scripts/get-cloudflare-zone-ids.sh # Step 2: Add Zone IDs to .env file # Edit .env and add: # CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS=... # CLOUDFLARE_ZONE_ID_D_BIS_ORG=... # CLOUDFLARE_ZONE_ID_MIM4U_ORG=... # CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO=... # Step 3: Update DNS ./scripts/update-all-dns-to-public-ip.sh # Step 4: Verify DNS ./scripts/verify-dns-resolution.sh # Step 5: Configure ER605 NAT (manual) ./scripts/configure-er605-nat-rules.sh # Then configure in Omada Controller # Step 6: Deploy Nginx ./scripts/deploy-complete-nginx-config.sh # Step 7: Get SSL Certificates export SSL_EMAIL=your-email@example.com ./scripts/obtain-all-ssl-certificates.sh ``` --- ## Configuration Files ### `.env` File Requirements ```bash # Public IP PUBLIC_IP=76.53.10.35 # Cloudflare Authentication (choose one) CLOUDFLARE_API_TOKEN=your-token-here # OR CLOUDFLARE_EMAIL=your-email@example.com CLOUDFLARE_API_KEY=your-api-key-here # Zone IDs (get from get-cloudflare-zone-ids.sh) CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS=your-zone-id CLOUDFLARE_ZONE_ID_D_BIS_ORG=your-zone-id CLOUDFLARE_ZONE_ID_MIM4U_ORG=your-zone-id CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO=your-zone-id ``` --- ## Domains Configured (19 Total) ### sankofa.nexus (5) - sankofa.nexus - www.sankofa.nexus - phoenix.sankofa.nexus - www.phoenix.sankofa.nexus - the-order.sankofa.nexus ### d-bis.org (9) - rpc-http-pub.d-bis.org - rpc-ws-pub.d-bis.org - rpc-http-prv.d-bis.org - rpc-ws-prv.d-bis.org - explorer.d-bis.org - dbis-admin.d-bis.org - dbis-api.d-bis.org - dbis-api-2.d-bis.org - secure.d-bis.org ### mim4u.org (4) - mim4u.org - www.mim4u.org - secure.mim4u.org - training.mim4u.org ### defi-oracle.io (1) - rpc.public-0138.defi-oracle.io --- ## Architecture ``` Internet ↓ Cloudflare DNS (DNS Only - Gray Cloud) ↓ 76.53.10.35 (Single Public IP) ↓ ER605 NAT (443 → 192.168.11.26:443) ↓ Nginx VMID 105 (Hostname-based routing) ↓ Backend Services ``` --- ## Deployment Checklist - [ ] Get Cloudflare Zone IDs (`get-cloudflare-zone-ids.sh`) - [ ] Add Zone IDs to `.env` file - [ ] Update Cloudflare DNS (`update-all-dns-to-public-ip.sh`) - [ ] Verify DNS resolution (`verify-dns-resolution.sh`) - [ ] Configure ER605 NAT rules (manual, use `configure-er605-nat-rules.sh` output) - [ ] Deploy Nginx configuration (`deploy-complete-nginx-config.sh`) - [ ] Update Phoenix and The Order IPs in Nginx config - [ ] Obtain SSL certificates (`obtain-all-ssl-certificates.sh`) - [ ] Test all endpoints - [ ] Monitor logs for issues --- ## Documentation 1. **Complete Deployment Guide**: `docs/04-configuration/COMPLETE_DEPLOYMENT_GUIDE.md` - Step-by-step instructions - Troubleshooting guide - Architecture details 2. **DNS Update Script Guide**: `docs/04-configuration/DNS_UPDATE_SCRIPT_GUIDE.md` - DNS script usage - Configuration details - Verification steps 3. **Quick Reference**: `scripts/update-all-dns-to-public-ip.README.md` - Quick start guide - Domain list --- ## Next Steps 1. **Run Zone ID Lookup**: ```bash ./scripts/get-cloudflare-zone-ids.sh ``` 2. **Add Zone IDs to .env**: - Edit `.env` file - Add all Zone IDs 3. **Run Complete Deployment**: ```bash ./scripts/deploy-complete-solution.sh ``` 4. **Or Run Steps Manually**: - Follow the step-by-step guide in `COMPLETE_DEPLOYMENT_GUIDE.md` --- ## Script Locations All scripts are in: `/home/intlc/projects/proxmox/scripts/` - `update-all-dns-to-public-ip.sh` - `get-cloudflare-zone-ids.sh` - `verify-dns-resolution.sh` - `configure-er605-nat-rules.sh` - `deploy-complete-nginx-config.sh` - `obtain-all-ssl-certificates.sh` - `deploy-complete-solution.sh` --- ## Support For issues or questions: 1. Check `COMPLETE_DEPLOYMENT_GUIDE.md` troubleshooting section 2. Review script output for error messages 3. Check logs: Nginx (`/var/log/nginx/error.log`), DNS (Cloudflare dashboard) --- **Status**: ✅ **All Scripts Ready - Ready to Deploy**