# DApp LXC Deployment (VMID 5801) **Last Updated:** 2026-02-20 **Status:** Active **Note:** VMID **5800** is reserved for Mifos/Fineract (192.168.11.85, mifos.d-bis.org). The DApp uses **5801** at **192.168.11.58**. --- ## Overview One Proxmox LXC container (VMID **5801**, hostname **dapp-smom**) runs the Bridge DApp (frontend build from `smom-dbis-138/frontend-dapp`) and is reachable via the existing network and NPMplus. - **VMID:** 5801 (from range 5701–5999; 5800 is Mifos) - **Hostname:** dapp-smom - **IP:** 192.168.11.58 (static; override with `IP_DAPP_LXC`) - **Node:** Default r630-02 (same as 5800); override with `NODE` if needed. ## Prerequisites - Run the deploy script from a machine that can SSH to the Proxmox host, or run it on the Proxmox host (with `pct`). - Ubuntu 22.04 LTS template on the host: `local:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst`. - For build: set **REPO_URL** to the Git URL of the repo (e.g. your fork or the main smom-dbis-138 repo). ## Running the Script From the **proxmox** repo root (or from `smom-dbis-138`): ```bash # Optional: load IP/config source config/ip-addresses.conf 2>/dev/null || true # Create and provision (from Proxmox host) cd smom-dbis-138 REPO_URL=https://github.com/your-org/smom-dbis-138.git ./scripts/deployment/deploy-dapp-lxc.sh # Or from another machine via SSH PROXMOX_HOST=192.168.11.12 REPO_URL=https://github.com/your-org/smom-dbis-138.git \ ./scripts/deployment/deploy-dapp-lxc.sh ``` - **--dry-run:** Print what would be done; do not create or change anything. - **--skip-create:** Assume container 5801 already exists; only install Node/nginx, clone, build, and configure nginx. ### Env Overrides | Variable | Default | Description | |----------------|----------------------|--------------------------------------| | VMID | 5801 | Container ID (5800 = Mifos) | | HOSTNAME | dapp-smom | Container hostname | | IP_DAPP_LXC | 192.168.11.58 | Static IP (`IP_DAPP_LXC` in config) | | PROXMOX_HOST | (none) | If set, script SSHs here to run pct | | NODE | (none) | Proxmox node name for `pct --node` | | REPO_URL | (required for build) | Git URL to clone | | ENV_FILE | (none) | Path to .env (VITE_* for build) | | MEMORY_MB | 6144 | RAM | | CORES | 4 | CPU cores | | DISK_GB | 40 | Root disk size | | TEMPLATE | ubuntu-22.04-standard | LXC template | | IP_CONFIG_PATH | (auto) | Override path to ip-addresses.conf; script also tries SMOM_ROOT/../../config and SCRIPT_DIR/../../../config | ## What Runs Inside the LXC - **Node.js 20** (from NodeSource) for building. - **Clone** of the repo to `/srv/smom-dbis-138` (from REPO_URL). - **Build:** `npm ci && npm run build` in `frontend-dapp`, using env from `/srv/smom-dbis-138/.env` if present (e.g. VITE_* for contract addresses and RPC). - **Nginx** serving `/srv/smom-dbis-138/frontend-dapp/dist` on port 80. ## Production build: VITE_* and .env VITE_* variables are **baked in at build time**. For a production build with custom contract addresses or RPC URLs you must have a `.env` (or `.env.production`) in the container **before** running `npm run build`. - **Set ENV_FILE** when running the deploy script: the script copies that file into the container (when running on the Proxmox host, or via scp + pct push when using PROXMOX_HOST) before the build step. - **Or** after clone and before build: copy `.env` into the container manually, e.g. from the Proxmox host: ```bash pct push 5801 /path/to/your/.env /srv/smom-dbis-138/.env ``` then run the build (e.g. with `--skip-create` and REPO_URL set, or run the build step by hand inside the container). - **Or** in CI: build with env injected (e.g. `env VITE_RPC_URL_138=... npm run build`), then rsync the `dist/` folder into the container and reload nginx; no need for a full clone inside the container. Relevant VITE_* (see `smom-dbis-138/.env.example` and `frontend-dapp/src/config/bridge.ts`, `networks.ts`): - **RPC:** `VITE_RPC_URL_138`, `VITE_BSC_RPC_URL`, `VITE_AVALANCHE_RPC_URL`, `VITE_CRONOS_RPC_URL`, `VITE_GNOSIS_RPC_URL` - **Trustless:** `VITE_LOCKBOX_138`, `VITE_INBOX_ETH_MAINNET`, `VITE_LIQUIDITY_POOL_ETH_MAINNET`, `VITE_BRIDGE_SWAP_COORDINATOR_MAINNET`, `VITE_DUAL_ROUTER_BRIDGE_SWAP_COORDINATOR`, `VITE_CHALLENGE_MANAGER_MAINNET`, `VITE_CUSDT_ADDRESS_138`, `VITE_CUSDC_ADDRESS_138` - **WalletConnect / thirdweb:** `VITE_WALLETCONNECT_PROJECT_ID`, `VITE_THIRDWEB_CLIENT_ID` ## Updating the DApp 1. SSH or `pct exec` into the container: ```bash pct exec 5801 -- bash ``` 2. Pull and rebuild: ```bash cd /srv/smom-dbis-138 && git pull && cd frontend-dapp && npm ci && npm run build ``` 3. Reload nginx: ```bash systemctl reload nginx ``` Or from the host (one-liner): ```bash pct exec 5801 -- bash -c 'cd /srv/smom-dbis-138 && git pull && cd frontend-dapp && npm ci && npm run build && systemctl reload nginx' ``` ## NPMplus / Reverse Proxy Add a proxy host in NPMplus pointing to the LXC: - **Upstream:** `http://192.168.11.58:80` (or the IP you set with `IP_DAPP_LXC`). - **Domain:** e.g. `dapp.d-bis.org` or `app.d-bis.org` (your choice). Document the chosen hostname in your VMID/IP reference (e.g. [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)). ## VMID / IP Reference See [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md) for the 5801 entry (DApp LXC). ## Full E2E: Cloudflare Tunnel + DNS + NPMplus SSL To expose the DApp at **https://dapp.d-bis.org** with an existing Cloudflare Tunnel and full SSL: 1. **Tunnel (existing):** In Cloudflare Zero Trust → Networks → Tunnels → tunnel that uses `https://192.168.11.167:443` (same as RPC Option B). Add **Public Hostname:** `dapp.d-bis.org` → **URL** `https://192.168.11.167:443` (No TLS Verify). 2. **DNS:** In Cloudflare DNS (zone d-bis.org), add **CNAME** `dapp` → `.cfargotunnel.com` (Proxied). 3. **NPMplus (10233 @ 192.168.11.167):** Add Proxy Host: Domain `dapp.d-bis.org`, Forward `192.168.11.58:80`, Scheme HTTP. Request Let's Encrypt (or Cloudflare Origin cert); Force SSL. 4. **DApp LXC:** Deploy with VMID=5801, IP_DAPP_LXC=192.168.11.58 (see Running the Script above). Traffic flow: **Internet → Cloudflare → Tunnel → NPMplus 10233 → http://192.168.11.58:80** (LXC 5801). See [CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md](../05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md) and [OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md](../05-network/OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md). ## Optional: Token-Aggregation in Same Container To run token-aggregation in the same LXC, install and run it (e.g. via systemd) and optionally proxy it through nginx. Configuration is out of scope here; see token-aggregation docs.