d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/NGINX_SSL_CONFIGURATION_STATUS.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

258 lines
7.3 KiB
Markdown
Raw Permalink Blame History

# Nginx SSL Configuration - Status Report
**Last Updated:** 2026-01-31
**Document Version:** 1.0
**Status:** Active Documentation
---
**Date**: 2026-01-09
**Status**: Scripts and Documentation Complete - Manual Configuration Required
**NPM URL**: `http://192.168.11.26:81`
---
## Executive Summary
All automation scripts, verification tools, and documentation have been created. SSL certificate configuration requires manual intervention due to NPM credential verification needed.
---
## ✅ Completed Tasks
### 1. Scripts Created
**SSL Automation Script:**
- `scripts/nginx-proxy-manager/configure-ssl-all-domains.js`
- Browser automation using Playwright
- Configures all 19 domains with Let's Encrypt certificates
- Improved error handling and debugging (screenshots, detailed logs)
**Password Reset Script:**
- `scripts/nginx-proxy-manager/reset-npm-password.sh`
- Attempts to reset NPM admin password
- May require manual verification
**Manual Configuration Guide:**
- `scripts/nginx-proxy-manager/manual-ssl-config-guide.sh`
- Lists all 19 domains with target configurations
- Provides step-by-step instructions
**Verification Script:**
- `scripts/nginx-proxy-manager/verify-ssl-config.sh`
- Tests HTTPS connectivity for all domains
- Validates SSL certificates
### 2. Documentation Created
1. **NGINX_PROXY_MANAGER_COMPLETE_SETUP.md**
- Complete setup guide with all options
- Password reset instructions
- Automated and manual configuration steps
2. **NGINX_PROXY_MANAGER_SSL_CONFIGURATION.md**
- Detailed SSL configuration guide
- Domain reference table
- Troubleshooting section
3. **NGINX_PUBLIC_IP_CONFIGURATION.md**
- Public IP mapping documentation
- Port forwarding configuration
4. **NGINX_PUBLIC_IP_VERIFICATION_REPORT.md**
- Verification test results
- Connectivity status
---
## ⚠️ Current Status
### NPM Credentials
**Issue**: Password reset script requires bcryptjs module which needs to be installed in the NPM container.
**Attempted Passwords:**
- `L@kers2010` - Failed
- `password` - Failed
- Default `admin@example.com` / `changeme` - Not tested
**Solution Options:**
1. **Manual Password Reset via Web UI:**
- Access: `http://192.168.11.26:81`
- Use "Forgot Password" feature if available
- Or use default credentials if first-time setup
2. **Install bcryptjs in Container:**
```bash
ssh root@192.168.11.11 "pct exec 105 -- bash -c 'cd /app && npm install bcryptjs'"
```
Then run password reset script again.
3. **Direct Database Access:**
- Access container: `ssh root@192.168.11.11 "pct enter 105"`
- Install bcryptjs: `npm install bcryptjs`
- Generate hash: `node -e "const bcrypt = require('bcryptjs'); console.log(bcrypt.hashSync('L@kers2010', 10));"`
- Update database: `sqlite3 /data/database.sqlite "UPDATE user SET password = 'HASH' WHERE email = 'admin@example.com';"`
---
## 📋 Domain Configuration List
All 19 domains are ready for configuration:
### sankofa.nexus (5 domains)
- `sankofa.nexus` → `http://192.168.11.140:80`
- `www.sankofa.nexus` → `http://192.168.11.140:80`
- `phoenix.sankofa.nexus` → `http://192.168.11.140:80`
- `www.phoenix.sankofa.nexus` → `http://192.168.11.140:80`
- `the-order.sankofa.nexus` → `http://192.168.11.140:80`
### d-bis.org (9 domains)
- `explorer.d-bis.org` → `http://192.168.11.140:80`
- `rpc-http-pub.d-bis.org` → `https://192.168.11.252:443` (WebSocket)
- `rpc-ws-pub.d-bis.org` → `https://192.168.11.252:443` (WebSocket)
- `rpc-http-prv.d-bis.org` → `https://192.168.11.251:443` (WebSocket)
- `rpc-ws-prv.d-bis.org` → `https://192.168.11.251:443` (WebSocket)
- `dbis-admin.d-bis.org` → `http://192.168.11.130:80`
- `dbis-api.d-bis.org` → `http://192.168.11.155:3000`
- `dbis-api-2.d-bis.org` → `http://192.168.11.156:3000`
- `secure.d-bis.org` → `http://192.168.11.130:80`
### mim4u.org (4 domains)
- `mim4u.org` → `http://192.168.11.19:80`
- `www.mim4u.org` → `http://192.168.11.19:80`
- `secure.mim4u.org` → `http://192.168.11.19:80`
- `training.mim4u.org` → `http://192.168.11.19:80`
### defi-oracle.io (1 domain)
- `rpc.public-0138.defi-oracle.io` → `https://192.168.11.252:443` (WebSocket)
---
## 🚀 Next Steps
### Option 1: Automated Configuration (Recommended)
1. **Install bcryptjs in NPM container:**
```bash
ssh root@192.168.11.11 "pct exec 105 -- bash -c 'cd /app && npm install bcryptjs'"
```
2. **Reset password:**
```bash
bash scripts/nginx-proxy-manager/reset-npm-password.sh L@kers2010
```
3. **Run SSL automation:**
```bash
export NPM_EMAIL='admin@example.com'
export NPM_PASSWORD='L@kers2010'
node scripts/nginx-proxy-manager/configure-ssl-all-domains.js
```
4. **Verify:**
```bash
bash scripts/nginx-proxy-manager/verify-ssl-config.sh
```
### Option 2: Manual Configuration
1. **Access NPM Web UI:**
- Open: `http://192.168.11.26:81`
- Log in with your credentials
2. **Follow Manual Guide:**
```bash
bash scripts/nginx-proxy-manager/manual-ssl-config-guide.sh
```
3. **Or use detailed guide:**
- See: `docs/04-configuration/NGINX_PROXY_MANAGER_COMPLETE_SETUP.md`
---
## 📊 Infrastructure Status
### ✅ Completed
- Nginx IP verified: `192.168.11.26`
- Public IP configured: `76.53.10.36`
- Port forwarding: UDM Pro configured (HTTP 80, HTTPS 443)
- DNS records: All 19 domains point to `76.53.10.36`
- HTTP connectivity: Working ✅
- Nginx service: Running ✅
### ⏳ Pending
- SSL certificates: Need to be configured in NPM
- HTTPS connectivity: Will work after SSL certificates are configured
- Certificate verification: Pending SSL configuration
---
## 🔧 Troubleshooting
### Password Reset Issues
**Problem**: bcryptjs module not found
**Solution**:
```bash
ssh root@192.168.11.11 "pct exec 105 -- bash -c 'cd /app && npm install bcryptjs'"
```
### SSL Certificate Request Fails
**Common Causes:**
1. DNS not propagated (wait 5-10 minutes)
2. Port 80 not accessible (check UDM Pro port forwarding)
3. Rate limiting (wait 1 hour)
**Verification:**
```bash
# Check DNS
dig +short domain.com
# Check HTTP
curl -I http://domain.com
```
### Automation Script Fails
**Debug Steps:**
1. Check screenshots: `/tmp/npm-*.png`
2. Run with pause mode: `export PAUSE_MODE='true'`
3. Check logs: `/tmp/npm-ssl-config-*.log`
4. Use manual configuration as fallback
---
## 📝 Files Reference
### Scripts
- `scripts/nginx-proxy-manager/configure-ssl-all-domains.js` - Main automation
- `scripts/nginx-proxy-manager/reset-npm-password.sh` - Password reset
- `scripts/nginx-proxy-manager/manual-ssl-config-guide.sh` - Manual guide
- `scripts/nginx-proxy-manager/verify-ssl-config.sh` - Verification
### Documentation
- `docs/04-configuration/NGINX_PROXY_MANAGER_COMPLETE_SETUP.md` - Complete guide
- `docs/04-configuration/NGINX_PROXY_MANAGER_SSL_CONFIGURATION.md` - SSL config
- `docs/04-configuration/NGINX_PUBLIC_IP_CONFIGURATION.md` - IP setup
- `docs/04-configuration/NGINX_PUBLIC_IP_VERIFICATION_REPORT.md` - Verification
---
## Summary
**All automation tools and documentation are ready.** The only remaining step is to:
1. Verify/reset NPM credentials
2. Run SSL configuration (automated or manual)
3. Verify SSL certificates are working
Once NPM credentials are verified, the automation script can configure all 19 domains automatically, or you can use the comprehensive manual guide.
---
**Last Updated**: 2026-01-09
**Status**: Ready for SSL Configuration
Reference in New Issue View Git Blame Copy Permalink