d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/NGINX_SSL_MANUAL_CONFIGURATION_GUIDE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

139 lines
4.2 KiB
Markdown
Raw Permalink Blame History

# Nginx SSL Manual Configuration - Step-by-Step Guide
**Last Updated:** 2026-01-31
**Document Version:** 1.0
**Status:** Active Documentation
---
**Date**: 2026-01-09
**NPM URL**: `http://192.168.11.26:81`
**Credentials**: `nsatoshi2007@hotmail.com` / `L@ker$2010`
---
## Quick Start
1. Open: `http://192.168.11.26:81`
2. Log in with credentials above
3. Follow steps below for each domain
---
## Step-by-Step Configuration
### For Each Domain:
#### Step 1: Add Proxy Host
1. Click **"Proxy Hosts"** in left menu
2. Click **"Add Proxy Host"** button (top right)
#### Step 2: Details Tab
Fill in:
- **Domain Names**: Enter the domain (e.g., `explorer.d-bis.org`)
- For multiple domains, add each on a new line
- **Scheme**:
- Select `http` if target is `http://`
- Select `https` if target is `https://`
- **Forward Hostname/IP**: Enter the IP address (e.g., `192.168.11.140`)
- **Forward Port**: Enter the port (e.g., `80` or `443`)
- **Cache Assets**: ✅ Enable (optional)
- **Block Common Exploits**: ✅ Enable
- **Websockets Support**: ✅ Enable (for RPC domains with WebSocket)
#### Step 3: SSL Tab
1. Click **"SSL"** tab
2. Click **"Request a new SSL Certificate"**
3. Fill in:
- **Email Address for Let's Encrypt**: `nsatoshi2007@hotmail.com`
- **I Agree to the Let's Encrypt Terms of Service**: ✅ Check
- **Force SSL**: ✅ Enable (redirects HTTP to HTTPS)
- **HTTP/2 Support**: ✅ Enable
- **HSTS Enabled**: ✅ Enable
- **HSTS Subdomains**: ✅ Enable (if you have subdomains)
#### Step 4: Save
1. Click **"Save"** button
2. Wait 1-2 minutes for certificate to be issued
3. Check for green checkmark indicating success
---
## Domain Configuration Reference
### sankofa.nexus (5 domains)
| Domain | Details | Forward To | Port | WebSocket |
|--------|---------|------------|------|-----------|
| `sankofa.nexus` | Scheme: http | `192.168.11.140` | 80 | No |
| `www.sankofa.nexus` | Scheme: http | `192.168.11.140` | 80 | No |
| `phoenix.sankofa.nexus` | Scheme: http | `192.168.11.140` | 80 | No |
| `www.phoenix.sankofa.nexus` | Scheme: http | `192.168.11.140` | 80 | No |
| `the-order.sankofa.nexus` | Scheme: http | `192.168.11.140` | 80 | No |
### d-bis.org (9 domains)
| Domain | Details | Forward To | Port | WebSocket |
|--------|---------|------------|------|-----------|
| `explorer.d-bis.org` | Scheme: http | `192.168.11.140` | 80 | No |
| `rpc-http-pub.d-bis.org` | Scheme: https | `192.168.11.252` | 443 | ✅ Yes |
| `rpc-ws-pub.d-bis.org` | Scheme: https | `192.168.11.252` | 443 | ✅ Yes |
| `rpc-http-prv.d-bis.org` | Scheme: https | `192.168.11.251` | 443 | ✅ Yes |
| `rpc-ws-prv.d-bis.org` | Scheme: https | `192.168.11.251` | 443 | ✅ Yes |
| `dbis-admin.d-bis.org` | Scheme: http | `192.168.11.130` | 80 | No |
| `dbis-api.d-bis.org` | Scheme: http | `192.168.11.155` | 3000 | No |
| `dbis-api-2.d-bis.org` | Scheme: http | `192.168.11.156` | 3000 | No |
| `secure.d-bis.org` | Scheme: http | `192.168.11.130` | 80 | No |
### mim4u.org (4 domains)
| Domain | Details | Forward To | Port | WebSocket |
|--------|---------|------------|------|-----------|
| `mim4u.org` | Scheme: http | `192.168.11.19` | 80 | No |
| `www.mim4u.org` | Scheme: http | `192.168.11.19` | 80 | No |
| `secure.mim4u.org` | Scheme: http | `192.168.11.19` | 80 | No |
| `training.mim4u.org` | Scheme: http | `192.168.11.19` | 80 | No |
### defi-oracle.io (1 domain)
| Domain | Details | Forward To | Port | WebSocket |
|--------|---------|------------|------|-----------|
| `rpc.public-0138.defi-oracle.io` | Scheme: https | `192.168.11.252` | 443 | ✅ Yes |
---
## Tips
1. **Batch Configuration**: Configure similar domains together (same target IP/port)
2. **Certificate Wait**: Let's Encrypt certificates take 1-2 minutes to issue
3. **Error Handling**: If certificate request fails, check:
- DNS resolves to `76.53.10.36`
- Port 80 is accessible (required for HTTP-01 challenge)
- No rate limiting (wait 1 hour if too many requests)
---
## Verification
After configuring all domains:
```bash
bash scripts/nginx-proxy-manager/verify-ssl-config.sh
```
Or test manually:
```bash
curl -I https://explorer.d-bis.org
curl -I https://sankofa.nexus
```
---
**Last Updated**: 2026-01-09
Reference in New Issue View Git Blame Copy Permalink