d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/archive/status/BLOCKSCOUT_SSL_COMPLETE_STATUS.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

187 lines
5.0 KiB
Markdown
Raw Permalink Blame History

# Blockscout SSL Setup - Complete Status
**Date**: December 23, 2025
**Container**: VMID 5000 on pve2
**Status**: ✅ **SSL Infrastructure Complete** | ⏳ **Blockscout Initializing**
---
## ✅ Completed Tasks
### 1. SSL Certificate Setup
-**Let's Encrypt Certificate**: Installed successfully
- Domain: `explorer.d-bis.org`
- Valid until: March 23, 2026
- Location: `/etc/letsencrypt/live/explorer.d-bis.org/`
- Auto-renewal: Enabled via certbot.timer
### 2. Nginx SSL Configuration
-**HTTPS Port 443**: Fully configured
- SSL/TLS protocols: TLSv1.2, TLSv1.3
- Modern ciphers enabled
- Security headers: HSTS, X-Frame-Options, etc.
-**HTTP Port 80**: Redirects to HTTPS (301 redirect working)
-**Reverse Proxy**: Configured to proxy to Blockscout on port 4000
### 3. Cloudflare Tunnel
-**Tunnel Route Updated**:
- `explorer.d-bis.org``https://192.168.11.140:443`
- SSL verification disabled for internal connection
- Route configured via Cloudflare API
### 4. Blockscout Configuration
-**HTTPS Protocol**: Updated in docker-compose.yml
-**Hostname**: Set to `explorer.d-bis.org`
-**Container**: Running (VMID 5000 on pve2)
---
## ⏳ Current Status
### Blockscout Database Migrations
**Status**: Database is empty, migrations need to run automatically on startup
**Expected Behavior**: Blockscout Docker image should automatically run database migrations when the container starts with `/app/bin/blockscout start` command.
**Current Issue**: The application starts, attempts to access the database, finds no tables, and needs to run migrations. However, it appears to be crashing before migrations complete.
**Next Steps**:
1. Wait for Blockscout to complete auto-migration (may take 3-5 minutes on first startup)
2. Monitor logs: `docker logs -f blockscout` from the container
3. The application should automatically create all required tables and then start serving requests
---
## 🔧 Architecture
```
Internet
Cloudflare Edge (SSL Termination)
Cloudflare Tunnel (encrypted connection)
cloudflared (VMID 102)
HTTPS → https://192.168.11.140:443
Nginx (VMID 5000, pve2) - SSL/TLS on port 443
HTTP → http://127.0.0.1:4000
Blockscout Container (port 4000)
PostgreSQL Database
```
---
## 📋 Verification Commands
### Check SSL Certificate
```bash
sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
"openssl x509 -in /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem -noout -dates"
```
### Check Nginx Status
```bash
sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
"systemctl status nginx && curl -k -I https://localhost/health"
```
### Check Blockscout Container
```bash
sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
"docker ps | grep blockscout && docker logs --tail 50 blockscout"
```
### Test External Access
```bash
curl -I https://explorer.d-bis.org
curl https://explorer.d-bis.org/health
```
---
## 🎯 Expected Behavior Once Blockscout Initializes
Once the database migrations complete (automatically):
1. **Blockscout will start serving requests**
2. **HTTP 502 will change to HTTP 200**
3. **External access will work**: `https://explorer.d-bis.org`
4. **API will respond**: `https://explorer.d-bis.org/api/v2/status`
**Typical startup time**: 2-5 minutes after container starts, depending on:
- Database migration speed
- Index creation
- Initial blockchain sync
---
## 📝 Configuration Files
### Nginx SSL Config
- Location: `/etc/nginx/sites-available/blockscout`
- HTTP (80): Redirects to HTTPS
- HTTPS (443): Full SSL with modern ciphers
### Blockscout Docker Compose
- Location: `/opt/blockscout/docker-compose.yml`
- Protocol: HTTPS
- Host: explorer.d-bis.org
- Port: 4000 (mapped to host)
### SSL Certificates
- Certificate: `/etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem`
- Private Key: `/etc/letsencrypt/live/explorer.d-bis.org/privkey.pem`
- Auto-renewal: `/etc/systemd/system/certbot.timer`
---
## 🔄 Maintenance
### Certificate Renewal
Certificates auto-renew. Manual renewal:
```bash
sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
"certbot renew --nginx && systemctl reload nginx"
```
### Restart Services
```bash
sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
"cd /opt/blockscout && docker-compose restart blockscout"
```
### Monitor Blockscout Logs
```bash
sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
"docker logs -f blockscout"
```
---
## ✅ Summary
**SSL Setup**: 100% Complete ✅
- Let's Encrypt certificates installed
- Nginx configured with HTTPS
- Cloudflare tunnel updated to HTTPS
- Auto-renewal configured
**Blockscout Application**: Initializing ⏳
- Container running
- Waiting for database migrations to complete
- Should be fully operational within 5 minutes
**Access Points**:
- ✅ Internal HTTPS: `https://192.168.11.140` (redirect working)
- ⏳ External HTTPS: `https://explorer.d-bis.org` (waiting for Blockscout)
---
**All SSL infrastructure is complete! Once Blockscout finishes initializing, HTTPS will work fully.** 🎉
Reference in New Issue View Git Blame Copy Permalink