d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/docs/04-configuration/DBIS_INSTITUTIONAL_SUBDOMAINS.md
defiQUG 7ac74f432b chore: sync docs, config schemas, scripts, and meta task alignment 
- Institutional / JVMTM / reserve-provenance / GRU transport + standards JSON
- Validation and verify scripts (Blockscout labels, x402, GRU preflight, P1 local path)
- Wormhole wiring in AGENTS, MCP_SETUP, MASTER_INDEX, 04-configuration README
- Meta docs, integration gaps, live verification log, architecture updates
- CI validate-config workflow updates

Operator/LAN items, submodule working trees, and public token-aggregation edge
routes remain follow-up (see TODOS_CONSOLIDATED P1).

Made-with: Cursor
2026-03-31 22:31:39 -07:00

62 lines
3.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# DBIS institutional subdomains — inventory vs E2E
**Purpose:** Track planned `d-bis.org` portal hosts against [E2E_ENDPOINTS_LIST.md](./E2E_ENDPOINTS_LIST.md) and [verify-end-to-end-routing.sh](../../scripts/verify/verify-end-to-end-routing.sh).
## Canonical DBIS web surfaces (operator intent)
| URL | Role |
|-----|------|
| **https://d-bis.org** | **Public** web presence — sovereign / institutional portal (e.g. Gov Portals `DBIS` Next app behind NPM). |
| **https://admin.d-bis.org** | **Admin** console — DBIS operations staff. |
| **https://secure.d-bis.org** | **Member** secure portal — authenticated institution users. |
| **https://core.d-bis.org** | **DBIS Core** banking application — **client** portal for users of the core banking stack (`dbis_core` repo); NPM upstream when provisioned (often alongside API tier). |
**Legacy:** `https://dbis-admin.d-bis.org` may remain in DNS as an alias for the same upstream as `admin.d-bis.org` until names are consolidated.
## Already in E2E inventory
| Host | Type | Notes |
|------|------|--------|
| explorer.d-bis.org | web | Blockscout |
| docs.d-bis.org | web | Docs |
| gitea.d-bis.org | web | Source |
| dbis-api.d-bis.org | api | Core API |
| dbis-api-2.d-bis.org | api | Secondary |
| secure.d-bis.org | web | Member secure portal |
| admin.d-bis.org | web | Admin console (canonical) |
| dbis-admin.d-bis.org | web | Legacy admin hostname (optional alias) |
| core.d-bis.org | web | DBIS Core client portal (TBD upstream) |
| mifos.d-bis.org | web | Fineract |
| dapp.d-bis.org | web | DApp |
| dev.d-bis.org, codespaces.d-bis.org | web | Dev VM |
| RPC / Cacti / Alltra / HYBX | various | As listed in E2E |
## Added to verifier (optional-when-fail until DNS + upstream live)
| Host | Type | Intended upstream |
|------|------|-------------------|
| d-bis.org | web | Public portal (NPM → Next static/server) — same intent as canonical **d-bis.org** row above |
| www.d-bis.org | web | 301/308 → d-bis.org (if used) |
| members.d-bis.org | web | Member BFF + OIDC |
| developers.d-bis.org | web | Developer portal |
| data.d-bis.org | api | Data API service |
| research.d-bis.org | web | Research publications |
| policy.d-bis.org | web | Policy + manifests |
| ops.d-bis.org | web | Staff SSO |
| identity.d-bis.org | web | Trust + DID registry docs/API |
| status.d-bis.org | web | Status page |
| sandbox.d-bis.org | web | Sandbox console |
| interop.d-bis.org | web | Interop lab |
## NPMplus / Cloudflare operator steps (summary)
1. **DNS (Cloudflare):** `DNS_ZONE_ONLY=d-bis.org ./scripts/update-all-dns-to-public-ip.sh --zone-only=d-bis.org` (adds `@`, `www`, `admin`, `core`, plus existing RPC/DBIS rows — see `DBIS_RECORDS` in that script).
2. **NPMplus upstreams:** `./scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` (from LAN with `NPM_PASSWORD` in `.env`) — creates/updates `d-bis.org`, `www.d-bis.org`, `admin.d-bis.org`, `core.d-bis.org`, `dbis-admin.d-bis.org`, `secure.d-bis.org`. Defaults: apex → **7804** `:3001`; admin/legacy admin/secure → **10130** `:80`; core → **10150** `:3000` (override via `IP_DBIS_*` in `config/ip-addresses.conf` or `.env`).
3. **TLS:** `./scripts/request-npmplus-certificates.sh` (optional `CERT_DOMAINS_FILTER` to limit Lets Encrypt requests).
4. Run `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` (optional hosts tolerate failure until configured).
5. Remove hosts from `E2E_OPTIONAL_WHEN_FAIL` only when SLO requires strict checks.
See [DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md](../02-architecture/DBIS_WEB_AND_INSTITUTION_MASTER_BLUEPRINT.md) for architecture context.
**Related:** [OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md](../03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md) — HYBX OMNL, DBIS Core, Chain 138 vaults, and external RTGS integration map.
Reference in New Issue View Git Blame Copy Permalink