proxmox/docs/04-configuration/NGINX_SSL_COMPLETE_SOLUTION.md

# Nginx SSL Configuration - Complete Solution Guide

**Last Updated:** 2026-01-31  
**Document Version:** 1.0  
**Status:** Active Documentation

---

**Date**: 2026-01-09  
**Status**: Ready for Manual Configuration  
**NPM URL**: `http://192.168.11.26:81`  
**Credentials**: `nsatoshi2007@hotmail.com` / `L@ker$2010`

---

## ⚠️ Authentication Issue

Both API and browser automation are failing authentication. This suggests:
1. Credentials may need verification
2. NPM may require username instead of email
3. Account may be locked or require password reset

---

## ✅ Recommended Solution: Manual Configuration

Since automation is blocked by authentication, **manual configuration is the fastest path forward**.

### Step 1: Verify Access

1. Open browser: `http://192.168.11.26:81`
2. Try logging in with:
   - Email: `nsatoshi2007@hotmail.com`
   - Password: `L@ker$2010`
3. If login fails:
   - Try username: `nsatoshi2007`
   - Or use password reset script: `bash scripts/nginx-proxy-manager/reset-npm-password.sh`

### Step 2: Configure Domains

Follow the detailed guide: `NGINX_SSL_MANUAL_CONFIGURATION_GUIDE.md`

**Quick Reference - All 19 Domains:**

#### sankofa.nexus (5 domains)
- `sankofa.nexus` → `http://192.168.11.140:80`
- `www.sankofa.nexus` → `http://192.168.11.140:80`
- `phoenix.sankofa.nexus` → `http://192.168.11.140:80`
- `www.phoenix.sankofa.nexus` → `http://192.168.11.140:80`
- `the-order.sankofa.nexus` → `http://192.168.11.140:80`

#### d-bis.org (9 domains)
- `explorer.d-bis.org` → `http://192.168.11.140:80`
- `rpc-http-pub.d-bis.org` → `https://192.168.11.252:443` (WebSocket ✅)
- `rpc-ws-pub.d-bis.org` → `https://192.168.11.252:443` (WebSocket ✅)
- `rpc-http-prv.d-bis.org` → `https://192.168.11.251:443` (WebSocket ✅)
- `rpc-ws-prv.d-bis.org` → `https://192.168.11.251:443` (WebSocket ✅)
- `dbis-admin.d-bis.org` → `http://192.168.11.130:80`
- `dbis-api.d-bis.org` → `http://192.168.11.155:3000`
- `dbis-api-2.d-bis.org` → `http://192.168.11.156:3000`
- `secure.d-bis.org` → `http://192.168.11.130:80`

#### mim4u.org (4 domains)
- `mim4u.org` → `http://192.168.11.19:80`
- `www.mim4u.org` → `http://192.168.11.19:80`
- `secure.mim4u.org` → `http://192.168.11.19:80`
- `training.mim4u.org` → `http://192.168.11.19:80`

#### defi-oracle.io (1 domain)
- `rpc.public-0138.defi-oracle.io` → `https://192.168.11.252:443` (WebSocket ✅)

### Step 3: For Each Domain

1. **Proxy Hosts** → **Add Proxy Host**
2. **Details Tab**:
   - Domain Names: [domain]
   - Scheme: http or https
   - Forward Hostname/IP: [target IP]
   - Forward Port: [target port]
   - Block Common Exploits: ✅
   - Websockets Support: ✅ (for RPC domains)
3. **SSL Tab**:
   - Request a new SSL Certificate
   - Email: `nsatoshi2007@hotmail.com`
   - I Agree to Terms: ✅
   - Force SSL: ✅
   - HTTP/2 Support: ✅
   - HSTS Enabled: ✅
4. **Save**

### Step 4: Verify

```bash
bash scripts/nginx-proxy-manager/verify-ssl-config.sh
```

---

## 🔧 Alternative: Fix Automation

If you want to use automation:

1. **Verify credentials work manually first**
2. **Check NPM version** - may need different API/auth method
3. **Update scripts** with correct authentication method
4. **Re-run automation**

---

## 📋 All Scripts Available

- `configure-ssl-all-domains.js` - Browser automation (needs auth fix)
- `configure-ssl-api.js` - API-based (needs auth fix)
- `verify-ssl-config.sh` - Verification script
- `reset-npm-password.sh` - Password reset

---

**Last Updated**: 2026-01-09