d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/docs/04-configuration/NPMPLUS_COMPLETE_SETUP_SUMMARY.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

7.2 KiB
Raw Blame History

NPMplus Complete Setup Summary

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2026-01-18
Status: Complete and Operational
Container: 10233 on 192.168.11.11
NPMplus IP: 192.168.11.166:81 (eth0), 192.168.11.167 (eth1)

Setup Complete

All NPMplus components are configured and working:

Infrastructure

  • Container running (ID: 10233)
  • Docker and Docker Compose installed
  • NPMplus healthy and operational
  • API authentication working

Network Configuration (Dual-NIC)

  • eth0 (VLAN 11 tagged): 192.168.11.166 - Gateway/external access
  • eth1 (untagged): 192.168.11.167 - Backend RPC access
  • Port forwarding configured: 76.53.10.36:80/443 → 192.168.11.166:80/443
  • DNS records: All 19 domains point to 76.53.10.36
  • HTTP and HTTPS ports accessible
  • RPC endpoints fully operational (2026-01-18)

SSL Certificates

  • 19 active SSL certificates (Let's Encrypt)
  • All certificates valid until April 16, 2026
  • All production domains have certificates assigned
  • Certificate files present on disk

Proxy Hosts

  • 21 proxy hosts configured
  • 19 production domains with SSL certificates
  • 2 test domains (optional)

Security Headers

  • Content Security Policy configured
  • CSP allows unsafe-eval for legacy JavaScript
  • X-Content-Type-Options, X-Frame-Options configured
  • HSTS enabled

📋 Configuration Details

Domains with SSL Certificates

sankofa.nexus zone (5 domains):

  1. sankofa.nexus (Cert ID: 57)
  2. www.sankofa.nexus (Cert ID: 64)
  3. phoenix.sankofa.nexus (Cert ID: 51)
  4. www.phoenix.sankofa.nexus (Cert ID: 63)
  5. the-order.sankofa.nexus (Cert ID: 60)

d-bis.org zone (9 domains): 6. explorer.d-bis.org (Cert ID: 49) 7. rpc-http-pub.d-bis.org (Cert ID: 53) 8. rpc-ws-pub.d-bis.org (Cert ID: 55) 9. rpc-http-prv.d-bis.org (Cert ID: 52) 10. rpc-ws-prv.d-bis.org (Cert ID: 54) 11. dbis-admin.d-bis.org (Cert ID: 46) 12. dbis-api.d-bis.org (Cert ID: 48) 13. dbis-api-2.d-bis.org (Cert ID: 47) 14. secure.d-bis.org (Cert ID: 58)

mim4u.org zone (4 domains): 15. mim4u.org (Cert ID: 50) 16. www.mim4u.org (Cert ID: 62) 17. secure.mim4u.org (Cert ID: 59) 18. training.mim4u.org (Cert ID: 61)

defi-oracle.io zone (1 domain): 19. rpc.public-0138.defi-oracle.io (Cert ID: 56)

🔧 Scripts Created

Certificate Management

  1. scripts/check-npmplus-certificate-status.sh - Check certificate status
  2. scripts/analyze-npmplus-certificates.sh - Analyze certificates
  3. scripts/cleanup-npmplus-duplicate-certificates.sh - Remove duplicates
  4. scripts/cleanup-npmplus-certificates-complete.sh - Complete cleanup
  5. scripts/request-npmplus-certificates.sh - Request new certificates

Network & DNS

  1. scripts/check-dns-and-port-forwarding.sh - Verify DNS and port forwarding
  2. scripts/configure-all-cloudflare-dns.sh - Update Cloudflare DNS

Security

  1. scripts/fix-npmplus-csp-headers.sh - Configure CSP headers

Verification

  1. scripts/verify-npmplus-complete-setup.sh - Complete setup verification

📖 Documentation

Configuration Guides

Status Reports

🎯 Current Status

Component Status Details
Container Running ID: 10233, Healthy
Docker Compose Working v5.0.1
API Access Working Authenticated
Proxy Hosts Configured 21 hosts
SSL Certificates Active 19/19 assigned
Certificate Files Present 20 directories
Port Forwarding Working HTTP/HTTPS accessible
DNS Correct All domains resolve
CSP Headers Configured Allows unsafe-eval

⚠️ Known Issues & Notes

Quirks Mode Warning

  • Status: Backend fix required
  • Issue: HTML responses missing <!DOCTYPE html>
  • Solution: Backend services must include DOCTYPE
  • Impact: Browser compatibility warnings (doesn't affect functionality)

yq Installation

  • Status: Optional (not required)
  • Note: Manual configuration works without yq
  • Impact: None (Docker Compose is available)

502 Bad Gateway - RESOLVED (2026-01-18)

  • Status: Fixed with dual-NIC configuration
  • Root Cause: VLAN 11 tagged traffic couldn't reach untagged backend hosts
  • Solution: Added second NIC (eth1) without VLAN tag for backend access
  • Impact: All RPC endpoints now working externally

🔍 Verification Commands

Check Container Status

ssh root@192.168.11.11 "pct exec 10233 -- docker ps --filter 'name=npmplus'"

Verify Certificates

bash scripts/check-npmplus-certificate-status.sh 192.168.11.11 10233

Test SSL

curl -I -k https://sankofa.nexus
curl -I -k https://phoenix.sankofa.nexus

Check CSP Headers

curl -I -k https://sankofa.nexus | grep -i "content-security"

Complete Verification

bash scripts/verify-npmplus-complete-setup.sh \
  192.168.11.11 \
  10233 \
  https://192.168.0.166:81 \
  nsatoshi2007@hotmail.com \
  ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72

🚀 Next Steps

Immediate (Optional)

  1. All critical components are working
  2. ⚠️ Backend services need to be running (502 errors)
  3. ⚠️ Backend HTML responses need DOCTYPE (Quirks Mode)

Future Maintenance

  1. Certificate Renewal: Automatic (Let's Encrypt + NPMplus)
  2. Monitoring: Set up certificate expiration alerts
  3. Backup: Backup NPMplus database regularly

📞 Access Information

NPMplus Web Interface:

  • URL: https://192.168.0.166:81
  • Email: nsatoshi2007@hotmail.com
  • Password: ce8219e321e1cd97bd590fb792d3caeb7e2e3b94ca7e20124acaf253f911ff72

SSH Access:

ssh root@192.168.11.11 "pct enter 10233"

Docker Commands:

ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus <command>"

Completion Checklist

  • NPMplus installed and running
  • Docker and Docker Compose configured
  • All proxy hosts created (21 hosts)
  • SSL certificates requested and active (19 domains)
  • Certificates assigned to proxy hosts
  • Port forwarding configured (80/443)
  • DNS records configured (all domains)
  • CSP headers configured (allows unsafe-eval)
  • Security headers set (X-Content-Type-Options, X-Frame-Options)
  • HSTS enabled
  • Duplicate certificates cleaned up
  • Documentation created

Status: NPMplus is fully configured and operational!

All SSL certificates are active, network is properly configured, and security headers are in place. The only remaining items are backend-specific (DOCTYPE and service availability), which don't affect NPMplus functionality.

Reference in New Issue View Git Blame Copy Permalink