d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/docs/archive/completion/ALI_INFRASTRUCTURE_COMPLETE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

961 lines
30 KiB
Markdown
Raw Blame History

# Ali's Infrastructure - Complete Reference (ChainID 138)
**Last Updated:** December 26, 2024
**Status:** ✅ Active
**Network:** ChainID 138 (DeFi Oracle Meta Mainnet)
**RPC Endpoint:** `http://192.168.11.250:8545` or `https://rpc-core.d-bis.org`
---
## Table of Contents
1. [Executive Summary](#executive-summary)
2. [Wallet Address](#wallet-address)
3. [Contract Addresses](#contract-addresses)
4. [Container Inventory](#container-inventory)
5. [Infrastructure Architecture](#infrastructure-architecture)
6. [Network Configuration](#network-configuration)
7. [Access Control and Authentication](#access-control-and-authentication)
8. [Container Specifications](#container-specifications)
9. [Contract Integration](#contract-integration)
10. [Configuration Files](#configuration-files)
11. [Deployment Status](#deployment-status)
12. [Quick Reference](#quick-reference)
---
## Executive Summary
Ali maintains full root access to **4 containers** on ChainID 138 infrastructure:
| VMID | Hostname | Role | IP Address | Node | Status |
|------|----------|------|------------|------|--------|
| 1504 | `besu-sentry-ali` | Besu Sentry Node | 192.168.11.154 | pve | ✅ Active |
| 2503 | `besu-rpc-ali-0x8a` | Besu RPC Node (0x8a identity) | 192.168.11.253 | pve | ✅ Active |
| 2504 | `besu-rpc-ali-0x1` | Besu RPC Node (0x1 identity) | 192.168.11.254 | pve | ✅ Active |
| 6201 | `firefly-ali-1` | Hyperledger Firefly Node | 192.168.11.67 | pve | ✅ Active |
**Access Level:** Full root access to all containers and Proxmox host
**Key Features:**
- ✅ JWT authentication enabled on all RPC containers
- ✅ Discovery disabled on RPC nodes (MetaMask compatibility)
- ✅ Full infrastructure control
- ✅ Integration with all deployed contracts
---
## Wallet Address
### Primary Address
**Address:** `0xa55A4B57A91561e9df5a883D4883Bd4b1a7C4882`
**Label:** ALI's LEDGER (Genesis Faucet 1)
### Genesis Allocation
| Property | Value |
|----------|-------|
| **Allocation** | 1,000,000,000 ETH |
| **Allocation (Hex)** | `0x33b2e3c9fd0803ce8000000` |
| **Network** | ChainID 138 |
| **Type** | Genesis faucet/pre-funded address |
| **Status** | ✅ Active |
### Configuration References
This address is configured as:
- **GENESIS_FAUCET_1_ADDRESS** in environment configuration files
- **GENESIS_DEPLOYER_2** in deployment scripts
- Referenced in `explorer-monorepo/docs/organized.env`
### Usage
- Primary wallet for ChainID 138 operations
- Genesis pre-funded account
- Used for deployment and operations
- Configured as one of the genesis faucet addresses
---
## Contract Addresses
All contracts deployed on ChainID 138, organized by category.
### Pre-Deployed Contracts (Genesis)
These contracts were pre-deployed when ChainID 138 was initialized:
| Contract | Address | Status | Purpose |
|----------|---------|--------|---------|
| **WETH9** | `0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2` | ✅ Pre-deployed | Wrapped Ether v9 |
| **WETH10** | `0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f` | ✅ Pre-deployed | Wrapped Ether v10 |
| **Multicall** | `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506` | ✅ Pre-deployed | Batch contract calls |
**Explorer Links:**
- [WETH9](https://explorer.d-bis.org/address/0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2)
- [WETH10](https://explorer.d-bis.org/address/0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f)
- [Multicall](https://explorer.d-bis.org/address/0x99b3511a2d315a497c8112c1fdd8d508d4b1e506)
---
### Oracle Contracts
Price feed and oracle infrastructure:
| Contract | Address | Status | Purpose |
|----------|---------|--------|---------|
| **Oracle Proxy** | `0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6` | ✅ Deployed | ⭐ **MetaMask Price Feed** |
| **Oracle Aggregator** | `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506` | ✅ Deployed | Price feed aggregator |
| **Price Feed Keeper** | `0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04` | ✅ Deployed | Automated price updates |
**Explorer Links:**
- [Oracle Proxy](https://explorer.d-bis.org/address/0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6)
- [Oracle Aggregator](https://explorer.d-bis.org/address/0x99b3511a2d315a497c8112c1fdd8d508d4b1e506)
- [Price Feed Keeper](https://explorer.d-bis.org/address/0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04)
**Note:** The Oracle Proxy address (`0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6`) is the primary address used by MetaMask for price feeds.
---
### CCIP Contracts
Cross-Chain Interoperability Protocol contracts:
| Contract | Address | Status | Purpose |
|----------|---------|--------|---------|
| **CCIP Router** | `0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e` | ✅ Deployed | Cross-chain message router |
| **CCIP Sender** | `0x105F8A15b819948a89153505762444Ee9f324684` | ✅ Deployed | Cross-chain message sender |
**Explorer Links:**
- [CCIP Router](https://explorer.d-bis.org/address/0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e)
- [CCIP Sender](https://explorer.d-bis.org/address/0x105F8A15b819948a89153505762444Ee9f324684)
---
### Bridge Contracts
Cross-chain bridge contracts for WETH tokens:
| Contract | Address | Status | Purpose |
|----------|---------|--------|---------|
| **CCIPWETH9Bridge** | `0x89dd12025bfCD38A168455A44B400e913ED33BE2` | ✅ Deployed | Bridge for WETH9 |
| **CCIPWETH10Bridge** | `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` | ✅ Deployed | Bridge for WETH10 |
**Explorer Links:**
- [CCIPWETH9Bridge](https://explorer.d-bis.org/address/0x89dd12025bfCD38A168455A44B400e913ED33BE2)
- [CCIPWETH10Bridge](https://explorer.d-bis.org/address/0xe0E93247376aa097dB308B92e6Ba36bA015535D0)
---
### eMoney System Contracts
Core eMoney infrastructure contracts:
| Contract | Address | Code Size | Status | Purpose |
|----------|---------|-----------|--------|---------|
| **TokenFactory138** | `0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133` | 3,847 bytes | ✅ Deployed | Token creation factory |
| **BridgeVault138** | `0x31884f84555210FFB36a19D2471b8eBc7372d0A8` | 3,248 bytes | ✅ Deployed | Bridge vault management |
| **ComplianceRegistry** | `0xbc54fe2b6fda157c59d59826bcfdbcc654ec9ea1` | 3,580 bytes | ✅ Deployed | Compliance tracking |
| **DebtRegistry** | `0x95BC4A997c0670d5DAC64d55cDf3769B53B63C28` | 2,672 bytes | ✅ Deployed | Debt tracking |
| **PolicyManager** | `0x0C4FD27018130A00762a802f91a72D6a64a60F14` | 3,804 bytes | ✅ Deployed | Policy management |
| **eMoneyToken Implementation** | `0x0059e237973179146237aB49f1322E8197c22b21` | 10,088 bytes | ✅ Deployed | eMoney token implementation |
**Explorer Links:**
- [TokenFactory138](https://explorer.d-bis.org/address/0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133)
- [BridgeVault138](https://explorer.d-bis.org/address/0x31884f84555210FFB36a19D2471b8eBc7372d0A8)
- [ComplianceRegistry](https://explorer.d-bis.org/address/0xbc54fe2b6fda157c59d59826bcfdbcc654ec9ea1)
- [DebtRegistry](https://explorer.d-bis.org/address/0x95BC4A997c0670d5DAC64d55cDf3769B53B63C28)
- [PolicyManager](https://explorer.d-bis.org/address/0x0C4FD27018130A00762a802f91a72D6a64a60F14)
- [eMoneyToken Implementation](https://explorer.d-bis.org/address/0x0059e237973179146237aB49f1322E8197c22b21)
---
### Compliance & Token Contracts
Compliance and token management contracts:
| Contract | Address | Code Size | Status | Purpose |
|----------|---------|-----------|--------|---------|
| **CompliantUSDT** | `0x93E66202A11B1772E55407B32B44e5Cd8eda7f22` | 6,806 bytes | ✅ Deployed | Compliant USDT token |
| **CompliantUSDC** | `0xf22258f57794CC8E06237084b353Ab30fFfa640b` | 6,806 bytes | ✅ Deployed | Compliant USDC token |
| **TokenRegistry** | `0x91Efe92229dbf7C5B38D422621300956B55870Fa` | 5,359 bytes | ✅ Deployed | Token registry |
| **FeeCollector** | `0xF78246eB94c6CB14018E507E60661314E5f4C53f` | 5,084 bytes | ✅ Deployed | Fee collection |
**Explorer Links:**
- [CompliantUSDT](https://explorer.d-bis.org/address/0x93E66202A11B1772E55407B32B44e5Cd8eda7f22)
- [CompliantUSDC](https://explorer.d-bis.org/address/0xf22258f57794CC8E06237084b353Ab30fFfa640b)
- [TokenRegistry](https://explorer.d-bis.org/address/0x91Efe92229dbf7C5B38D422621300956B55870Fa)
- [FeeCollector](https://explorer.d-bis.org/address/0xF78246eB94c6CB14018E507E60661314E5f4C53f)
---
### Contract Address Quick Reference
**All Contracts Summary:**
| Category | Count | Key Addresses |
|----------|-------|---------------|
| **Genesis** | 3 | WETH9, WETH10, Multicall |
| **Oracle** | 3 | Oracle Proxy (MetaMask), Aggregator, Keeper |
| **CCIP** | 2 | Router, Sender |
| **Bridge** | 2 | WETH9Bridge, WETH10Bridge |
| **eMoney** | 6 | TokenFactory, BridgeVault, Compliance, Debt, Policy, Token Implementation |
| **Compliance** | 4 | CompliantUSDT, CompliantUSDC, TokenRegistry, FeeCollector |
| **Total** | **20** | All contracts |
---
## Container Inventory
Complete list of Ali's containers on ChainID 138 infrastructure:
| VMID | Hostname (Current) | Hostname (Old) | Role | IP Address | Node | Memory | CPU | Disk |
|------|-------------------|----------------|------|------------|------|--------|-----|------|
| 1504 | `besu-sentry-ali` | `besu-sentry-5` | Besu Sentry Node | 192.168.11.154 | pve | 4GB | 2 cores | 100GB |
| 2503 | `besu-rpc-ali-0x8a` | `besu-rpc-4` | Besu RPC Node (0x8a) | 192.168.11.253 | pve | 16GB | 4 cores | 200GB |
| 2504 | `besu-rpc-ali-0x1` | `besu-rpc-4` | Besu RPC Node (0x1) | 192.168.11.254 | pve | 16GB | 4 cores | 200GB |
| 6201 | `firefly-ali-1` | `firefly-2` | Hyperledger Firefly | 192.168.11.67 | pve | 4GB | 2 cores | 50GB |
**Total Resources:**
- **Total Memory:** 40GB
- **Total CPU Cores:** 12 cores
- **Total Disk:** 550GB
---
## Infrastructure Architecture
### Architecture Diagram
```mermaid
flowchart TB
subgraph ProxmoxNode[Proxmox Node: pve]
subgraph AliContainers[Ali's Containers]
Sentry[besu-sentry-ali<br/>VMID: 1504<br/>192.168.11.154]
RPC8a[besu-rpc-ali-0x8a<br/>VMID: 2503<br/>192.168.11.253]
RPC01[besu-rpc-ali-0x1<br/>VMID: 2504<br/>192.168.11.254]
Firefly[firefly-ali-1<br/>VMID: 6201<br/>192.168.11.67]
end
end
subgraph Blockchain[ChainID 138 Blockchain]
Contracts[Smart Contracts<br/>Oracle, CCIP, Bridge, eMoney]
Validators[Validator Nodes]
end
subgraph ExternalServices[External Services]
MetaMask[MetaMask Wallets]
dApps[dApps & Services]
end
Sentry -->|P2P Connection| Validators
RPC8a -->|RPC Access| Contracts
RPC01 -->|RPC Access| Contracts
Firefly -->|Blockchain Integration| Contracts
RPC8a -->|Price Feed| MetaMask
RPC01 -->|Price Feed| MetaMask
ExternalServices -->|HTTP/WS| RPC8a
ExternalServices -->|HTTP/WS| RPC01
```
### Network Topology
```mermaid
graph TB
subgraph Network192[Network: 192.168.11.0/24]
subgraph AliInfra[Ali's Infrastructure]
IP154[192.168.11.154<br/>Besu Sentry]
IP253[192.168.11.253<br/>Besu RPC 0x8a]
IP254[192.168.11.254<br/>Besu RPC 0x1]
IP67[192.168.11.67<br/>Firefly]
end
subgraph OtherNodes[Other ChainID 138 Nodes]
Validators[Validators<br/>192.168.11.100-104]
OtherRPC[RPC Nodes<br/>192.168.11.250-252]
end
end
subgraph Internet[Internet]
Users[Users & dApps]
Cloudflare[Cloudflare/CDN]
end
Cloudflare -->|HTTPS/WSS| IP253
Cloudflare -->|HTTPS/WSS| IP254
Users -->|Via Cloudflare| IP253
Users -->|Via Cloudflare| IP254
IP154 -->|P2P 30303| Validators
IP253 -->|RPC 8545/8546| Contracts
IP254 -->|RPC 8545/8546| Contracts
IP67 -->|Blockchain API| Contracts
```
### Container Relationships
```mermaid
graph LR
subgraph AliContainers[Ali's Containers]
Sentry[Besu Sentry<br/>1504]
RPC8a[Besu RPC 0x8a<br/>2503]
RPC01[Besu RPC 0x1<br/>2504]
Firefly[Firefly<br/>6201]
end
subgraph Services[Services & Contracts]
Oracle[Oracle Contracts]
CCIP[CCIP Contracts]
Bridge[Bridge Contracts]
eMoney[eMoney Contracts]
end
Sentry -->|Discovers Peers| RPC8a
Sentry -->|Discovers Peers| RPC01
RPC8a -->|Reads| Oracle
RPC8a -->|Reads| CCIP
RPC8a -->|Reads| Bridge
RPC01 -->|Reads| Oracle
RPC01 -->|Reads| eMoney
Firefly -->|Integrates| Oracle
Firefly -->|Integrates| CCIP
Firefly -->|Integrates| Bridge
Firefly -->|Uses| RPC8a
Firefly -->|Uses| RPC01
```
### Access Control Flow
```mermaid
sequenceDiagram
participant User as User/Service
participant Nginx as Nginx Proxy
participant JWT as JWT Validator
participant RPC as RPC Container
participant Besu as Besu Node
User->>Nginx: Request (with JWT token)
Nginx->>JWT: Validate token
alt Valid Token
JWT->>Nginx: Token valid
Nginx->>RPC: Forward request
RPC->>Besu: Process RPC call
Besu->>RPC: Return result
RPC->>Nginx: Response
Nginx->>User: Return result
else Invalid Token
JWT->>Nginx: Token invalid
Nginx->>User: 401 Unauthorized
end
```
### Contract Interaction Diagram
```mermaid
graph TB
subgraph Containers[Ali's Containers]
RPC8a[RPC 0x8a<br/>2503]
RPC01[RPC 0x1<br/>2504]
Firefly[Firefly<br/>6201]
end
subgraph OracleContracts[Oracle Contracts]
OracleProxy[Oracle Proxy<br/>0x3304b7...]
Aggregator[Oracle Aggregator<br/>0x99b351...]
end
subgraph CCIPContracts[CCIP Contracts]
Router[CCIP Router<br/>0x8078A0...]
Sender[CCIP Sender<br/>0x105F8A...]
end
subgraph BridgeContracts[Bridge Contracts]
WETH9Bridge[WETH9Bridge<br/>0x89dd12...]
WETH10Bridge[WETH10Bridge<br/>0xe0E932...]
end
subgraph eMoneyContracts[eMoney Contracts]
TokenFactory[TokenFactory<br/>0xEBFb5C...]
Compliance[Compliance<br/>0xbc54fe...]
end
RPC8a -->|Read Price| OracleProxy
RPC01 -->|Read Price| OracleProxy
Firefly -->|Query| OracleProxy
Firefly -->|Send Messages| Router
Firefly -->|Bridge Operations| WETH9Bridge
Firefly -->|Bridge Operations| WETH10Bridge
Firefly -->|Token Operations| TokenFactory
Firefly -->|Compliance Check| Compliance
```
---
## Network Configuration
### IP Address Allocation
| Container | IP Address | Subnet | Gateway | DNS |
|-----------|------------|--------|---------|-----|
| besu-sentry-ali (1504) | 192.168.11.154 | 192.168.11.0/24 | 192.168.11.1 | 192.168.11.1 |
| besu-rpc-ali-0x8a (2503) | 192.168.11.253 | 192.168.11.0/24 | 192.168.11.1 | 192.168.11.1 |
| besu-rpc-ali-0x1 (2504) | 192.168.11.254 | 192.168.11.0/24 | 192.168.11.1 | 192.168.11.1 |
| firefly-ali-1 (6201) | 192.168.11.67 | 192.168.11.0/24 | 192.168.11.1 | 192.168.11.1 |
### Port Mappings
| Container | Service | Port | Protocol | Access |
|-----------|---------|------|----------|--------|
| besu-sentry-ali (1504) | P2P | 30303 | TCP/UDP | Internal network |
| besu-sentry-ali (1504) | Metrics | 9545 | TCP | Internal network |
| besu-rpc-ali-0x8a (2503) | HTTP RPC | 8545 | TCP | Public (via JWT) |
| besu-rpc-ali-0x8a (2503) | WebSocket RPC | 8546 | TCP | Public (via JWT) |
| besu-rpc-ali-0x8a (2503) | Metrics | 9545 | TCP | Internal network |
| besu-rpc-ali-0x1 (2504) | HTTP RPC | 8545 | TCP | Public (via JWT) |
| besu-rpc-ali-0x1 (2504) | WebSocket RPC | 8546 | TCP | Public (via JWT) |
| besu-rpc-ali-0x1 (2504) | Metrics | 9545 | TCP | Internal network |
| firefly-ali-1 (6201) | HTTP API | 5000 | TCP | Internal network |
| firefly-ali-1 (6201) | WebSocket | 5001 | TCP | Internal network |
### Firewall Rules
**Inbound Rules:**
- ✅ P2P (30303): Allow from internal network (192.168.11.0/24)
- ✅ RPC HTTP (8545): Allow from public (via Nginx/JWT)
- ✅ RPC WebSocket (8546): Allow from public (via Nginx/JWT)
- ✅ Metrics (9545): Allow from internal network only
- ✅ Firefly API (5000-5001): Allow from internal network only
**Outbound Rules:**
- ✅ All outbound: Allow (for blockchain sync and external services)
---
## Access Control and Authentication
### Access Level: Full Root Access
Ali has **full root access** to all containers and the Proxmox host, providing:
- ✅ SSH access to all containers
- ✅ Proxmox console access
- ✅ Container management (start, stop, restart, migrate)
- ✅ Configuration file access
- ✅ Key material access
- ✅ Service management
- ✅ Network configuration
- ✅ Full administrative privileges
### JWT Authentication
All RPC containers (2503, 2504) require JWT authentication:
**Configuration:**
- Token generation: `./scripts/generate-jwt-token-for-container.sh [VMID] [username] [days]`
- Token format: `Bearer <JWT_TOKEN>`
- Validation: Nginx with lua-resty-jwt
- Secret location: `/etc/nginx/jwt_secret` (on each container)
**Token Generation Example:**
```bash
# Generate token for VMID 2503 (0x8a identity)
./scripts/generate-jwt-token-for-container.sh 2503 ali-full-access 365
# Generate token for VMID 2504 (0x1 identity)
./scripts/generate-jwt-token-for-container.sh 2504 ali-full-access 365
```
**Using JWT Tokens:**
```bash
# HTTP RPC request with JWT
curl -H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' \
https://rpc-endpoint.d-bis.org
```
### Access Level Comparison
| Feature | Ali | Luis/Putu |
|---------|-----|-----------|
| **SSH Access** | ✅ Full | ❌ No |
| **Proxmox Console** | ✅ Full | ❌ No |
| **Container Management** | ✅ Full | ❌ No |
| **Key Material Access** | ✅ Full | ❌ No |
| **RPC Access** | ✅ Full (JWT) | ✅ Limited (JWT only) |
| **Configuration Access** | ✅ Full | ❌ No |
| **Service Management** | ✅ Full | ❌ No |
---
## Container Specifications
### 1. Besu Sentry Node (VMID 1504)
**Hostname:** `besu-sentry-ali` (formerly `besu-sentry-5`)
**Specifications:**
- **Memory:** 4GB
- **CPU:** 2 cores
- **Disk:** 100GB
- **IP Address:** 192.168.11.154
- **Node:** pve
**Purpose:**
- Discovers and connects to validator nodes
- Provides network connectivity for RPC nodes
- Acts as network gateway
- Enables discovery of other blockchain nodes
**Configuration:**
- Discovery: **Enabled**
- P2P Port: 30303
- Metrics Port: 9545
- ChainID: 138
- Sync Mode: FAST
**Access:**
- Internal network only
- No public RPC endpoints
- JWT authentication: N/A (no public access)
---
### 2. Besu RPC Node - 0x8a Identity (VMID 2503)
**Hostname:** `besu-rpc-ali-0x8a` (formerly `besu-rpc-4`)
**Specifications:**
- **Memory:** 16GB
- **CPU:** 4 cores
- **Disk:** 200GB
- **IP Address:** 192.168.11.253
- **Node:** pve
**Purpose:**
- Provides RPC access with 0x8a identity
- Serves public RPC requests (with JWT authentication)
- Reports chainID 0x1 to MetaMask (wallet compatibility)
- Provides price feed access
**Configuration:**
- Discovery: **Disabled** (prevents mainnet connection)
- RPC HTTP Port: 8545
- RPC WebSocket Port: 8546
- Metrics Port: 9545
- ChainID: 138 (reports 0x1 to MetaMask)
- Identity: 0x8a
**APIs Enabled:**
- ETH, NET, WEB3, TXPOOL, QBFT
- No ADMIN, DEBUG, or TRACE APIs
**Access:**
- Public access via Nginx reverse proxy
- JWT authentication: ✅ Required
- CORS: Enabled
---
### 3. Besu RPC Node - 0x1 Identity (VMID 2504)
**Hostname:** `besu-rpc-ali-0x1` (formerly `besu-rpc-4`)
**Specifications:**
- **Memory:** 16GB
- **CPU:** 4 cores
- **Disk:** 200GB
- **IP Address:** 192.168.11.254
- **Node:** pve
**Purpose:**
- Provides RPC access with 0x1 identity
- Serves public RPC requests (with JWT authentication)
- Reports chainID 0x1 to MetaMask (wallet compatibility)
- Provides price feed access
**Configuration:**
- Discovery: **Disabled** (prevents mainnet connection)
- RPC HTTP Port: 8545
- RPC WebSocket Port: 8546
- Metrics Port: 9545
- ChainID: 138 (reports 0x1 to MetaMask)
- Identity: 0x1
**APIs Enabled:**
- ETH, NET, WEB3, TXPOOL, QBFT
- No ADMIN, DEBUG, or TRACE APIs
**Access:**
- Public access via Nginx reverse proxy
- JWT authentication: ✅ Required
- CORS: Enabled
**Note:** The 0x1 and 0x8a identities allow different permission levels for MetaMask wallet compatibility.
---
### 4. Hyperledger Firefly Node (VMID 6201)
**Hostname:** `firefly-ali-1` (formerly `firefly-2`)
**Specifications:**
- **Memory:** 4GB
- **CPU:** 2 cores
- **Disk:** 50GB
- **IP Address:** 192.168.11.67
- **Node:** pve
**Purpose:**
- Hyperledger Firefly workflow orchestration
- Blockchain integration layer
- Smart contract interaction
- Multi-party workflows
- Token operations
**Configuration:**
- HTTP API Port: 5000
- WebSocket Port: 5001
- ChainID: 138
- RPC Connection: Uses Ali's RPC nodes (2503, 2504)
**Access:**
- Internal network only
- JWT authentication: ✅ Required
- Service-to-service communication
**Integration:**
- Connects to ChainID 138 via RPC nodes
- Interacts with Oracle contracts
- Uses CCIP for cross-chain operations
- Integrates with Bridge contracts
- Manages eMoney system operations
---
## Contract Integration
### Container-to-Contract Mappings
| Container | Contracts Used | Purpose |
|-----------|----------------|---------|
| **besu-rpc-ali-0x8a (2503)** | Oracle Proxy, Oracle Aggregator, CCIP Router, Bridge Contracts | RPC access for price feeds, cross-chain operations |
| **besu-rpc-ali-0x1 (2504)** | Oracle Proxy, Oracle Aggregator, eMoney Contracts | RPC access for price feeds, eMoney operations |
| **firefly-ali-1 (6201)** | All contracts | Workflow orchestration, smart contract interactions |
### Service Configuration Examples
#### RPC Node Configuration
**For Oracle Price Feeds:**
```bash
# Environment configuration
ORACLE_PROXY_ADDRESS=0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6
ORACLE_AGGREGATOR_ADDRESS=0x99b3511a2d315a497c8112c1fdd8d508d4b1e506
RPC_URL=http://192.168.11.253:8545
CHAIN_ID=138
```
#### Firefly Configuration
**Contract Addresses:**
```bash
# Oracle Contracts
ORACLE_PROXY=0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6
ORACLE_AGGREGATOR=0x99b3511a2d315a497c8112c1fdd8d508d4b1e506
# CCIP Contracts
CCIP_ROUTER=0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e
CCIP_SENDER=0x105F8A15b819948a89153505762444Ee9f324684
# Bridge Contracts
WETH9_BRIDGE=0x89dd12025bfCD38A168455A44B400e913ED33BE2
WETH10_BRIDGE=0xe0E93247376aa097dB308B92e6Ba36bA015535D0
# eMoney Contracts
TOKEN_FACTORY=0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133
COMPLIANCE_REGISTRY=0xbc54fe2b6fda157c59d59826bcfdbcc654ec9ea1
# RPC Configuration
RPC_URL_138=http://192.168.11.253:8545
RPC_WS_URL_138=ws://192.168.11.253:8546
CHAIN_ID=138
```
### Contract Interaction Patterns
**1. Oracle Price Feed Query:**
```javascript
// Query latest ETH/USD price from Oracle Proxy
const oracleAddress = "0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6";
const price = await oracleContract.latestRoundData();
```
**2. CCIP Cross-Chain Message:**
```javascript
// Send cross-chain message via CCIP Router
const routerAddress = "0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e";
await routerContract.ccipSend(destinationChain, message, { value: fee });
```
**3. Bridge Operation:**
```javascript
// Bridge WETH9 via CCIPWETH9Bridge
const bridgeAddress = "0x89dd12025bfCD38A168455A44B400e913ED33BE2";
await bridgeContract.bridge(amount, destinationChain);
```
**4. eMoney Token Creation:**
```javascript
// Create token via TokenFactory
const factoryAddress = "0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133";
await tokenFactory.createToken(name, symbol, decimals, complianceData);
```
---
## Configuration Files
### Besu Configuration Files
**Sentry Node (1504):**
- Config: `/etc/besu/config-sentry.toml`
- Static Nodes: `/var/lib/besu/static-nodes.json`
- Permissioned Nodes: `/var/lib/besu/permissions/permissioned-nodes.json`
**RPC Node 0x8a (2503):**
- Config: `/etc/besu/config-rpc-4.toml` or `/etc/besu/config-rpc-ali-0x8a.toml`
- Static Nodes: `/var/lib/besu/static-nodes.json`
- Permissioned Nodes: `/var/lib/besu/permissions/permissioned-nodes.json`
- Nginx Config: `/etc/nginx/sites-available/rpc-ali-0x8a`
**RPC Node 0x1 (2504):**
- Config: `/etc/besu/config-rpc-4.toml` or `/etc/besu/config-rpc-ali-0x1.toml`
- Static Nodes: `/var/lib/besu/static-nodes.json`
- Permissioned Nodes: `/var/lib/besu/permissions/permissioned-nodes.json`
- Nginx Config: `/etc/nginx/sites-available/rpc-ali-0x1`
### Firefly Configuration Files
**Firefly Node (6201):**
- Main Config: `/opt/firefly/firefly.yml`
- Environment: `/opt/firefly/.env`
- Database: PostgreSQL (internal)
- Stack Config: `docker-compose.yml`
### Deployment Scripts
**Main Configuration Script:**
- Location: `scripts/configure-besu-chain138-nodes.sh`
- Purpose: Deploy Besu configurations to all nodes
**JWT Token Generation:**
- Location: `scripts/generate-jwt-token-for-container.sh`
- Usage: `./scripts/generate-jwt-token-for-container.sh [VMID] [username] [days]`
**Verification Script:**
- Location: `scripts/verify-chain138-config.sh`
- Purpose: Verify configuration deployment
### Key Configuration Parameters
**Besu RPC Nodes:**
```toml
# Discovery (disabled for RPC nodes)
discovery-enabled=false
# RPC APIs
rpc-http-api=["ETH","NET","WEB3","TXPOOL","QBFT"]
# Ports
rpc-http-port=8545
rpc-ws-port=8546
# ChainID
network-id=138
```
**JWT Authentication:**
```nginx
# Nginx configuration
location / {
access_by_lua_block {
local jwt = require "resty.jwt"
-- JWT validation logic
}
proxy_pass http://127.0.0.1:8545;
}
```
---
## Deployment Status
### Container Status
| Container | Status | Last Updated | Notes |
|-----------|--------|--------------|-------|
| besu-sentry-ali (1504) | ✅ Active | December 26, 2024 | Discovery enabled |
| besu-rpc-ali-0x8a (2503) | ✅ Active | December 26, 2024 | JWT auth enabled, discovery disabled |
| besu-rpc-ali-0x1 (2504) | ✅ Active | December 26, 2024 | JWT auth enabled, discovery disabled |
| firefly-ali-1 (6201) | ✅ Active | December 26, 2024 | Integrated with ChainID 138 |
### Contract Deployment Status
| Category | Deployed | Verified | Explorer |
|----------|----------|----------|----------|
| Genesis Contracts | ✅ 3/3 | ✅ Yes | ✅ Yes |
| Oracle Contracts | ✅ 3/3 | ✅ Yes | ✅ Yes |
| CCIP Contracts | ✅ 2/2 | ✅ Yes | ✅ Yes |
| Bridge Contracts | ✅ 2/2 | ✅ Yes | ✅ Yes |
| eMoney Contracts | ✅ 6/6 | ✅ Yes | ✅ Yes |
| Compliance Contracts | ✅ 4/4 | ✅ Yes | ✅ Yes |
| **Total** | **✅ 20/20** | **✅ Yes** | **✅ Yes** |
### Migration Status
| Container | Old Hostname | New Hostname | Migration Status |
|-----------|--------------|--------------|------------------|
| 1504 | besu-sentry-5 | besu-sentry-ali | ✅ Complete |
| 2503 | besu-rpc-4 | besu-rpc-ali-0x8a | ✅ Complete |
| 2504 | besu-rpc-4 | besu-rpc-ali-0x1 | ✅ Complete |
| 6201 | firefly-2 | firefly-ali-1 | ✅ Complete |
All containers have been renamed and are located on the **pve** Proxmox node.
---
## Quick Reference
### Container Quick Access
**SSH Access:**
```bash
# Sentry Node
ssh root@192.168.11.154
# RPC Node 0x8a
ssh root@192.168.11.253
# RPC Node 0x1
ssh root@192.168.11.254
# Firefly Node
ssh root@192.168.11.67
```
**Proxmox Access:**
```bash
# List containers
ssh root@192.168.11.10 "pvesh get /nodes/pve/lxc" | grep -E "(1504|2503|2504|6201)"
# Container status
ssh root@192.168.11.10 "pct status 1504"
ssh root@192.168.11.10 "pct status 2503"
ssh root@192.168.11.10 "pct status 2504"
ssh root@192.168.11.10 "pct status 6201"
```
### Contract Address Quick Reference
**Most Used Contracts:**
| Contract | Address | Usage |
|----------|---------|-------|
| **Oracle Proxy** | `0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6` | MetaMask price feeds |
| **CCIP Router** | `0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e` | Cross-chain messaging |
| **WETH9** | `0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2` | Wrapped Ether |
| **TokenFactory** | `0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133` | Token creation |
### RPC Endpoints
**Internal RPC (from internal network):**
- HTTP: `http://192.168.11.253:8545` (0x8a identity)
- HTTP: `http://192.168.11.254:8545` (0x1 identity)
- WebSocket: `ws://192.168.11.253:8546` (0x8a identity)
- WebSocket: `ws://192.168.11.254:8546` (0x1 identity)
**Public RPC (via JWT):**
- Requires JWT token in Authorization header
- Endpoints configured via Nginx reverse proxy
- Access controlled via JWT validation
### Useful Commands
**Check Container Status:**
```bash
# Check all Ali containers
for vmid in 1504 2503 2504 6201; do
echo "=== VMID $vmid ==="
ssh root@192.168.11.10 "pct status $vmid"
done
```
**Generate JWT Token:**
```bash
# For RPC node 2503 (0x8a)
./scripts/generate-jwt-token-for-container.sh 2503 ali-full-access 365
# For RPC node 2504 (0x1)
./scripts/generate-jwt-token-for-container.sh 2504 ali-full-access 365
```
**Test RPC Connection:**
```bash
# Test from internal network
curl -X POST http://192.168.11.253:8545 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
```
**Check Contract on Explorer:**
```bash
# Open contract in explorer
xdg-open "https://explorer.d-bis.org/address/0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6"
```
### Service Scripts
**Deployment Scripts:**
- `scripts/configure-besu-chain138-nodes.sh` - Main configuration
- `scripts/verify-chain138-config.sh` - Verification
- `scripts/generate-jwt-token-for-container.sh` - JWT token generation
- `scripts/setup-new-chain138-containers.sh` - Quick setup
**Configuration Scripts:**
- `scripts/configure-nginx-jwt-auth.sh` - JWT authentication setup
- `scripts/copy-besu-config-with-nodes.sh` - Config file deployment
### Related Documentation
- [ChainID 138 Besu Configuration](../../06-besu/CHAIN138_BESU_CONFIGURATION.md)
- [Contract Addresses Reference](../../11-references/CONTRACT_ADDRESSES_REFERENCE.md)
- [JWT Authentication Requirements](../../04-configuration/CHAIN138_JWT_AUTH_REQUIREMENTS.md)
- [Missing Containers List](../../03-deployment/MISSING_CONTAINERS_LIST.md)
---
## Summary
This document provides a comprehensive reference for Ali's infrastructure on ChainID 138, including:
-**4 Containers** with full specifications
-**20 Smart Contracts** organized by category
-**1 Primary Wallet** address with genesis allocation
-**Complete Network Configuration** with IP addresses and ports
-**Access Control** details with JWT authentication
-**Contract Integration** patterns and examples
-**Visual Diagrams** showing architecture and relationships
-**Quick Reference** tables and commands
All infrastructure is active and operational on ChainID 138 (DeFi Oracle Meta Mainnet).
---
**Last Updated:** December 26, 2024
**Document Version:** 1.0
**Status:** ✅ Complete
Reference in New Issue View Git Blame Copy Permalink