Files

defiQUG dbd517b279 Sync workspace: config, docs, scripts, CI, operator rules, and submodule pointers.

- Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains
- Omit embedded publish git dirs and empty placeholders from index

Made-with: Cursor

2026-04-12 06:12:20 -07:00

4.4 KiB

Raw Blame History

Nginx SSL Manual Configuration - Step-by-Step Guide

Historical note: This manual walkthrough preserves the older NPM UI flow and originally used pre-standardization RPC backends. Keep it for UI guidance, but use current values from docs/04-configuration/RPC_ENDPOINTS_MASTER.md when creating or repairing hosts.

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2026-01-09
NPM URL: https://192.168.11.167:81
Credentials: nsatoshi2007@hotmail.com / L@ker$2010

Quick Start

Open: http://192.168.11.26:81
Log in with credentials above
Follow steps below for each domain

Step-by-Step Configuration

For Each Domain:

Step 1: Add Proxy Host

Click "Proxy Hosts" in left menu
Click "Add Proxy Host" button (top right)

Step 2: Details Tab

Fill in:

Domain Names: Enter the domain (e.g., explorer.d-bis.org)
- For multiple domains, add each on a new line
Scheme:
- Select http if target is http://
- Select https if target is https://
Forward Hostname/IP: Enter the IP address (e.g., 192.168.11.140)
Forward Port: Enter the port (e.g., 80 or 443)
Cache Assets: ✅ Enable (optional)
Block Common Exploits: ✅ Enable
Websockets Support: ✅ Enable (for RPC domains with WebSocket)

Step 3: SSL Tab

Click "SSL" tab
Click "Request a new SSL Certificate"
Fill in:
- Email Address for Let's Encrypt: nsatoshi2007@hotmail.com
- I Agree to the Let's Encrypt Terms of Service: ✅ Check
- Force SSL: ✅ Enable (redirects HTTP to HTTPS)
- HTTP/2 Support: ✅ Enable
- HSTS Enabled: ✅ Enable
- HSTS Subdomains: ✅ Enable (if you have subdomains)

Step 4: Save

Click "Save" button
Wait 1-2 minutes for certificate to be issued
Check for green checkmark indicating success

Domain Configuration Reference

sankofa.nexus (5 domains)

Domain	Details	Forward To	Port	WebSocket
`sankofa.nexus`	Scheme: http	`192.168.11.140`	80	No
`www.sankofa.nexus`	Scheme: http	`192.168.11.140`	80	No
`phoenix.sankofa.nexus`	Scheme: http	`192.168.11.140`	80	No
`www.phoenix.sankofa.nexus`	Scheme: http	`192.168.11.140`	80	No
`the-order.sankofa.nexus`	Scheme: http	`192.168.11.140`	80	No

d-bis.org (9 domains)

Domain	Details	Forward To	Port	WebSocket
`explorer.d-bis.org`	Scheme: http	`192.168.11.140`	80	No
`rpc-http-pub.d-bis.org`	Scheme: https	`192.168.11.221`	443	✅ Yes
`rpc-ws-pub.d-bis.org`	Scheme: https	`192.168.11.221`	443	✅ Yes
`rpc-http-prv.d-bis.org`	Scheme: https	`192.168.11.211`	443	✅ Yes
`rpc-ws-prv.d-bis.org`	Scheme: https	`192.168.11.211`	443	✅ Yes
`dbis-admin.d-bis.org`	Scheme: http	`192.168.11.130`	80	No
`dbis-api.d-bis.org`	Scheme: http	`192.168.11.155`	3000	No
`dbis-api-2.d-bis.org`	Scheme: http	`192.168.11.156`	3000	No
`secure.d-bis.org`	Scheme: http	`192.168.11.130`	80	No

mim4u.org (4 domains)

Domain	Details	Forward To	Port	WebSocket
`mim4u.org`	Scheme: http	`192.168.11.19`	80	No
`www.mim4u.org`	Scheme: http	`192.168.11.19`	80	No
`secure.mim4u.org`	Scheme: http	`192.168.11.19`	80	No
`training.mim4u.org`	Scheme: http	`192.168.11.19`	80	No

defi-oracle.io (1 domain)

Domain	Details	Forward To	Port	WebSocket
`rpc.public-0138.defi-oracle.io`	Scheme: https	`192.168.11.221`	443	✅ Yes

Tips

Batch Configuration: Configure similar domains together (same target IP/port)
Certificate Wait: Let's Encrypt certificates take 1-2 minutes to issue
Error Handling: If certificate request fails, check:
- DNS resolves to 76.53.10.36
- Port 80 is accessible (required for HTTP-01 challenge)
- No rate limiting (wait 1 hour if too many requests)

Verification

After configuring all domains:

bash scripts/nginx-proxy-manager/verify-ssl-config.sh

Or test manually:

curl -I https://explorer.d-bis.org
curl -I https://sankofa.nexus

Last Updated: 2026-01-09

4.4 KiB Raw Blame History