d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7eebb87b33ea4af3efe689c5a0469df4a134313
proxmox/config/public-surface-remediation-map.json
defiQUG dbd517b279 Sync workspace: config, docs, scripts, CI, operator rules, and submodule pointers. 
- Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains
- Omit embedded publish git dirs and empty placeholders from index

Made-with: Cursor
2026-04-12 06:12:20 -07:00

392 lines
15 KiB
JSON
Raw Blame History

{
"schemaVersion": 1,
"reviewedAt": "2026-04-06",
"surfaces": [
{
"id": "dbis-admin-console",
"classification": "public_502_backend",
"statusPolicy": "must_pass_when_upstream_healthy",
"domains": [
"admin.d-bis.org",
"dbis-admin.d-bis.org"
],
"expectedService": "DBIS admin console",
"observedIssues": [
"https_502"
],
"upstream": {
"vmid": "10130",
"host": "r630-01",
"ip": "192.168.11.130",
"port": 80
},
"repoSolution": "Repair or restart VMID 10130, then refresh the primary NPMplus proxy definitions and rerun the public E2E sweep.",
"scripts": [
"scripts/maintenance/address-all-remaining-502s.sh",
"scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"./scripts/maintenance/address-all-remaining-502s.sh --no-npm",
"bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"docs/00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md",
"docs/04-configuration/ALL_VMIDS_ENDPOINTS.md",
"docs/04-configuration/FQDN_EXPECTED_CONTENT.md"
]
},
{
"id": "dbis-secure-portal",
"classification": "public_502_backend",
"statusPolicy": "must_pass_when_upstream_healthy",
"domains": [
"secure.d-bis.org"
],
"expectedService": "DBIS member secure portal",
"observedIssues": [
"https_502"
],
"upstream": {
"vmid": "10130",
"host": "r630-01",
"ip": "192.168.11.130",
"port": 80
},
"repoSolution": "Use the same VMID 10130 backend recovery as the DBIS admin console, then resync the proxy rows that point secure traffic at 192.168.11.130:80.",
"scripts": [
"scripts/maintenance/address-all-remaining-502s.sh",
"scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"./scripts/maintenance/address-all-remaining-502s.sh --no-npm",
"bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"docs/00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md",
"docs/04-configuration/ALL_VMIDS_ENDPOINTS.md",
"docs/04-configuration/FQDN_EXPECTED_CONTENT.md"
]
},
{
"id": "dbis-core-portal",
"classification": "placeholder_surface",
"statusPolicy": "keep_optional_until_real_service_deployed",
"domains": [
"core.d-bis.org"
],
"expectedService": "DBIS Core client portal",
"observedIssues": [
"https_502"
],
"upstream": {
"vmid": "10150",
"host": "r630-01",
"ip": "192.168.11.155",
"port": 3000
},
"repoSolution": "Deploy the real dbis_core frontend and then repoint core.d-bis.org to that live upstream. Until then, keep this surface optional in public E2E.",
"scripts": [
"dbis_core/scripts/deployment/deploy-frontend.sh",
"scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"bash dbis_core/scripts/deployment/deploy-frontend.sh",
"bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"docs/03-deployment/OMNL_DBIS_CORE_CHAIN138_SMART_VAULT_RTGS_RUNBOOK.md",
"docs/04-configuration/E2E_ENDPOINTS_LIST.md",
"docs/04-configuration/FQDN_EXPECTED_CONTENT.md"
]
},
{
"id": "dbis-api-pair",
"classification": "placeholder_surface",
"statusPolicy": "keep_optional_until_real_service_deployed",
"domains": [
"dbis-api.d-bis.org",
"dbis-api-2.d-bis.org"
],
"expectedService": "Primary and secondary DBIS API surfaces",
"observedIssues": [
"https_502"
],
"upstream": {
"vmid": "10150/10151",
"host": "r630-01",
"ip": "192.168.11.155/192.168.11.156",
"port": 3000
},
"repoSolution": "Deploy the real dbis_core API to 10150 and 10151, then refresh the NPMplus rows. Until real JSON API routes exist, these hosts stay optional by policy.",
"scripts": [
"dbis_core/scripts/deployment/deploy-api.sh",
"scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"bash dbis_core/scripts/deployment/deploy-api.sh",
"bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"docs/04-configuration/E2E_ENDPOINTS_LIST.md",
"docs/04-configuration/FQDN_EXPECTED_CONTENT.md",
"docs/11-references/DBIS_CORE_API_REFERENCE.md"
]
},
{
"id": "dbis-data-api",
"classification": "planned_api_surface",
"statusPolicy": "keep_optional_until_real_service_deployed",
"domains": [
"data.d-bis.org"
],
"expectedService": "Public DBIS data API with /v1/health and read-only dataset routes",
"observedIssues": [
"https_502"
],
"upstream": {
"vmid": "TBD",
"host": "TBD",
"ip": "currently mapped to 192.168.11.155",
"port": 3000
},
"repoSolution": "Publish a real data API implementation behind data.d-bis.org or intentionally remove it from public expectations until a live upstream exists.",
"scripts": [
"scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"config/dbis-data-api/openapi.yaml",
"config/dbis-data-api/README.md",
"docs/04-configuration/E2E_ENDPOINTS_LIST.md"
]
},
{
"id": "alltra-hybx-placeholder-web-surfaces",
"classification": "placeholder_surface",
"statusPolicy": "keep_optional_until_real_service_deployed",
"domains": [
"firefly-alltra-1.d-bis.org",
"firefly-alltra-2.d-bis.org",
"firefly-hybx-1.d-bis.org",
"firefly-hybx-2.d-bis.org",
"fabric-alltra.d-bis.org",
"indy-alltra.d-bis.org",
"fabric-hybx.d-bis.org",
"indy-hybx.d-bis.org"
],
"expectedService": "Alltra and HYBX Firefly, Fabric, and Indy web surfaces",
"observedIssues": [
"https_502",
"origin_missing_or_no_web_listener"
],
"upstream": {
"vmid": "6202-6205, 6001-6002, 6401-6402",
"host": "r630-02",
"ip": "192.168.11.175-179 / 192.168.11.249-253",
"port": 80
},
"repoSolution": "Do not publish these hostnames by default. Only add the Cloudflare tunnel and NPMplus rows after the real HTTP listener is deployed on the intended upstream port, or repoint the hostname to the actual web port.",
"scripts": [
"scripts/cloudflare/configure-alltra-hybx-tunnel-and-dns.sh",
"scripts/nginx-proxy-manager/update-npmplus-alltra-hybx-proxy-hosts.sh",
"scripts/verify/generate-public-surface-remediation-plan.sh"
],
"commands": [
"bash scripts/verify/generate-public-surface-remediation-plan.sh --print",
"INCLUDE_PLACEHOLDER_HOSTS=1 bash scripts/nginx-proxy-manager/update-npmplus-alltra-hybx-proxy-hosts.sh",
"INCLUDE_PLACEHOLDER_HOSTNAMES=1 bash scripts/cloudflare/configure-alltra-hybx-tunnel-and-dns.sh"
],
"docs": [
"docs/04-configuration/NPMPLUS_ALLTRA_HYBX_MASTER_PLAN.md",
"docs/04-configuration/PUBLIC_SURFACE_502_AND_DNS_REMEDIATION_MATRIX.md",
"docs/04-configuration/cloudflare/SFVALLEY2_TUNNEL_MANUAL_RUNBOOK.md"
]
},
{
"id": "sankofa-studio",
"classification": "public_502_backend",
"statusPolicy": "must_pass_when_upstream_healthy",
"domains": [
"studio.sankofa.nexus"
],
"expectedService": "Sankofa Studio FusionAI app under /studio/",
"observedIssues": [
"https_502"
],
"upstream": {
"vmid": "7805",
"host": "r630-01",
"ip": "192.168.11.72",
"port": 8000
},
"repoSolution": "Redeploy or restart the Studio backend, then refresh the NPMplus proxy and DNS records for studio.sankofa.nexus.",
"scripts": [
"scripts/deployment/run-sankofa-studio-e2e.sh",
"scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh",
"scripts/cloudflare/add-studio-sankofa-dns.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"bash scripts/deployment/run-sankofa-studio-e2e.sh",
"bash scripts/nginx-proxy-manager/add-studio-sankofa-npmplus-proxy.sh",
"bash scripts/cloudflare/add-studio-sankofa-dns.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md",
"docs/03-deployment/SANKOFA_STUDIO_DEPLOYMENT.md",
"docs/04-configuration/ALL_VMIDS_ENDPOINTS.md"
]
},
{
"id": "sankofa-keycloak",
"classification": "public_502_backend",
"statusPolicy": "must_pass_when_upstream_healthy",
"domains": [
"keycloak.sankofa.nexus"
],
"expectedService": "Keycloak IdP for portal/admin client SSO",
"observedIssues": [
"https_502"
],
"upstream": {
"vmid": "7802",
"host": "r630-01",
"ip": "192.168.11.52",
"port": 8080
},
"repoSolution": "Restart or reconfigure Keycloak, ensure the portal/keycloak proxy rows are correct, and verify the client redirect URIs.",
"scripts": [
"scripts/deployment/enable-sankofa-portal-login-7801.sh",
"scripts/deployment/keycloak-sankofa-ensure-client-redirects.sh",
"scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"bash scripts/deployment/enable-sankofa-portal-login-7801.sh --dry-run",
"bash scripts/deployment/keycloak-sankofa-ensure-client-redirects.sh",
"bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"docs/02-architecture/EXPECTED_WEB_CONTENT.md",
"docs/03-deployment/SANKOFA_PHOENIX_PUBLIC_PORTAL_ADMIN_ENDPOINT_CORRECTION_TASKS.md",
"docs/04-configuration/FQDN_EXPECTED_CONTENT.md"
]
},
{
"id": "cacti-alltra",
"classification": "public_edge_ok",
"statusPolicy": "must_pass_when_upstream_healthy",
"domains": [
"cacti-alltra.d-bis.org"
],
"expectedService": "Alltra Cacti monitoring UI",
"observedIssues": [],
"upstream": {
"vmid": "5201",
"host": "r630-02",
"ip": "192.168.11.177",
"port": 80
},
"repoSolution": "Keep VMID 5201 healthy with the Cacti surface maintenance workflow, then rerun the Alltra/HYBX proxy refresh and public E2E verification when that stack changes.",
"scripts": [
"scripts/maintenance/ensure-cacti-web-via-ssh.sh",
"scripts/nginx-proxy-manager/update-npmplus-alltra-hybx-proxy-hosts.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"bash scripts/maintenance/ensure-cacti-web-via-ssh.sh",
"bash scripts/nginx-proxy-manager/update-npmplus-alltra-hybx-proxy-hosts.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"docs/00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md",
"docs/04-configuration/NPMPLUS_ALLTRA_HYBX_MASTER_PLAN.md",
"docs/04-configuration/ALL_VMIDS_ENDPOINTS.md"
]
},
{
"id": "cacti-hybx",
"classification": "public_edge_ok",
"statusPolicy": "must_pass_when_upstream_healthy",
"domains": [
"cacti-hybx.d-bis.org"
],
"expectedService": "HYBX Cacti monitoring UI",
"observedIssues": [],
"upstream": {
"vmid": "5202",
"host": "r630-02",
"ip": "192.168.11.251",
"port": 80
},
"repoSolution": "Keep VMID 5202 healthy with the Cacti surface maintenance workflow, then rerun the Alltra/HYBX proxy refresh and public E2E verification when that stack changes.",
"scripts": [
"scripts/maintenance/ensure-cacti-web-via-ssh.sh",
"scripts/nginx-proxy-manager/update-npmplus-alltra-hybx-proxy-hosts.sh",
"scripts/verify/verify-end-to-end-routing.sh"
],
"commands": [
"bash scripts/maintenance/ensure-cacti-web-via-ssh.sh",
"bash scripts/nginx-proxy-manager/update-npmplus-alltra-hybx-proxy-hosts.sh",
"bash scripts/verify/verify-end-to-end-routing.sh --profile=public"
],
"docs": [
"docs/00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md",
"docs/04-configuration/NPMPLUS_ALLTRA_HYBX_MASTER_PLAN.md",
"docs/04-configuration/ALL_VMIDS_ENDPOINTS.md"
]
},
{
"id": "info-defi-oracle-hub",
"classification": "public_edge_ok",
"statusPolicy": "must_pass_when_upstream_healthy",
"domains": [
"info.defi-oracle.io",
"www.info.defi-oracle.io"
],
"expectedService": "Chain 138 info hub SPA on dedicated nginx LXC VMID 2410; NPMplus → 192.168.11.218:80; nginx reverse-proxies /token-aggregation/ to Blockscout token-aggregation (not hosted on VMID 2400 ThirdWeb RPC)",
"observedIssues": [],
"upstream": {
"vmid": "2410",
"host": "r630-01",
"ip": "192.168.11.218",
"port": 80
},
"repoSolution": "Build with pnpm --filter info-defi-oracle-138 build; sync dist + nginx to VMID 2410 (sync-info-defi-oracle-to-vmid2400.sh); refresh NPMplus rows to IP_INFO_DEFI_ORACLE_WEB; DNS via Cloudflare tunnel or public_ip (set-info-defi-oracle-dns-to-vmid2400-tunnel.sh). Optional tunnel ingress: update-vmid2400-tunnel-config.sh only if info hostnames use the RPC tunnel stack.",
"scripts": [
"scripts/deployment/provision-info-defi-oracle-web-lxc.sh",
"scripts/deployment/sync-info-defi-oracle-to-vmid2400.sh",
"scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"scripts/cloudflare/set-info-defi-oracle-dns-to-vmid2400-tunnel.sh",
"scripts/cloudflare/purge-info-defi-oracle-cache.sh",
"scripts/verify/check-info-defi-oracle-public.sh",
"scripts/update-vmid2400-tunnel-config.sh"
],
"commands": [
"bash scripts/deployment/sync-info-defi-oracle-to-vmid2400.sh",
"bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh",
"pnpm run verify:info-defi-oracle-public"
],
"docs": [
"docs/04-configuration/INFO_DEFI_ORACLE_IO_DEPLOYMENT.md",
"info-defi-oracle-138/README.md",
"docs/04-configuration/ALL_VMIDS_ENDPOINTS.md"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink