d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bad8fdc98c227b375dddf951a5c6bacbcf47e12e
proxmox/docs/04-configuration/MIFOS_REMAINING_STEPS.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

68 lines
3.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Mifos — Remaining Steps (after automated setup)
**Last Updated:** 2026-02-09
**Status:** Checklist for operator
**Context:** LXC 5800 created; Mifos X 24.04.30 (Docker) running on 192.168.11.85:80; DNS mifos.d-bis.org → 76.53.10.41 (A, Proxied).
---
## Done automatically
- [x] LXC 5800 created on r630-02 (192.168.11.85)
- [x] Nesting + keyctl + AppArmor unconfined set on 5800
- [x] Docker + Mifos 24.04.30 (Docker Compose) installed and running in 5800
- [x] Cloudflare DNS: mifos.d-bis.org → **76.53.10.41** (A record, Proxied) via `MIFOS_DNS_MODE=direct ./scripts/cloudflare/configure-mifos-dns.sh`
---
## Remaining (manual or with secrets)
### 1. UDM Pro port forward (for direct access via 76.53.10.41)
- In **UniFi Network****Settings****Firewall & Security****Port Forwarding** add:
- **76.53.10.41:80** → **192.168.11.85:80** (TCP)
- **76.53.10.41:443** → **192.168.11.85:443** (TCP) if you add TLS later
- Ensure 76.53.10.41 is assigned on the UDM Pro.
- See [UDM_PRO_MIFOS_76_53_10_41_PORT_FORWARD.md](UDM_PRO_MIFOS_76_53_10_41_PORT_FORWARD.md).
### 2. Optional: Cloudflare Tunnel + UK egress (no port forward)
If you want traffic via Tunnel instead of direct IP:
1. **Zero Trust****Networks****Tunnels****Create a tunnel** → name `mifos-r630-02` → copy the **tunnel token**.
2. In `.env` set:
- `CLOUDFLARE_TUNNEL_TOKEN_MIFOS_R630_02='<token>'`
- `CLOUDFLARE_TUNNEL_ID_MIFOS_R630_02='<tunnel-uuid>'` (from dashboard or `cloudflared tunnel list` after install)
3. Run: `./scripts/install-tunnel-mifos-r630-02.sh`
4. In Zero Trust → **mifos-r630-02****Published application routes**: add **mifos.d-bis.org****Service** either `http://192.168.11.85:80` (no SSL on origin) or `https://192.168.11.85:443` (run `./scripts/mifos/install-nginx-https-5800.sh` first, then add Origin config **No TLS Verify**).
5. **Switch DNS to use the tunnel:** In `.env` set `CLOUDFLARE_TUNNEL_ID_MIFOS_R630_02=<tunnel-uuid>`, then run:
```bash
MIFOS_DNS_MODE=tunnel ./scripts/cloudflare/configure-mifos-dns.sh
```
(mifos.d-bis.org becomes CNAME to `<tunnel-id>.cfargotunnel.com`; no UDM port forward needed for this hostname.)
6. **Regional Services (UK):** Zero Trust / Data Localization → **Regional Services** → attach **mifos.d-bis.org** → select UK (or EU) region.
### 3. Change default password
- Log in at https://mifos.d-bis.org (after port forward or tunnel) with **mifos** / **password** and change the password.
### 4. Verification
- **Direct (76.53.10.41):** After UDM port forward: `curl -I https://mifos.d-bis.org`
- **Tunnel:** After tunnel + DNS switch: same URL; tunnel status in Zero Trust should be Healthy.
- **UK egress:** Check `Cf-Ray` header or Cloudflare analytics for UK colo.
### 5. Troubleshooting HTTP 530 (tunnel)
Cloudflare returns **530** when the tunnel cant reach the origin. Check:
1. **Run from project root:** `./scripts/verify/verify-mifos-tunnel-530.sh`
Confirms: cloudflared active in LXC 5800, and `http://127.0.0.1:80` responds inside the container.
2. **Zero Trust → Networks → Tunnels** → **mifos-r630-02** → **Published application routes**
- For **HTTP to origin:** Service `http://192.168.11.85:80`.
- For **HTTPS to origin:** Service `https://192.168.11.85:443`; run `./scripts/mifos/install-nginx-https-5800.sh` first, then add an **Origin configuration** for this route with **No TLS Verify** (required for self-signed cert).
3. **Tunnel status** in the dashboard should be **Healthy**. If not, restart in 5800:
`ssh root@<r630-02> 'pct exec 5800 -- systemctl restart cloudflared'`
Reference in New Issue View Git Blame Copy Permalink