d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
f0f0a4bb844eefe6c19e9568c3af9b2d387e5a2e
proxmox/docs/04-configuration/NEXT_STEPS_CHAIN138_RPC.md
defiQUG b8613905bd
Some checks failed
Deploy to Phoenix / validate (push) Failing after 15s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
chore: sync workspace — configs, docs, scripts, CI, pnpm, submodules 
- Submodule pins: dbis_core, cross-chain-pmm-lps, mcp-proxmox (local, push may be pending), metamask-integration, smom-dbis-138
- Atomic swap + cross-chain-pmm-lops-publish, deploy-portal workflow, phoenix deploy-targets, routing/aggregator matrices
- Docs, token-lists, forge proxy, phoenix API, runbooks, verify scripts

Made-with: Cursor
2026-04-21 22:01:33 -07:00

223 lines
10 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Next Steps: Chain 138 RPC (DeFi Oracle Meta Mainnet) Complete with .env
**Last Updated:** 2026-01-31
**Document Version:** 1.0
**Status:** Active Documentation
---
**Purpose**: Detailed checklist to complete public RPC for Chain 138 using `.env` and scripts. All automated steps read from the project `.env` file.
---
## Current status (as of 2026-01-29)
| Check | Result |
|-------|--------|
| **Proxy hosts** | 26 total, **26 with cert**, 0 without cert |
| **Certificates** | **Corrected.** rpc.d-bis.org now uses cert 141 (expires 2026-04-30). RENEW: 0, KEEP: 25. Old cert 135 inactive (REMOVE). |
| **RPC verification** | Run from a host that can reach your public IP (or use `NPM_HOST=192.168.11.167` for LAN). See §4 and endpoint table below. |
**Quick status commands** (from repo root):
```bash
./scripts/list-npmplus-proxy-hosts-cert-status.sh # With cert: 26, No cert: 0
./scripts/list-npmplus-certificates-status.sh # RENEW: 0, KEEP: 25
```
### Endpoint verification (ChainID 138 exhaustive list)
All endpoints below were checked: `eth_chainId` returns `0x8a` (138). DNS for your domains resolves to PUBLIC_IP (76.53.10.36).
| Endpoint | Type | Result | Note |
|----------|------|--------|------|
| `https://rpc.defi-oracle.io` | HTTPS | OK | ChainList; may need `-k` from some clients if cert chain differs |
| `https://rpc.d-bis.org` | HTTPS | OK | Your NPMplus host |
| `https://rpc-http-pub.d-bis.org` | HTTPS | OK | GitHub/ethereum-lists |
| `https://rpc-http-prv.d-bis.org` | HTTPS | OK | GitHub/ethereum-lists |
| `https://rpc.public-0138.defi-oracle.io` | HTTPS | OK | CoinFactory |
| `https://138.rpc.thirdweb.com` | HTTPS | OK | Third-party gateway (Metaschool) |
| `wss://wss.defi-oracle.io` | WSS | OK | ChainList |
| `wss://rpc.public-0138.defi-oracle.io` | WSS | OK | CoinFactory |
**Verify from repo root:**
```bash
# HTTPS (expect "result":"0x8a")
curl -s -X POST https://rpc.defi-oracle.io -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
curl -s -X POST https://rpc.d-bis.org -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# WSS
pnpm run verify:ws-chain138
node scripts/verify-ws-rpc-chain138.mjs wss://wss.defi-oracle.io
node scripts/verify-ws-rpc-chain138.mjs wss://rpc.public-0138.defi-oracle.io
```
---
## 1. .env variables required
Copy `.env.example` to `.env` (or create `.env` in the repo root) and set the following. Scripts source `.env` automatically.
### 1.1 Cloudflare (DNS)
| Variable | Required | Description |
|----------|----------|-------------|
| PUBLIC_IP | Yes | Public IP for all A records (e.g. 76.53.10.36). |
| CLOUDFLARE_API_TOKEN | One of two | Cloudflare API token (recommended). |
| CLOUDFLARE_EMAIL + CLOUDFLARE_API_KEY | One of two | Email + Global API Key. |
| CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO | Yes for defi-oracle | Zone ID for defi-oracle.io. |
| CLOUDFLARE_ZONE_ID_D_BIS_ORG | Optional | Zone ID for d-bis.org. |
| CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS | Optional | Zone ID for sankofa.nexus. |
| CLOUDFLARE_ZONE_ID_MIM4U_ORG | Optional | Zone ID for mim4u.org. |
### 1.2 NPMplus (proxy hosts)
| Variable | Required | Description |
|----------|----------|-------------|
| NPM_URL | Yes | NPMplus admin URL (e.g. https://192.168.11.167:81). |
| NPM_EMAIL | Yes | NPMplus login email. |
| NPM_PASSWORD | Yes | NPMplus login password. |
| NPM_HOST | Optional | NPMplus container IP (split-DNS, LAN tests; default 192.168.11.167). |
| NPM_VMID / NPMPLUS_VMID | Optional | NPMplus container VMID (default 10233). |
| NPMPLUS_HOST / NPM_PROXMOX_HOST | Optional | Proxmox host where NPMplus runs (SSH; default 192.168.11.11). |
### 1.3 Example .env snippet
```bash
PUBLIC_IP=76.53.10.36
CLOUDFLARE_API_TOKEN=your-cloudflare-api-token
CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO=your-defi-oracle-io-zone-id
CLOUDFLARE_ZONE_ID_D_BIS_ORG=your-d-bis-org-zone-id
NPM_URL=https://192.168.11.167:81
NPM_EMAIL=admin@example.org
NPM_PASSWORD=your-npm-password
```
---
## 2. Automated steps (all use .env)
Run from repo root. Ensure `.env` exists.
### 2.1 One-command full run
```bash
./scripts/complete-chain138-rpc-setup.sh
```
This runs in order:
1. **Cloudflare DNS** update-all-dns-to-public-ip.sh. Creates/updates A records for all zones (incl. defi-oracle.io: rpc.public-0138, rpc, wss) to PUBLIC_IP, DNS only.
2. **NPMplus create** create-npmplus-rpc-d-bis-hosts.sh (rpc.d-bis.org, rpc2.d-bis.org, ws.rpc.d-bis.org, ws.rpc2.d-bis.org) and create-npmplus-defi-oracle-hosts.sh (rpc.defi-oracle.io, wss.defi-oracle.io) if missing.
3. **NPMplus update** update-npmplus-proxy-hosts-api.sh. Updates all proxy hosts (forward_host/port, WebSocket).
4. **NPMplus SSL** request-npmplus-certificates.sh. Requests Let's Encrypt certificates for all proxy hosts (incl. rpc/wss.defi-oracle.io).
5. **Verify** fix-rpc-chain138-npmplus.sh. Checks rpc-http-pub.d-bis.org returns eth_chainId 0x8a (138).
### 2.2 Ensure NPMplus VM is running (optional first step)
The VM that hosts NPM (VMID 10233 on r630-01 at 192.168.11.167:81) must be running. To check and optionally start it:
```bash
./scripts/ensure-npmplus-vm-operational.sh
```
This checks container status on Proxmox (via SSH to 192.168.11.11), starts VMID 10233 if stopped, then verifies HTTP/HTTPS on 80/81/443 and optionally NPM API login. Requires SSH to r630-01 (192.168.11.11) for container start.
### 2.3 Step-by-step
| Step | Script | .env used |
|------|--------|-----------|
| 0. NPM VM | ./scripts/ensure-npmplus-vm-operational.sh | NPM_URL, NPM_HOST, PROXMOX_HOST, NPM_EMAIL, NPM_PASSWORD |
| 1. DNS | ./scripts/update-all-dns-to-public-ip.sh | PUBLIC_IP, CLOUDFLARE_*, CLOUDFLARE_ZONE_ID_* |
| 2a. NPMplus create (d-bis) | ./scripts/nginx-proxy-manager/create-npmplus-rpc-d-bis-hosts.sh | NPM_URL, NPM_EMAIL, NPM_PASSWORD |
| 2b. NPMplus create (defi-oracle) | ./scripts/nginx-proxy-manager/create-npmplus-defi-oracle-hosts.sh | NPM_URL, NPM_EMAIL, NPM_PASSWORD |
| 3. NPMplus update | ./scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh | NPM_URL, NPM_EMAIL, NPM_PASSWORD |
| 4. NPMplus SSL | ./scripts/request-npmplus-certificates.sh | NPM_URL, NPM_EMAIL, NPM_PASSWORD |
| 5. Verify RPC | ./scripts/fix-rpc-chain138-npmplus.sh | NPM_URL, NPM_PASSWORD |
---
## 3. Remaining manual steps
### 3.1 UDM Pro port forwarding
Ensure these rules exist in UniFi Network → Firewall & Security → Port Forwarding (use PUBLIC_IP from .env):
- PUBLIC_IP:80 → 192.168.11.167:80 (TCP)
- PUBLIC_IP:443 → 192.168.11.167:443 (TCP)
To print the exact rules (using PUBLIC_IP from .env):
```bash
./scripts/udm-pro-port-forwarding-chain138.sh
```
### 3.2 NPMplus SSL
SSL is requested automatically in Step 4 of `complete-chain138-rpc-setup.sh`. If you skipped it or need to re-request:
```bash
./scripts/request-npmplus-certificates.sh
```
**Current**: All 26 proxy hosts have a cert; rpc.d-bis.org renewed (cert 141, expires 2026-04-30). If any host needs renewal: NPMplus UI → proxy host → SSL tab → Request a new SSL Certificate → **DNS Challenge** → Cloudflare. For bulk “7 hosts” flow when adding new hosts, see **docs/04-configuration/NPMPLUS_REQUEST_7_CERTS_VIA_UI.md**.
### 3.3 Chainlist (optional)
To add Chain 138 to chainlist.org, use the helper script then open a PR to ethereum-lists/chains:
```bash
./scripts/submit-chain138-to-chainlist.sh
```
Source file: `pr-workspace/chains/_data/chains/eip155-138.json`.
---
## 4. Verification
```bash
dig +short rpc.defi-oracle.io
dig +short wss.defi-oracle.io
curl -s -X POST https://rpc-http-pub.d-bis.org -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
curl -s -X POST https://rpc.defi-oracle.io -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# WebSocket (from repo root; use NPM_HOST=192.168.11.167 for LAN)
pnpm run verify:ws-chain138
```
Expect HTTP/WS result 0x8a (138).
---
## 5. .env to script mapping
| Goal | .env | Script |
|------|------|--------|
| Update all DNS to PUBLIC_IP | PUBLIC_IP, CLOUDFLARE_*, CLOUDFLARE_ZONE_ID_* | update-all-dns-to-public-ip.sh |
| Create rpc.d-bis.org / rpc2.d-bis.org / ws.* hosts | NPM_URL, NPM_EMAIL, NPM_PASSWORD | create-npmplus-rpc-d-bis-hosts.sh |
| Create rpc/wss.defi-oracle.io hosts | NPM_URL, NPM_EMAIL, NPM_PASSWORD | create-npmplus-defi-oracle-hosts.sh |
| Update all NPMplus proxy hosts | NPM_URL, NPM_EMAIL, NPM_PASSWORD | update-npmplus-proxy-hosts-api.sh |
| Request SSL for proxy hosts | NPM_URL, NPM_EMAIL, NPM_PASSWORD | request-npmplus-certificates.sh |
| Verify public RPC | NPM_URL, NPM_PASSWORD | fix-rpc-chain138-npmplus.sh |
| Run all automated steps | All above | complete-chain138-rpc-setup.sh |
| Ensure NPM VM running | NPM_URL, PROXMOX_HOST, NPM_* | ensure-npmplus-vm-operational.sh |
| Print UDM Pro port rules | PUBLIC_IP, NPM_HOST | udm-pro-port-forwarding-chain138.sh |
| Prepare Chainlist PR | — | submit-chain138-to-chainlist.sh |
---
## 6. Troubleshooting
- DNS script skips defi-oracle.io: set CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO in .env.
- NPMplus create/update fails: check NPM_URL reachable (e.g. from 192.168.11.x), NPM_EMAIL and NPM_PASSWORD correct.
- Update script says domain not found for rpc/wss.defi-oracle.io: run create-npmplus-defi-oracle-hosts.sh first. For rpc.d-bis.org / rpc2.d-bis.org / ws.*: run create-npmplus-rpc-d-bis-hosts.sh first.
- RPC 502/504: confirm UDM Pro forwards to 192.168.11.167 and Besu (2201) / VMID 2400 running.
- SSL "Internal Error" for new hosts (rpc.d-bis.org, rpc2.d-bis.org, ws.rpc.d-bis.org, ws.rpc2.d-bis.org): wait a few minutes for DNS propagation, then re-run `./scripts/request-npmplus-certificates.sh` or request certs in NPMplus UI for those hosts.
- **Many Inactive TLS certificates** in NPMplus: see **docs/04-configuration/NPMPLUS_TLS_CLEANUP.md** for cleanup steps. The request script now skips hosts that already have a cert to avoid duplicates.
- **SSL "Internal Error" with DNS (Cloudflare)** and PyPI/certbot-dns-cloudflare connection errors: the NPM container cannot reach PyPI. See **docs/04-configuration/NPM_SSL_DNS_CLOUDFLARE_TROUBLESHOOTING.md**. Fix container DNS/outbound, then run `./scripts/install-certbot-dns-cloudflare-in-npm.sh` or install the plugin inside the container and retry in the NPM UI.
---
**See also**: PUBLIC_RPC_CHAIN138_LEDGER.md, RPC_ENDPOINTS_MASTER.md
Reference in New Issue View Git Blame Copy Permalink