d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
f0f0a4bb844eefe6c19e9568c3af9b2d387e5a2e
proxmox/reports/VMID_7810_DNS_NPMPLUS_CONFIGURATION.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

254 lines
6.1 KiB
Markdown
Raw Blame History

# MIM4U.ORG DNS & NPMplus Proxy Configuration
**Date**: 2026-01-20
**Status**: ✅ **FULLY CONFIGURED**
---
## Summary
The DNS and proxy configuration for `mim4u.org` is correctly set up:
- **DNS** points to NPMplus (via public IP `76.53.10.36`)
- **NPMplus** handles SSL certificates and terminates HTTPS
- **NPMplus** proxies to nginx on VMID 7810 (`192.168.11.37:80`)
---
## Current Configuration
### 1. DNS Configuration (Cloudflare)
| Domain | Type | Target | Proxy Status | TTL |
|--------|------|--------|--------------|-----|
| `mim4u.org` | A | `76.53.10.36` | DNS Only | Auto |
| `www.mim4u.org` | A | `76.53.10.36` | DNS Only | Auto |
| `secure.mim4u.org` | A | `76.53.10.36` | DNS Only | Auto |
| `training.mim4u.org` | A | `76.53.10.36` | DNS Only | Auto |
**DNS Resolution Verified:**
```bash
$ dig +short mim4u.org
76.53.10.36
```
---
### 2. Port Forwarding (UDM Pro)
| Service | Public IP:Port | Internal IP:Port | Protocol | Status |
|---------|---------------|------------------|----------|--------|
| HTTPS | `76.53.10.36:443` | `192.168.11.166:443` | TCP | ✅ Configured |
| HTTP | `76.53.10.36:80` | `192.168.11.166:80` | TCP | ✅ Configured |
**NPMplus Container:**
- **VMID**: 10233
- **Host**: r630-01 (192.168.11.11)
- **Internal IP**: 192.168.11.166
- **Management UI**: https://192.168.11.166:81
---
### 3. NPMplus Proxy Configuration
**Proxy Host ID**: 17
**Domain**: `mim4u.org`
**SSL Certificate**: npm-50 (Certbot Let's Encrypt)
**Configuration:**
```
server_name mim4u.org;
ssl_certificate /data/tls/certbot/live/npm-50/fullchain.pem;
ssl_certificate_key /data/tls/certbot/live/npm-50/privkey.pem;
proxy_pass http://192.168.11.37:80$request_uri;
```
**Additional Domains (Same Proxy Host):**
- `www.mim4u.org` → Same proxy (redirect configured)
- `secure.mim4u.org` → Same proxy (separate proxy host ID: 19)
- `training.mim4u.org` → Same proxy (separate proxy host ID: 20)
**SSL Features Enabled:**
- ✅ HSTS (HTTP Strict Transport Security)
- ✅ Force HTTPS redirect
- ✅ Brotli compression
- ✅ Security headers (CSP, X-Frame-Options, etc.)
---
### 4. Backend Nginx (VMID 7810)
**VM Details:**
- **VMID**: 7810
- **Hostname**: mim-web-1
- **Host**: r630-02 (192.168.11.12)
- **Internal IP**: 192.168.11.37
- **Port**: 80 (HTTP)
**Nginx Status:**
- ✅ Installed: nginx 1.18.0
- ✅ Service: Running and enabled
- ✅ Listening: Port 80
- ✅ Web root: `/var/www/html`
**Verification:**
```bash
$ ssh root@192.168.11.12 "pct exec 7810 -- systemctl status nginx"
Active: active (running)
```
---
## Complete Traffic Flow
```
Internet User
↓ DNS Query: mim4u.org
Cloudflare DNS (76.53.10.36)
↓ HTTPS Request: https://mim4u.org
UDM Pro Port Forwarding (76.53.10.36:443)
↓ Forwards to: 192.168.11.166:443
NPMplus (192.168.11.166:443)
├─ SSL Termination (Certbot certificate)
├─ Security Headers Added
├─ HSTS Enforced
└─ Proxy Pass: http://192.168.11.37:80
↓ HTTP Request (internal)
nginx on VMID 7810 (192.168.11.37:80)
├─ Serves static files from /var/www/html
└─ Returns response
↓ (Response path reverses)
Internet User (HTTPS response)
```
---
## Configuration Verification
### Test DNS Resolution
```bash
dig +short mim4u.org
# Expected: 76.53.10.36
```
### Test NPMplus SSL Certificate
```bash
curl -vI https://mim4u.org 2>&1 | grep -E "(certificate|SSL|TLS)"
```
### Test Internal Proxy (from NPMplus)
```bash
ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus curl -I http://192.168.11.37/"
```
### Test Backend Nginx (from Proxmox host)
```bash
ssh root@192.168.11.12 "pct exec 7810 -- curl -I http://localhost/"
```
### Test End-to-End (External)
```bash
curl -I https://mim4u.org
# Expected: HTTP/2 200 or 301/302 redirect
```
---
## Related Domains
All MIM4U domains are configured with the same backend:
| Domain | NPMplus Proxy Host ID | Backend | Status |
|--------|----------------------|---------|--------|
| `mim4u.org` | 17 | 192.168.11.37:80 | ✅ Active |
| `secure.mim4u.org` | 19 | 192.168.11.37:80 | ✅ Active |
| `training.mim4u.org` | 20 | 192.168.11.37:80 | ✅ Active |
**Note**: `www.mim4u.org` is handled by the same proxy host (ID 17) via `server_name` configuration.
---
## Update Configuration
To update the NPMplus proxy host configuration:
```bash
cd /home/intlc/projects/proxmox
bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh
```
This script updates all proxy hosts, including mim4u.org (confirmed pointing to 192.168.11.37:80).
---
## SSL Certificate Management
SSL certificates are managed by Certbot within NPMplus:
- **Certificate ID**: npm-50
- **Provider**: Let's Encrypt
- **Auto-renewal**: Enabled
- **Certificate Location**: `/data/tls/certbot/live/npm-50/`
To manually renew certificates:
```bash
ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus certbot renew"
```
---
## Troubleshooting
### Issue: DNS not resolving
**Check:**
```bash
dig +short mim4u.org
# Should return: 76.53.10.36
```
### Issue: SSL certificate invalid
**Check:**
```bash
curl -vI https://mim4u.org 2>&1 | grep -i certificate
```
### Issue: Cannot reach backend nginx
**Check:**
```bash
# From NPMplus container
ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus curl -I http://192.168.11.37/"
# From Proxmox host
ssh root@192.168.11.12 "pct exec 7810 -- systemctl status nginx"
```
### Issue: Port forwarding not working
**Verify UDM Pro port forwarding rules:**
- Public IP: 76.53.10.36:443 → Internal: 192.168.11.166:443
- Public IP: 76.53.10.36:80 → Internal: 192.168.11.166:80
---
## Related Documentation
- `reports/VMID_7810_NGINX_INSTALLATION_COMPLETE.md` - Nginx installation details
- `reports/VMID_7810_NETWORK_TEST_RESULTS_FINAL.md` - Network connectivity tests
- `docs/04-configuration/NGINX_PUBLIC_IP_CONFIGURATION.md` - Public IP configuration
- `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` - Proxy update script
---
**Configuration Status**: ✅ **COMPLETE AND VERIFIED**
**Last Verified**: 2026-01-20
Reference in New Issue View Git Blame Copy Permalink