d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fa5de3ba0110f8f6c19d43df484a805dc1d857f0
proxmox/docs/03-deployment/DAPP_LXC_DEPLOYMENT.md
defiQUG bea1903ac9
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
Sync all local changes: docs, config, scripts, submodule refs, verification evidence 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-21 15:46:06 -08:00

135 lines
7.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# DApp LXC Deployment (VMID 5801)
**Last Updated:** 2026-02-20
**Status:** Active
**Note:** VMID **5800** is reserved for Mifos/Fineract (192.168.11.85, mifos.d-bis.org). The DApp uses **5801** at **192.168.11.58**.
---
## Overview
One Proxmox LXC container (VMID **5801**, hostname **dapp-smom**) runs the Bridge DApp (frontend build from `smom-dbis-138/frontend-dapp`) and is reachable via the existing network and NPMplus.
- **VMID:** 5801 (from range 57015999; 5800 is Mifos)
- **Hostname:** dapp-smom
- **IP:** 192.168.11.58 (static; override with `IP_DAPP_LXC`)
- **Node:** Default r630-02 (same as 5800); override with `NODE` if needed.
## Prerequisites
- Run the deploy script from a machine that can SSH to the Proxmox host, or run it on the Proxmox host (with `pct`).
- Ubuntu 22.04 LTS template on the host: `local:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst`.
- For build: set **REPO_URL** to the Git URL of the repo (e.g. your fork or the main smom-dbis-138 repo).
## Running the Script
From the **proxmox** repo root (or from `smom-dbis-138`):
```bash
# Optional: load IP/config
source config/ip-addresses.conf 2>/dev/null || true
# Create and provision (from Proxmox host)
cd smom-dbis-138
REPO_URL=https://github.com/your-org/smom-dbis-138.git ./scripts/deployment/deploy-dapp-lxc.sh
# Or from another machine via SSH
PROXMOX_HOST=192.168.11.12 REPO_URL=https://github.com/your-org/smom-dbis-138.git \
./scripts/deployment/deploy-dapp-lxc.sh
```
- **--dry-run:** Print what would be done; do not create or change anything.
- **--skip-create:** Assume container 5801 already exists; only install Node/nginx, clone, build, and configure nginx.
### Env Overrides
| Variable | Default | Description |
|----------------|----------------------|--------------------------------------|
| VMID | 5801 | Container ID (5800 = Mifos) |
| HOSTNAME | dapp-smom | Container hostname |
| IP_DAPP_LXC | 192.168.11.58 | Static IP (`IP_DAPP_LXC` in config) |
| PROXMOX_HOST | (none) | If set, script SSHs here to run pct |
| NODE | (none) | Proxmox node name for `pct --node` |
| REPO_URL | (required for build) | Git URL to clone |
| ENV_FILE | (none) | Path to .env (VITE_* for build) |
| MEMORY_MB | 6144 | RAM |
| CORES | 4 | CPU cores |
| DISK_GB | 40 | Root disk size |
| TEMPLATE | ubuntu-22.04-standard | LXC template |
| IP_CONFIG_PATH | (auto) | Override path to ip-addresses.conf; script also tries SMOM_ROOT/../../config and SCRIPT_DIR/../../../config |
## What Runs Inside the LXC
- **Node.js 20** (from NodeSource) for building.
- **Clone** of the repo to `/srv/smom-dbis-138` (from REPO_URL).
- **Build:** `npm ci && npm run build` in `frontend-dapp`, using env from `/srv/smom-dbis-138/.env` if present (e.g. VITE_* for contract addresses and RPC).
- **Nginx** serving `/srv/smom-dbis-138/frontend-dapp/dist` on port 80.
## Production build: VITE_* and .env
VITE_* variables are **baked in at build time**. For a production build with custom contract addresses or RPC URLs you must have a `.env` (or `.env.production`) in the container **before** running `npm run build`.
- **Set ENV_FILE** when running the deploy script: the script copies that file into the container (when running on the Proxmox host, or via scp + pct push when using PROXMOX_HOST) before the build step.
- **Or** after clone and before build: copy `.env` into the container manually, e.g. from the Proxmox host:
```bash
pct push 5801 /path/to/your/.env /srv/smom-dbis-138/.env
```
then run the build (e.g. with `--skip-create` and REPO_URL set, or run the build step by hand inside the container).
- **Or** in CI: build with env injected (e.g. `env VITE_RPC_URL_138=... npm run build`), then rsync the `dist/` folder into the container and reload nginx; no need for a full clone inside the container.
Relevant VITE_* (see `smom-dbis-138/.env.example` and `frontend-dapp/src/config/bridge.ts`, `networks.ts`):
- **RPC:** `VITE_RPC_URL_138`, `VITE_BSC_RPC_URL`, `VITE_AVALANCHE_RPC_URL`, `VITE_CRONOS_RPC_URL`, `VITE_GNOSIS_RPC_URL`
- **Trustless:** `VITE_LOCKBOX_138`, `VITE_INBOX_ETH_MAINNET`, `VITE_LIQUIDITY_POOL_ETH_MAINNET`, `VITE_BRIDGE_SWAP_COORDINATOR_MAINNET`, `VITE_DUAL_ROUTER_BRIDGE_SWAP_COORDINATOR`, `VITE_CHALLENGE_MANAGER_MAINNET`, `VITE_CUSDT_ADDRESS_138`, `VITE_CUSDC_ADDRESS_138`
- **WalletConnect / thirdweb:** `VITE_WALLETCONNECT_PROJECT_ID`, `VITE_THIRDWEB_CLIENT_ID`
## Updating the DApp
1. SSH or `pct exec` into the container:
```bash
pct exec 5801 -- bash
```
2. Pull and rebuild:
```bash
cd /srv/smom-dbis-138 && git pull && cd frontend-dapp && npm ci && npm run build
```
3. Reload nginx:
```bash
systemctl reload nginx
```
Or from the host (one-liner):
```bash
pct exec 5801 -- bash -c 'cd /srv/smom-dbis-138 && git pull && cd frontend-dapp && npm ci && npm run build && systemctl reload nginx'
```
## NPMplus / Reverse Proxy
Add a proxy host in NPMplus pointing to the LXC:
- **Upstream:** `http://192.168.11.58:80` (or the IP you set with `IP_DAPP_LXC`).
- **Domain:** e.g. `dapp.d-bis.org` or `app.d-bis.org` (your choice).
Document the chosen hostname in your VMID/IP reference (e.g. [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)).
## VMID / IP Reference
See [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md) for the 5801 entry (DApp LXC).
## Full E2E: Cloudflare Tunnel + DNS + NPMplus SSL
To expose the DApp at **https://dapp.d-bis.org** with an existing Cloudflare Tunnel and full SSL:
1. **Tunnel (existing):** In Cloudflare Zero Trust → Networks → Tunnels → tunnel that uses `https://192.168.11.167:443` (same as RPC Option B). Add **Public Hostname:** `dapp.d-bis.org` → **URL** `https://192.168.11.167:443` (No TLS Verify).
2. **DNS:** In Cloudflare DNS (zone d-bis.org), add **CNAME** `dapp` → `<CLOUDFLARE_TUNNEL_ID>.cfargotunnel.com` (Proxied).
3. **NPMplus (10233 @ 192.168.11.167):** Add Proxy Host: Domain `dapp.d-bis.org`, Forward `192.168.11.58:80`, Scheme HTTP. Request Let's Encrypt (or Cloudflare Origin cert); Force SSL.
4. **DApp LXC:** Deploy with VMID=5801, IP_DAPP_LXC=192.168.11.58 (see Running the Script above).
Traffic flow: **Internet → Cloudflare → Tunnel → NPMplus 10233 → http://192.168.11.58:80** (LXC 5801). See [CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md](../05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md) and [OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md](../05-network/OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md).
## Optional: Token-Aggregation in Same Container
To run token-aggregation in the same LXC, install and run it (e.g. via systemd) and optionally proxy it through nginx. Configuration is out of scope here; see token-aggregation docs.
Reference in New Issue View Git Blame Copy Permalink