proxmox/docs/04-configuration/NEXT_STEPS_CHAIN138_RPC.md

Next Steps: Chain 138 RPC (Defi Oracle Meta Mainnet) – Complete with .env

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

---

Purpose: Detailed checklist to complete public RPC for Chain 138 using .env and scripts. All automated steps read from the project .env file.

---

Current status (as of 2026-01-29)

Check	Result
Proxy hosts	26 total, 26 with cert, 0 without cert
Certificates	Corrected. rpc.d-bis.org now uses cert 141 (expires 2026-04-30). RENEW: 0, KEEP: 25. Old cert 135 inactive (REMOVE).
RPC verification	Run from a host that can reach your public IP (or use NPM_HOST=192.168.11.167 for LAN). See §4 and endpoint table below.

Quick status commands (from repo root):

./scripts/list-npmplus-proxy-hosts-cert-status.sh   # With cert: 26, No cert: 0
./scripts/list-npmplus-certificates-status.sh      # RENEW: 0, KEEP: 25

Endpoint verification (ChainID 138 – exhaustive list)

All endpoints below were checked: eth_chainId returns 0x8a (138). DNS for your domains resolves to PUBLIC_IP (76.53.10.36).

Endpoint	Type	Result	Note
https://rpc.defi-oracle.io	HTTPS	OK	ChainList; may need -k from some clients if cert chain differs
https://rpc.d-bis.org	HTTPS	OK	Your NPMplus host
https://rpc-http-pub.d-bis.org	HTTPS	OK	GitHub/ethereum-lists
https://rpc-http-prv.d-bis.org	HTTPS	OK	GitHub/ethereum-lists
https://rpc.public-0138.defi-oracle.io	HTTPS	OK	CoinFactory
https://138.rpc.thirdweb.com	HTTPS	OK	Third-party gateway (Metaschool)
wss://wss.defi-oracle.io	WSS	OK	ChainList
wss://rpc.public-0138.defi-oracle.io	WSS	OK	CoinFactory

Verify from repo root:

# HTTPS (expect "result":"0x8a")
curl -s -X POST https://rpc.defi-oracle.io -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
curl -s -X POST https://rpc.d-bis.org -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# WSS
pnpm run verify:ws-chain138
node scripts/verify-ws-rpc-chain138.mjs wss://wss.defi-oracle.io
node scripts/verify-ws-rpc-chain138.mjs wss://rpc.public-0138.defi-oracle.io

---

1. .env variables required

Copy .env.example to .env (or create .env in the repo root) and set the following. Scripts source .env automatically.

1.1 Cloudflare (DNS)

Variable	Required	Description
PUBLIC_IP	Yes	Public IP for all A records (e.g. 76.53.10.36).
CLOUDFLARE_API_TOKEN	One of two	Cloudflare API token (recommended).
CLOUDFLARE_EMAIL + CLOUDFLARE_API_KEY	One of two	Email + Global API Key.
CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO	Yes for defi-oracle	Zone ID for defi-oracle.io.
CLOUDFLARE_ZONE_ID_D_BIS_ORG	Optional	Zone ID for d-bis.org.
CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS	Optional	Zone ID for sankofa.nexus.
CLOUDFLARE_ZONE_ID_MIM4U_ORG	Optional	Zone ID for mim4u.org.

1.2 NPMplus (proxy hosts)

Variable	Required	Description
NPM_URL	Yes	NPMplus admin URL (e.g. https://192.168.11.167:81).
NPM_EMAIL	Yes	NPMplus login email.
NPM_PASSWORD	Yes	NPMplus login password.
NPM_HOST	Optional	NPMplus container IP (split-DNS, LAN tests; default 192.168.11.167).
NPM_VMID / NPMPLUS_VMID	Optional	NPMplus container VMID (default 10233).
NPMPLUS_HOST / NPM_PROXMOX_HOST	Optional	Proxmox host where NPMplus runs (SSH; default 192.168.11.11).

1.3 Example .env snippet

PUBLIC_IP=76.53.10.36
CLOUDFLARE_API_TOKEN=your-cloudflare-api-token
CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO=your-defi-oracle-io-zone-id
CLOUDFLARE_ZONE_ID_D_BIS_ORG=your-d-bis-org-zone-id

NPM_URL=https://192.168.11.167:81
NPM_EMAIL=admin@example.org
NPM_PASSWORD=your-npm-password

---

2. Automated steps (all use .env)

Run from repo root. Ensure .env exists.

2.1 One-command full run

./scripts/complete-chain138-rpc-setup.sh

This runs in order:

1. Cloudflare DNS – update-all-dns-to-public-ip.sh. Creates/updates A records for all zones (incl. defi-oracle.io: rpc.public-0138, rpc, wss) to PUBLIC_IP, DNS only.
2. NPMplus create – create-npmplus-rpc-d-bis-hosts.sh (rpc.d-bis.org, rpc2.d-bis.org, ws.rpc.d-bis.org, ws.rpc2.d-bis.org) and create-npmplus-defi-oracle-hosts.sh (rpc.defi-oracle.io, wss.defi-oracle.io) if missing.
3. NPMplus update – update-npmplus-proxy-hosts-api.sh. Updates all proxy hosts (forward_host/port, WebSocket).
4. NPMplus SSL – request-npmplus-certificates.sh. Requests Let's Encrypt certificates for all proxy hosts (incl. rpc/wss.defi-oracle.io).
5. Verify – fix-rpc-chain138-npmplus.sh. Checks rpc-http-pub.d-bis.org returns eth_chainId 0x8a (138).

2.2 Ensure NPMplus VM is running (optional first step)

The VM that hosts NPM (VMID 10233 on r630-01 at 192.168.11.167:81) must be running. To check and optionally start it:

./scripts/ensure-npmplus-vm-operational.sh

This checks container status on Proxmox (via SSH to 192.168.11.11), starts VMID 10233 if stopped, then verifies HTTP/HTTPS on 80/81/443 and optionally NPM API login. Requires SSH to r630-01 (192.168.11.11) for container start.

2.3 Step-by-step

Step	Script	.env used
0. NPM VM	./scripts/ensure-npmplus-vm-operational.sh	NPM_URL, NPM_HOST, PROXMOX_HOST, NPM_EMAIL, NPM_PASSWORD
1. DNS	./scripts/update-all-dns-to-public-ip.sh	PUBLIC_IP, CLOUDFLARE_, CLOUDFLARE_ZONE_ID_
2a. NPMplus create (d-bis)	./scripts/nginx-proxy-manager/create-npmplus-rpc-d-bis-hosts.sh	NPM_URL, NPM_EMAIL, NPM_PASSWORD
2b. NPMplus create (defi-oracle)	./scripts/nginx-proxy-manager/create-npmplus-defi-oracle-hosts.sh	NPM_URL, NPM_EMAIL, NPM_PASSWORD
3. NPMplus update	./scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh	NPM_URL, NPM_EMAIL, NPM_PASSWORD
4. NPMplus SSL	./scripts/request-npmplus-certificates.sh	NPM_URL, NPM_EMAIL, NPM_PASSWORD
5. Verify RPC	./scripts/fix-rpc-chain138-npmplus.sh	NPM_URL, NPM_PASSWORD

---

3. Remaining manual steps

3.1 UDM Pro port forwarding

Ensure these rules exist in UniFi Network → Firewall & Security → Port Forwarding (use PUBLIC_IP from .env):

• PUBLIC_IP:80 → 192.168.11.167:80 (TCP)
• PUBLIC_IP:443 → 192.168.11.167:443 (TCP)

To print the exact rules (using PUBLIC_IP from .env):

./scripts/udm-pro-port-forwarding-chain138.sh

3.2 NPMplus SSL

SSL is requested automatically in Step 4 of complete-chain138-rpc-setup.sh. If you skipped it or need to re-request:

./scripts/request-npmplus-certificates.sh

Current: All 26 proxy hosts have a cert; rpc.d-bis.org renewed (cert 141, expires 2026-04-30). If any host needs renewal: NPMplus UI → proxy host → SSL tab → Request a new SSL Certificate → DNS Challenge → Cloudflare. For bulk “7 hosts” flow when adding new hosts, see docs/04-configuration/NPMPLUS_REQUEST_7_CERTS_VIA_UI.md.

3.3 Chainlist (optional)

To add Chain 138 to chainlist.org, use the helper script then open a PR to ethereum-lists/chains:

./scripts/submit-chain138-to-chainlist.sh

Source file: pr-workspace/chains/_data/chains/eip155-138.json.

---

4. Verification

dig +short rpc.defi-oracle.io
dig +short wss.defi-oracle.io
curl -s -X POST https://rpc-http-pub.d-bis.org -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
curl -s -X POST https://rpc.defi-oracle.io -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# WebSocket (from repo root; use NPM_HOST=192.168.11.167 for LAN)
pnpm run verify:ws-chain138

Expect HTTP/WS result 0x8a (138).

---

5. .env to script mapping

Goal	.env	Script
Update all DNS to PUBLIC_IP	PUBLIC_IP, CLOUDFLARE_, CLOUDFLARE_ZONE_ID_	update-all-dns-to-public-ip.sh
Create rpc.d-bis.org / rpc2.d-bis.org / ws.* hosts	NPM_URL, NPM_EMAIL, NPM_PASSWORD	create-npmplus-rpc-d-bis-hosts.sh
Create rpc/wss.defi-oracle.io hosts	NPM_URL, NPM_EMAIL, NPM_PASSWORD	create-npmplus-defi-oracle-hosts.sh
Update all NPMplus proxy hosts	NPM_URL, NPM_EMAIL, NPM_PASSWORD	update-npmplus-proxy-hosts-api.sh
Request SSL for proxy hosts	NPM_URL, NPM_EMAIL, NPM_PASSWORD	request-npmplus-certificates.sh
Verify public RPC	NPM_URL, NPM_PASSWORD	fix-rpc-chain138-npmplus.sh
Run all automated steps	All above	complete-chain138-rpc-setup.sh
Ensure NPM VM running	NPM_URL, PROXMOX_HOST, NPM_*	ensure-npmplus-vm-operational.sh
Print UDM Pro port rules	PUBLIC_IP, NPM_HOST	udm-pro-port-forwarding-chain138.sh
Prepare Chainlist PR	—	submit-chain138-to-chainlist.sh

---

6. Troubleshooting

• DNS script skips defi-oracle.io: set CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO in .env.
• NPMplus create/update fails: check NPM_URL reachable (e.g. from 192.168.11.x), NPM_EMAIL and NPM_PASSWORD correct.
• Update script says domain not found for rpc/wss.defi-oracle.io: run create-npmplus-defi-oracle-hosts.sh first. For rpc.d-bis.org / rpc2.d-bis.org / ws.*: run create-npmplus-rpc-d-bis-hosts.sh first.
• RPC 502/504: confirm UDM Pro forwards to 192.168.11.167 and Besu (2201) / VMID 2400 running.
• SSL "Internal Error" for new hosts (rpc.d-bis.org, rpc2.d-bis.org, ws.rpc.d-bis.org, ws.rpc2.d-bis.org): wait a few minutes for DNS propagation, then re-run ./scripts/request-npmplus-certificates.sh or request certs in NPMplus UI for those hosts.
• Many Inactive TLS certificates in NPMplus: see docs/04-configuration/NPMPLUS_TLS_CLEANUP.md for cleanup steps. The request script now skips hosts that already have a cert to avoid duplicates.
• SSL "Internal Error" with DNS (Cloudflare) and PyPI/certbot-dns-cloudflare connection errors: the NPM container cannot reach PyPI. See docs/04-configuration/NPM_SSL_DNS_CLOUDFLARE_TROUBLESHOOTING.md. Fix container DNS/outbound, then run ./scripts/install-certbot-dns-cloudflare-in-npm.sh or install the plugin inside the container and retry in the NPM UI.

---

See also: PUBLIC_RPC_CHAIN138_LEDGER.md, RPC_ENDPOINTS_MASTER.md