d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8380a36c673d98b50c25de762012acd386c0cc6a
explorer-monorepo/EXTERNAL_ACCESS_WORKING.md

155 lines
3.6 KiB
Markdown
Raw Blame History

# External Access Working - SSL Certificate Issue
**Date**: 2026-01-21
**Status**: ✅ **EXTERNAL ACCESS WORKING** (SSL certificate issue only)
---
## Great News! 🎉
**External access is working!** The connection to `https://explorer.d-bis.org` is successful.
The error you're seeing is **not a connection problem** - it's just an SSL certificate validation issue.
---
## Current Status
### ✅ What's Working
- **External access**: ✅ Connection successful
- **Port forwarding**: ✅ Working (UDM Pro → NPMplus)
- **NPMplus proxy**: ✅ Working
- **Network path**: ✅ Complete (External → UDM Pro → NPMplus → VMID 5000)
### ⚠️ SSL Certificate Issue
- **Error**: `SSL certificate problem: self-signed certificate`
- **Impact**: Browsers/curl will show security warnings
- **Fix**: Need to configure proper SSL certificate in NPMplus
---
## Testing Results
### Test 1: HTTPS with SSL Verification Disabled
```bash
curl -I -k https://explorer.d-bis.org
```
**Expected**: HTTP 200, 301, or 302 (connection working)
### Test 2: HTTP (should redirect to HTTPS)
```bash
curl -I http://explorer.d-bis.org
```
**Expected**: HTTP 301 or 302 redirect to HTTPS
### Test 3: Content Access
```bash
curl -k https://explorer.d-bis.org
```
**Expected**: HTML content (explorer frontend)
---
## SSL Certificate Fix
### Option 1: Request Let's Encrypt Certificate (Recommended)
1. **Access NPMplus Dashboard**:
```bash
# From internal network
https://192.168.11.167:81
```
2. **Navigate to SSL Certificates**:
- Click on "SSL Certificates" in left menu
- Click "Add SSL Certificate"
- Select "Let's Encrypt"
3. **Configure Certificate**:
- **Domain Names**: `explorer.d-bis.org`
- **Email**: Your email address
- **Agree to Terms**: Yes
- Click "Save"
4. **Assign to Proxy Host**:
- Go to "Proxy Hosts"
- Edit `explorer.d-bis.org`
- Under "SSL Certificate", select the Let's Encrypt certificate
- Enable "Force SSL"
- Enable "HTTP/2 Support"
- Click "Save"
5. **Wait for Certificate**:
- Let's Encrypt certificate will be issued (usually 1-2 minutes)
- Check certificate status in NPMplus dashboard
### Option 2: Use Existing Certificate
If you already have a certificate:
1. Upload it to NPMplus
2. Assign it to the `explorer.d-bis.org` proxy host
3. Enable "Force SSL"
### Option 3: Temporary - Accept Self-Signed (Not Recommended)
For testing only:
```bash
# Use -k flag to bypass SSL verification
curl -k https://explorer.d-bis.org
# Or in browser, click "Advanced" → "Proceed anyway"
```
---
## Verification Commands
### Test External Access (Bypass SSL)
```bash
curl -I -k https://explorer.d-bis.org
```
### Test External Access (HTTP)
```bash
curl -I http://explorer.d-bis.org
```
### Test Content
```bash
curl -k https://explorer.d-bis.org | head -30
```
### Check Certificate Status
```bash
# From NPMplus container
ssh root@r630-01
pct exec 10233 -- docker exec npmplus ls -la /etc/letsencrypt/live/
```
---
## Summary
**Status**: ✅ **EXTERNAL ACCESS WORKING**
**Achievement**:
- ✅ Full network path working
- ✅ Port forwarding configured correctly
- ✅ NPMplus proxy functional
- ✅ Explorer accessible externally
**Remaining Issue**:
- ⚠️ SSL certificate needs to be configured (Let's Encrypt recommended)
**Next Step**: Configure Let's Encrypt certificate in NPMplus dashboard
---
## Congratulations! 🎉
The explorer is now accessible from the internet! The only remaining task is to configure a proper SSL certificate to eliminate the security warning.
---
**Next Step**: Access NPMplus dashboard and request Let's Encrypt certificate for `explorer.d-bis.org`
Reference in New Issue View Git Blame Copy Permalink