diff --git a/.env.example b/.env.example index 5f45498..1dd6f56 100644 --- a/.env.example +++ b/.env.example @@ -15,6 +15,7 @@ PROXMOX_R630_02=192.168.11.12 PROXMOX_HOST=192.168.11.11 PROXMOX_PORT=8006 PROXMOX_USER=root@pam +# Create token: ./scripts/proxmox/create-and-store-proxmox-api-token.sh (or Datacenter → API Tokens in UI) PROXMOX_TOKEN_NAME=your-token-name PROXMOX_TOKEN_VALUE=your-token-secret-value PROXMOX_ALLOW_ELEVATED=false @@ -201,8 +202,13 @@ AZURE_STORAGE_CONTAINER=omnis-uploads # ---------------------------------------------------------------------------- # SMOM-DBIS-138 Blockchain Configuration # ---------------------------------------------------------------------------- +# Canonical place for Chain 138 deploy: smom-dbis-138/.env (PRIVATE_KEY, RPC_URL or RPC_URL_138). +# Optional deployments (docs/07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md): set in smom-dbis-138/.env: +# ORACLE_PRICE_FEED or RESERVE_KEEPER (Phase 4), DODO_VENDING_MACHINE_ADDRESS (Phase 7), +# GAS_PRICE_138 (if "Replacement transaction underpriced"), CRONOS_RPC_URL (other-chain AddressMapper). +# Scripts source both root .env and smom-dbis-138/.env via load-project-env.sh; no need to duplicate here. # Deployment Account (MOVE TO HSM - DO NOT STORE IN FILES) -# PRIVATE_KEY=0x... # ⚠️ CRITICAL: Move to HSM/Key Vault immediately +# PRIVATE_KEY=0x... # ⚠️ Set in smom-dbis-138/.env (or here); never commit real key # RPC Endpoints (see docs/04-configuration/RPC_ENDPOINTS_MASTER.md for Infura/Alchemy/public options) ETHEREUM_MAINNET_RPC=https://eth.llamarpc.com diff --git a/.github/workflows/validate-config.yml b/.github/workflows/validate-config.yml new file mode 100644 index 0000000..f421181 --- /dev/null +++ b/.github/workflows/validate-config.yml @@ -0,0 +1,31 @@ +# R14: Config and validation in pipeline. Run when config/ or scripts/validation/ or scripts/verify/ change. +name: Validate Config + +on: + pull_request: + paths: + - 'config/**' + - 'scripts/validation/**' + - 'scripts/verify/run-all-validation.sh' + - 'scripts/run-completable-tasks-from-anywhere.sh' + - '.github/workflows/validate-config.yml' + push: + branches: [master] + paths: + - 'config/**' + - 'scripts/validation/**' + - '.github/workflows/validate-config.yml' + +jobs: + validate: + name: Config & validation + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Config validation + run: bash scripts/validation/validate-config-files.sh + + - name: Completable tasks (dry-run) + run: bash scripts/run-completable-tasks-from-anywhere.sh --dry-run diff --git a/.gitignore b/.gitignore index 63b1184..8ea8ab3 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,12 @@ out/ *.env.backup .env.backup.* .env.backup +.gitignore.backup.* + +# Python +venv/ +__pycache__/ +*.pyc + +# Ephemeral phase markers +.phase1-event-status diff --git a/.gitmodules b/.gitmodules index b075f1d..4d91239 100644 --- a/.gitmodules +++ b/.gitmodules @@ -49,3 +49,6 @@ [submodule "alltra-lifi-settlement"] path = alltra-lifi-settlement url = https://github.com/bis-innovations/LiFi_Pay_Alltra_Integration_Submodule.git +[submodule "fireblocks-integration"] + path = fireblocks-integration + url = https://gitea.d-bis.org/d-bis/fireblocks-integration.git diff --git a/.secure/vault-backups/backup-index.txt b/.secure/vault-backups/backup-index.txt new file mode 100644 index 0000000..ce35bc3 --- /dev/null +++ b/.secure/vault-backups/backup-index.txt @@ -0,0 +1,3 @@ +2026-01-18T23:43:46-08:00 | /home/intlc/projects/proxmox/.secure/vault-backups/vault-snapshot-20260118-234344.snapshot.gz | 4.0K +2026-01-18T23:44:23-08:00 | /home/intlc/projects/proxmox/.secure/vault-backups/vault-snapshot-20260118-234421.snapshot.gz | 4.0K +2026-01-18T23:44:51-08:00 | /home/intlc/projects/proxmox/.secure/vault-backups/vault-snapshot-20260118-234449.snapshot.gz | 4.0K diff --git a/.secure/vault-backups/vault-snapshot-20260118-234344.snapshot.gz b/.secure/vault-backups/vault-snapshot-20260118-234344.snapshot.gz new file mode 100644 index 0000000..2bd5ddb Binary files /dev/null and b/.secure/vault-backups/vault-snapshot-20260118-234344.snapshot.gz differ diff --git a/.secure/vault-backups/vault-snapshot-20260118-234421.snapshot.gz b/.secure/vault-backups/vault-snapshot-20260118-234421.snapshot.gz new file mode 100644 index 0000000..8713088 Binary files /dev/null and b/.secure/vault-backups/vault-snapshot-20260118-234421.snapshot.gz differ diff --git a/.secure/vault-backups/vault-snapshot-20260118-234449.snapshot.gz b/.secure/vault-backups/vault-snapshot-20260118-234449.snapshot.gz new file mode 100644 index 0000000..c99b6f8 Binary files /dev/null and b/.secure/vault-backups/vault-snapshot-20260118-234449.snapshot.gz differ diff --git a/.secure/vault-credentials/phoenix-approle-credentials-20260118.txt b/.secure/vault-credentials/phoenix-approle-credentials-20260118.txt new file mode 100644 index 0000000..d4c3585 --- /dev/null +++ b/.secure/vault-credentials/phoenix-approle-credentials-20260118.txt @@ -0,0 +1,23 @@ +═══════════════════════════════════════════════════════════ + Phoenix Vault AppRole Credentials +═══════════════════════════════════════════════════════════ + +⚠️ SAVE SECURELY - DO NOT COMMIT TO GIT ⚠️ + +Phoenix API AppRole: + Role ID: 27f213e2-f15e-b6de-3cf4-db2f02029dd5 + Secret ID: 17131f05-2a14-d289-0a02-97c2d094cf2b + +Phoenix Portal AppRole: + Role ID: 70278dee-a85e-9007-c769-46b71a8c1460 + Secret ID: 7f4eeffe-f0b2-fb55-c7a2-92bd2b056be2 + +Usage: + export VAULT_ADDR=http://10.160.0.40:8200 + export VAULT_ROLE_ID= + export VAULT_SECRET_ID= + + # Get token + vault write auth/approle/login role_id=$VAULT_ROLE_ID secret_id=$VAULT_SECRET_ID + +═══════════════════════════════════════════════════════════ diff --git a/.secure/vault-credentials/phoenix-vault-credentials-20260118.txt b/.secure/vault-credentials/phoenix-vault-credentials-20260118.txt new file mode 100644 index 0000000..d8b6505 --- /dev/null +++ b/.secure/vault-credentials/phoenix-vault-credentials-20260118.txt @@ -0,0 +1,27 @@ +═══════════════════════════════════════════════════════════ + Sankofa Phoenix Vault Cluster - Credentials +═══════════════════════════════════════════════════════════ + +⚠️ SAVE THESE SECURELY - DO NOT COMMIT TO GIT ⚠️ + +Unseal Keys (5 keys, need 3 to unseal): +1. foidP9q1gnN+Bm/9u1axdnSU1XSBc4ZTtCk8hsyheLah +2. pWy6ect1WYwQNV1kzJvKqsCEER6+xHCvBN6zTMeYIELY +3. eUu9GYrdJKuvqfnqVShPjY+EQKu15Nqju4TkhZngghKP +4. NB/2aYlhcUy4L5jDvUHTvbUT+xHSUINnnP2iynLldUcK +5. ZAfN1U0/Bn4GGQH/5okWshZ05YFuAmXjlL5ZOCjZloY3 + +Root Token: +hvs.PMJcL6HkZnz0unUYZAdfttZY + +Cluster Nodes: +- Node 1: 10.160.0.40 (vault-phoenix-1) - VMID 8640 - r630-01 +- Node 2: 10.160.0.41 (vault-phoenix-2) - VMID 8641 - r630-02 +- Node 3: 10.160.0.42 (vault-phoenix-3) - VMID 8642 - r630-01 + +Vault API Endpoints: +- http://10.160.0.40:8200 +- http://10.160.0.41:8200 +- http://10.160.0.42:8200 + +═══════════════════════════════════════════════════════════ diff --git a/README.md b/README.md index 9b94390..299efbe 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,9 @@ This workspace contains multiple Proxmox-related projects managed as a monorepo - **`mcp-proxmox/`** - Proxmox MCP (Model Context Protocol) Server - Node.js-based server for interacting with Proxmox hypervisors - **`ProxmoxVE/`** - ProxmoxVE Helper Scripts - Collection of scripts and frontend for managing Proxmox containers and VMs -- **`smom-dbis-138-proxmox/`** - Deployment scripts and configurations for specific use cases +- **`smom-dbis-138/`** - Blockchain network and services (Chain 138); **`smom-dbis-138-proxmox/`** - Deployment scripts (if present) +- For the full submodule list and relationships, see [docs/11-references/SUBMODULE_RELATIONSHIP_MAP.md](docs/11-references/SUBMODULE_RELATIONSHIP_MAP.md) +- **Documentation:** [docs/README.md](docs/README.md) · [docs/MASTER_INDEX.md](docs/MASTER_INDEX.md) · Next steps: [docs/00-meta/NEXT_STEPS_INDEX.md](docs/00-meta/NEXT_STEPS_INDEX.md). Root status reports moved to [docs/archive/](docs/archive/README.md) (2026-02-20). ## Prerequisites @@ -240,6 +242,7 @@ proxmox/ ├── docs/ # Project documentation ├── mcp-proxmox/ # MCP Server submodule ├── ProxmoxVE/ # ProxmoxVE Helper Scripts submodule +├── fireblocks-integration/ # Fireblocks Web3 (Chain 138) submodule (Gitea) └── smom-dbis-138-proxmox/ # Deployment scripts submodule ``` diff --git a/backups/npmplus/backup-20260213_030001/database/database.sql b/backups/npmplus/backup-20260213_030001/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260213_030001/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260213_030001/database/database.sqlite b/backups/npmplus/backup-20260213_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260213_221339.tar.gz b/backups/npmplus/backup-20260213_221339.tar.gz new file mode 100644 index 0000000..be91907 Binary files /dev/null and b/backups/npmplus/backup-20260213_221339.tar.gz differ diff --git a/backups/npmplus/backup-20260213_221339/api/access_lists.json b/backups/npmplus/backup-20260213_221339/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260213_221339/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260213_221339/api/certificates.json b/backups/npmplus/backup-20260213_221339/api/certificates.json new file mode 100644 index 0000000..2fc471a --- /dev/null +++ b/backups/npmplus/backup-20260213_221339/api/certificates.json @@ -0,0 +1,506 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260213_221339/api/proxy_hosts.json b/backups/npmplus/backup-20260213_221339/api/proxy_hosts.json new file mode 100644 index 0000000..0e2aa80 --- /dev/null +++ b/backups/npmplus/backup-20260213_221339/api/proxy_hosts.json @@ -0,0 +1,1284 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-07 20:41:16", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-14 01:13:28", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-14 01:13:31", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-14 01:13:30", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-07 20:41:13", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-14 01:13:10", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-07 20:41:15", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-14 01:13:35", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-07 20:41:18", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-07 20:41:20", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-07 20:41:21", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-14 01:13:15", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-14 01:13:11", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-14 01:13:16", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-14 01:13:13", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-14 01:13:22", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-14 01:13:19", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-14 01:13:18", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-14 01:13:24", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-14 01:13:33", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-14 01:13:36", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-14 01:13:38", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-14 01:13:25", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-14 01:13:27", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-14 01:13:21", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260213_221339/certificates/cert_list.txt b/backups/npmplus/backup-20260213_221339/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260213_221339/database/database.sql b/backups/npmplus/backup-20260213_221339/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260213_221339/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260213_221339/database/database.sqlite b/backups/npmplus/backup-20260213_221339/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260213_221339/manifest.json b/backups/npmplus/backup-20260213_221339/manifest.json new file mode 100644 index 0000000..91bd083 --- /dev/null +++ b/backups/npmplus/backup-20260213_221339/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260213_221339", + "backup_date": "2026-02-13T22:13:49-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260213_221339/volumes/volume_list.txt b/backups/npmplus/backup-20260213_221339/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260213_221339/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/backups/npmplus/backup-20260214_030001.tar.gz b/backups/npmplus/backup-20260214_030001.tar.gz new file mode 100644 index 0000000..25a6468 Binary files /dev/null and b/backups/npmplus/backup-20260214_030001.tar.gz differ diff --git a/backups/npmplus/backup-20260214_030001/api/access_lists.json b/backups/npmplus/backup-20260214_030001/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260214_030001/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260214_030001/api/certificates.json b/backups/npmplus/backup-20260214_030001/api/certificates.json new file mode 100644 index 0000000..2fc471a --- /dev/null +++ b/backups/npmplus/backup-20260214_030001/api/certificates.json @@ -0,0 +1,506 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-11 00:19:39", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260214_030001/api/proxy_hosts.json b/backups/npmplus/backup-20260214_030001/api/proxy_hosts.json new file mode 100644 index 0000000..98692a1 --- /dev/null +++ b/backups/npmplus/backup-20260214_030001/api/proxy_hosts.json @@ -0,0 +1,1284 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-07 20:41:16", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-14 01:18:47", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-14 01:18:50", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-14 01:18:48", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-07 20:41:13", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-14 01:18:28", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-07 20:41:15", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-14 01:18:53", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-07 20:41:18", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-07 20:41:20", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-07 20:41:21", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-14 01:18:33", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-14 01:18:30", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-14 01:18:34", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-14 01:18:31", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-14 01:18:40", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-14 01:18:38", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-14 01:18:37", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-14 01:18:42", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-14 01:18:51", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-14 01:18:54", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-14 01:18:56", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-14 01:18:44", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-14 01:18:45", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-14 01:18:39", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260214_030001/certificates/cert_list.txt b/backups/npmplus/backup-20260214_030001/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260214_030001/database/database.sql b/backups/npmplus/backup-20260214_030001/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260214_030001/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260214_030001/database/database.sqlite b/backups/npmplus/backup-20260214_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260214_030001/manifest.json b/backups/npmplus/backup-20260214_030001/manifest.json new file mode 100644 index 0000000..e12eda2 --- /dev/null +++ b/backups/npmplus/backup-20260214_030001/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260214_030001", + "backup_date": "2026-02-14T03:00:12-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260214_030001/volumes/volume_list.txt b/backups/npmplus/backup-20260214_030001/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260214_030001/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/backups/npmplus/backup-20260215_030001.tar.gz b/backups/npmplus/backup-20260215_030001.tar.gz new file mode 100644 index 0000000..4aa3fe7 Binary files /dev/null and b/backups/npmplus/backup-20260215_030001.tar.gz differ diff --git a/backups/npmplus/backup-20260215_030001/api/access_lists.json b/backups/npmplus/backup-20260215_030001/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260215_030001/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260215_030001/api/certificates.json b/backups/npmplus/backup-20260215_030001/api/certificates.json new file mode 100644 index 0000000..46c9524 --- /dev/null +++ b/backups/npmplus/backup-20260215_030001/api/certificates.json @@ -0,0 +1,506 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260215_030001/api/proxy_hosts.json b/backups/npmplus/backup-20260215_030001/api/proxy_hosts.json new file mode 100644 index 0000000..ef081cf --- /dev/null +++ b/backups/npmplus/backup-20260215_030001/api/proxy_hosts.json @@ -0,0 +1,1284 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-07 20:41:16", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-15 02:54:45", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 02:54:48", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-15 02:54:46", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-07 20:41:13", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-15 02:54:24", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-07 20:41:15", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-15 02:54:52", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-07 20:41:18", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-07 20:41:20", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-07 20:41:21", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-15 02:54:29", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 02:54:25", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-15 02:54:30", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 02:54:27", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-15 02:54:39", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-15 02:54:33", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-15 02:54:31", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-15 02:54:40", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 02:54:50", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-15 02:54:53", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-15 02:54:55", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 02:54:41", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 02:54:43", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-15 02:54:36", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260215_030001/certificates/cert_list.txt b/backups/npmplus/backup-20260215_030001/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260215_030001/database/database.sql b/backups/npmplus/backup-20260215_030001/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260215_030001/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260215_030001/database/database.sqlite b/backups/npmplus/backup-20260215_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260215_030001/manifest.json b/backups/npmplus/backup-20260215_030001/manifest.json new file mode 100644 index 0000000..0308afa --- /dev/null +++ b/backups/npmplus/backup-20260215_030001/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260215_030001", + "backup_date": "2026-02-15T03:00:12-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260215_030001/volumes/volume_list.txt b/backups/npmplus/backup-20260215_030001/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260215_030001/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/backups/npmplus/backup-20260215_044037.tar.gz b/backups/npmplus/backup-20260215_044037.tar.gz new file mode 100644 index 0000000..2e4e851 Binary files /dev/null and b/backups/npmplus/backup-20260215_044037.tar.gz differ diff --git a/backups/npmplus/backup-20260215_044037/api/access_lists.json b/backups/npmplus/backup-20260215_044037/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260215_044037/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260215_044037/api/certificates.json b/backups/npmplus/backup-20260215_044037/api/certificates.json new file mode 100644 index 0000000..46c9524 --- /dev/null +++ b/backups/npmplus/backup-20260215_044037/api/certificates.json @@ -0,0 +1,506 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-14 15:28:51", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260215_044037/api/proxy_hosts.json b/backups/npmplus/backup-20260215_044037/api/proxy_hosts.json new file mode 100644 index 0000000..fdc5e7d --- /dev/null +++ b/backups/npmplus/backup-20260215_044037/api/proxy_hosts.json @@ -0,0 +1,1284 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-07 20:41:16", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-15 07:40:26", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 07:40:29", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-15 07:40:28", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-07 20:41:13", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-15 07:40:04", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-07 20:41:15", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-15 07:40:33", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-07 20:41:18", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-07 20:41:20", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-07 20:41:21", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-15 07:40:10", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 07:40:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-15 07:40:11", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 07:40:08", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-15 07:40:20", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-15 07:40:16", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-15 07:40:13", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-15 07:40:21", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 07:40:31", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-15 07:40:34", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-15 07:40:36", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 07:40:23", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 07:40:25", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-15 07:40:18", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260215_044037/certificates/cert_list.txt b/backups/npmplus/backup-20260215_044037/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260215_044037/database/database.sql b/backups/npmplus/backup-20260215_044037/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260215_044037/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260215_044037/database/database.sqlite b/backups/npmplus/backup-20260215_044037/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260215_044037/manifest.json b/backups/npmplus/backup-20260215_044037/manifest.json new file mode 100644 index 0000000..622ebc9 --- /dev/null +++ b/backups/npmplus/backup-20260215_044037/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260215_044037", + "backup_date": "2026-02-15T04:40:47-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260215_044037/volumes/volume_list.txt b/backups/npmplus/backup-20260215_044037/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260215_044037/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/backups/npmplus/backup-20260216_030001.tar.gz b/backups/npmplus/backup-20260216_030001.tar.gz new file mode 100644 index 0000000..629676c Binary files /dev/null and b/backups/npmplus/backup-20260216_030001.tar.gz differ diff --git a/backups/npmplus/backup-20260216_030001/api/access_lists.json b/backups/npmplus/backup-20260216_030001/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260216_030001/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260216_030001/api/certificates.json b/backups/npmplus/backup-20260216_030001/api/certificates.json new file mode 100644 index 0000000..1f9bf7d --- /dev/null +++ b/backups/npmplus/backup-20260216_030001/api/certificates.json @@ -0,0 +1,506 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-15 15:31:25", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-15 15:31:24", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260216_030001/api/proxy_hosts.json b/backups/npmplus/backup-20260216_030001/api/proxy_hosts.json new file mode 100644 index 0000000..23ee07a --- /dev/null +++ b/backups/npmplus/backup-20260216_030001/api/proxy_hosts.json @@ -0,0 +1,1284 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-07 20:41:16", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-15 07:56:38", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 07:56:41", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-15 07:56:39", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-07 20:41:13", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-15 07:56:17", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-07 20:41:15", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-15 07:56:44", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-07 20:41:18", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-07 20:41:20", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-07 20:41:21", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-15 07:56:22", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 07:56:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-15 07:56:24", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 07:56:21", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-15 07:56:31", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-15 07:56:27", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-15 07:56:26", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-15 07:56:33", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 07:56:43", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-15 07:56:46", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-15 07:56:48", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 07:56:34", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 07:56:36", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-15 07:56:29", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260216_030001/certificates/cert_list.txt b/backups/npmplus/backup-20260216_030001/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260216_030001/database/database.sql b/backups/npmplus/backup-20260216_030001/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260216_030001/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260216_030001/database/database.sqlite b/backups/npmplus/backup-20260216_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260216_030001/manifest.json b/backups/npmplus/backup-20260216_030001/manifest.json new file mode 100644 index 0000000..96d9c92 --- /dev/null +++ b/backups/npmplus/backup-20260216_030001/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260216_030001", + "backup_date": "2026-02-16T05:01:01-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260216_030001/volumes/volume_list.txt b/backups/npmplus/backup-20260216_030001/volumes/volume_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260217_030001.tar.gz b/backups/npmplus/backup-20260217_030001.tar.gz new file mode 100644 index 0000000..4144cf3 Binary files /dev/null and b/backups/npmplus/backup-20260217_030001.tar.gz differ diff --git a/backups/npmplus/backup-20260217_030001/api/access_lists.json b/backups/npmplus/backup-20260217_030001/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260217_030001/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260217_030001/api/certificates.json b/backups/npmplus/backup-20260217_030001/api/certificates.json new file mode 100644 index 0000000..2e42f40 --- /dev/null +++ b/backups/npmplus/backup-20260217_030001/api/certificates.json @@ -0,0 +1,506 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-16 15:28:53", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-16 15:28:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260217_030001/api/proxy_hosts.json b/backups/npmplus/backup-20260217_030001/api/proxy_hosts.json new file mode 100644 index 0000000..23ee07a --- /dev/null +++ b/backups/npmplus/backup-20260217_030001/api/proxy_hosts.json @@ -0,0 +1,1284 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-07 20:41:16", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-15 07:56:38", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 07:56:41", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-15 07:56:39", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-07 20:41:13", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-15 07:56:17", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-07 20:41:15", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-15 07:56:44", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-07 20:41:18", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-07 20:41:20", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-07 20:41:21", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-15 07:56:22", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 07:56:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-15 07:56:24", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 07:56:21", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-15 07:56:31", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-15 07:56:27", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-15 07:56:26", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-15 07:56:33", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 07:56:43", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-15 07:56:46", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-15 07:56:48", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 07:56:34", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 07:56:36", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-15 07:56:29", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260217_030001/certificates/cert_list.txt b/backups/npmplus/backup-20260217_030001/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260217_030001/database/database.sql b/backups/npmplus/backup-20260217_030001/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260217_030001/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260217_030001/database/database.sqlite b/backups/npmplus/backup-20260217_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260217_030001/manifest.json b/backups/npmplus/backup-20260217_030001/manifest.json new file mode 100644 index 0000000..7b6c671 --- /dev/null +++ b/backups/npmplus/backup-20260217_030001/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260217_030001", + "backup_date": "2026-02-17T05:26:51-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260217_030001/volumes/volume_list.txt b/backups/npmplus/backup-20260217_030001/volumes/volume_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260218_030001.tar.gz b/backups/npmplus/backup-20260218_030001.tar.gz new file mode 100644 index 0000000..bf52dae Binary files /dev/null and b/backups/npmplus/backup-20260218_030001.tar.gz differ diff --git a/backups/npmplus/backup-20260218_030001/api/access_lists.json b/backups/npmplus/backup-20260218_030001/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260218_030001/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260218_030001/api/certificates.json b/backups/npmplus/backup-20260218_030001/api/certificates.json new file mode 100644 index 0000000..74ee78b --- /dev/null +++ b/backups/npmplus/backup-20260218_030001/api/certificates.json @@ -0,0 +1,506 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-17 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-17 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-17 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-17 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-17 15:28:48", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-17 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-17 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-17 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260218_030001/api/proxy_hosts.json b/backups/npmplus/backup-20260218_030001/api/proxy_hosts.json new file mode 100644 index 0000000..23ee07a --- /dev/null +++ b/backups/npmplus/backup-20260218_030001/api/proxy_hosts.json @@ -0,0 +1,1284 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-07 20:41:16", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-15 07:56:38", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 07:56:41", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-15 07:56:39", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-07 20:41:13", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-15 07:56:17", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-07 20:41:15", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-15 07:56:44", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-07 20:41:18", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-07 20:41:20", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-07 20:41:21", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-15 07:56:22", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 07:56:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-15 07:56:24", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-15 07:56:21", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-15 07:56:31", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-15 07:56:27", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-15 07:56:26", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-15 07:56:33", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-15 07:56:43", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-15 07:56:46", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-15 07:56:48", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 07:56:34", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-15 07:56:36", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-15 07:56:29", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260218_030001/certificates/cert_list.txt b/backups/npmplus/backup-20260218_030001/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260218_030001/database/database.sql b/backups/npmplus/backup-20260218_030001/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260218_030001/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260218_030001/database/database.sqlite b/backups/npmplus/backup-20260218_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260218_030001/manifest.json b/backups/npmplus/backup-20260218_030001/manifest.json new file mode 100644 index 0000000..f996d2c --- /dev/null +++ b/backups/npmplus/backup-20260218_030001/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260218_030001", + "backup_date": "2026-02-18T03:00:12-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260218_030001/volumes/volume_list.txt b/backups/npmplus/backup-20260218_030001/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260218_030001/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/backups/npmplus/backup-20260218_130014.tar.gz b/backups/npmplus/backup-20260218_130014.tar.gz new file mode 100644 index 0000000..eace5e2 Binary files /dev/null and b/backups/npmplus/backup-20260218_130014.tar.gz differ diff --git a/backups/npmplus/backup-20260218_130014/api/access_lists.json b/backups/npmplus/backup-20260218_130014/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260218_130014/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260218_130014/api/certificates.json b/backups/npmplus/backup-20260218_130014/api/certificates.json new file mode 100644 index 0000000..2a4306b --- /dev/null +++ b/backups/npmplus/backup-20260218_130014/api/certificates.json @@ -0,0 +1,506 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260218_130014/api/proxy_hosts.json b/backups/npmplus/backup-20260218_130014/api/proxy_hosts.json new file mode 100644 index 0000000..862eddf --- /dev/null +++ b/backups/npmplus/backup-20260218_130014/api/proxy_hosts.json @@ -0,0 +1,1284 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-07 20:41:16", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-18 16:00:05", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-18 16:00:08", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-18 16:00:06", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-07 20:41:13", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-18 15:59:48", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-07 20:41:15", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-18 16:00:11", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-07 20:41:18", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-07 20:41:20", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-07 20:41:21", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-18 15:59:52", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-18 15:59:49", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-18 15:59:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-18 15:59:50", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-18 15:59:59", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-18 15:59:56", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-18 15:59:55", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-18 16:00:01", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-18 16:00:09", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-18 16:00:13", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-18 16:00:14", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-18 16:00:03", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-18 16:00:04", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-18 15:59:58", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260218_130014/certificates/cert_list.txt b/backups/npmplus/backup-20260218_130014/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260218_130014/database/database.sql b/backups/npmplus/backup-20260218_130014/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260218_130014/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260218_130014/database/database.sqlite b/backups/npmplus/backup-20260218_130014/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260218_130014/manifest.json b/backups/npmplus/backup-20260218_130014/manifest.json new file mode 100644 index 0000000..d017b82 --- /dev/null +++ b/backups/npmplus/backup-20260218_130014/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260218_130014", + "backup_date": "2026-02-18T13:00:24-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260218_130014/volumes/volume_list.txt b/backups/npmplus/backup-20260218_130014/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260218_130014/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/backups/npmplus/backup-20260220_030001/database/database.sql b/backups/npmplus/backup-20260220_030001/database/database.sql new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260220_030001/database/database.sqlite b/backups/npmplus/backup-20260220_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260221_030001.tar.gz b/backups/npmplus/backup-20260221_030001.tar.gz new file mode 100644 index 0000000..ab24613 Binary files /dev/null and b/backups/npmplus/backup-20260221_030001.tar.gz differ diff --git a/backups/npmplus/backup-20260221_030001/api/access_lists.json b/backups/npmplus/backup-20260221_030001/api/access_lists.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/backups/npmplus/backup-20260221_030001/api/access_lists.json @@ -0,0 +1 @@ +[] diff --git a/backups/npmplus/backup-20260221_030001/api/certificates.json b/backups/npmplus/backup-20260221_030001/api/certificates.json new file mode 100644 index 0000000..8371d9a --- /dev/null +++ b/backups/npmplus/backup-20260221_030001/api/certificates.json @@ -0,0 +1,659 @@ +[ + { + "id": 146, + "created_on": "2026-02-07 00:46:21", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-alltra.d-bis.org", + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 04:47:55", + "meta": {} + }, + { + "id": 147, + "created_on": "2026-02-07 00:46:43", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cacti-hybx.d-bis.org", + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:19", + "meta": {} + }, + { + "id": 155, + "created_on": "2026-02-20 22:27:52", + "modified_on": "2026-02-20 22:27:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "codespaces.d-bis.org", + "domain_names": [ + "codespaces.d-bis.org" + ], + "expires_on": "2026-02-20 22:27:52", + "meta": {} + }, + { + "id": 156, + "created_on": "2026-02-20 22:28:48", + "modified_on": "2026-02-20 22:29:07", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "codespaces.d-bis.org", + "domain_names": [ + "codespaces.d-bis.org" + ], + "expires_on": "2026-05-22 02:30:34", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n", + "letsencrypt_agree": true + } + }, + { + "id": 134, + "created_on": "2026-01-29 22:52:44", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "cross-all.defi-oracle.io", + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "expires_on": "2026-04-30 02:54:15", + "meta": {} + }, + { + "id": 162, + "created_on": "2026-02-20 22:36:34", + "modified_on": "2026-02-20 22:36:52", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dapp.d-bis.org", + "domain_names": [ + "dapp.d-bis.org" + ], + "expires_on": "2026-05-22 02:38:20", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 46, + "created_on": "2026-01-16 16:54:36", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-admin.d-bis.org", + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:11", + "meta": {} + }, + { + "id": 47, + "created_on": "2026-01-16 16:54:47", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api-2.d-bis.org", + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:22", + "meta": {} + }, + { + "id": 48, + "created_on": "2026-01-16 16:54:58", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dbis-api.d-bis.org", + "domain_names": [ + "dbis-api.d-bis.org" + ], + "expires_on": "2026-04-16 20:56:33", + "meta": {} + }, + { + "id": 157, + "created_on": "2026-02-20 22:29:37", + "modified_on": "2026-02-20 22:29:56", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "dev.d-bis.org", + "domain_names": [ + "dev.d-bis.org" + ], + "expires_on": "2026-05-22 02:31:22", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 145, + "created_on": "2026-02-06 19:14:04", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.d-bis.org", + "domain_names": [ + "explorer.d-bis.org" + ], + "expires_on": "2026-05-07 23:15:36", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": true, + "nginx_err": null, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 144, + "created_on": "2026-02-06 19:05:50", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "explorer.defi-oracle.io", + "domain_names": [ + "explorer.defi-oracle.io" + ], + "expires_on": "2026-05-07 23:07:35", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 158, + "created_on": "2026-02-20 22:30:18", + "modified_on": "2026-02-20 22:30:38", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "gitea.d-bis.org", + "domain_names": [ + "gitea.d-bis.org" + ], + "expires_on": "2026-05-22 02:32:04", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 50, + "created_on": "2026-01-16 16:55:25", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "mim4u.org", + "domain_names": [ + "mim4u.org" + ], + "expires_on": "2026-04-16 20:57:01", + "meta": {} + }, + { + "id": 51, + "created_on": "2026-01-16 16:55:37", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "phoenix.sankofa.nexus", + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:57:08", + "meta": {} + }, + { + "id": 159, + "created_on": "2026-02-20 22:31:08", + "modified_on": "2026-02-20 22:31:26", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.ml110.d-bis.org", + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "expires_on": "2026-05-22 02:32:54", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 160, + "created_on": "2026-02-20 22:31:51", + "modified_on": "2026-02-20 22:32:13", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.r630-01.d-bis.org", + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "expires_on": "2026-05-22 02:33:37", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 161, + "created_on": "2026-02-20 22:32:35", + "modified_on": "2026-02-20 22:32:56", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "pve.r630-02.d-bis.org", + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "expires_on": "2026-05-22 02:34:21", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 148, + "created_on": "2026-02-07 00:46:56", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-2.d-bis.org", + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:31", + "meta": {} + }, + { + "id": 149, + "created_on": "2026-02-07 00:47:10", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 04:48:46", + "meta": {} + }, + { + "id": 150, + "created_on": "2026-02-07 08:15:35", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra-3.d-bis.org", + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:06", + "meta": {} + }, + { + "id": 151, + "created_on": "2026-02-07 08:15:43", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-alltra.d-bis.org", + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:18", + "meta": {} + }, + { + "id": 52, + "created_on": "2026-01-16 16:55:45", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-prv.d-bis.org", + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:20", + "meta": {} + }, + { + "id": 53, + "created_on": "2026-01-16 16:55:57", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-http-pub.d-bis.org", + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:30", + "meta": {} + }, + { + "id": 152, + "created_on": "2026-02-07 08:15:56", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-2.d-bis.org", + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:31", + "meta": {} + }, + { + "id": 153, + "created_on": "2026-02-07 08:16:09", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx-3.d-bis.org", + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:45", + "meta": {} + }, + { + "id": 154, + "created_on": "2026-02-07 08:16:22", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-hybx.d-bis.org", + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "expires_on": "2026-05-08 12:17:58", + "meta": {} + }, + { + "id": 54, + "created_on": "2026-01-16 16:56:06", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-prv.d-bis.org", + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:38", + "meta": {} + }, + { + "id": 55, + "created_on": "2026-01-16 16:56:16", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc-ws-pub.d-bis.org", + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "expires_on": "2026-04-16 20:57:51", + "meta": {} + }, + { + "id": 141, + "created_on": "2026-01-30 09:33:59", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.d-bis.org", + "domain_names": [ + "rpc.d-bis.org" + ], + "expires_on": "2026-04-30 13:35:45", + "meta": { + "letsencrypt_agree": true, + "dns_challenge": true, + "nginx_online": false, + "nginx_err": "nginx: [emerg] cannot load certificate \"/data/tls/certbot/live/npm-135/fullchain.pem\": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/data/tls/certbot/live/npm-135/fullchain.pem, r) error:10000080:BIO routines::no such file)\nnginx: configuration file /usr/local/nginx/conf/nginx.conf test failed", + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0" + } + }, + { + "id": 56, + "created_on": "2026-01-16 16:56:30", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc.public-0138.defi-oracle.io", + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "expires_on": "2026-04-16 20:58:05", + "meta": {} + }, + { + "id": 137, + "created_on": "2026-01-29 23:39:01", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "rpc2.d-bis.org", + "domain_names": [ + "rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:40:50", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 57, + "created_on": "2026-01-16 16:56:41", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "sankofa.nexus", + "domain_names": [ + "sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:17", + "meta": {} + }, + { + "id": 58, + "created_on": "2026-01-16 16:56:53", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.d-bis.org", + "domain_names": [ + "secure.d-bis.org" + ], + "expires_on": "2026-04-16 20:58:28", + "meta": {} + }, + { + "id": 59, + "created_on": "2026-01-16 16:57:05", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "secure.mim4u.org", + "domain_names": [ + "secure.mim4u.org" + ], + "expires_on": "2026-04-16 20:58:40", + "meta": {} + }, + { + "id": 60, + "created_on": "2026-01-16 16:57:17", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "the-order.sankofa.nexus", + "domain_names": [ + "the-order.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:58:53", + "meta": {} + }, + { + "id": 61, + "created_on": "2026-01-16 16:57:31", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "training.mim4u.org", + "domain_names": [ + "training.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:06", + "meta": {} + }, + { + "id": 138, + "created_on": "2026-01-29 23:41:20", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc.d-bis.org", + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:05", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 139, + "created_on": "2026-01-29 23:42:13", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "ws.rpc2.d-bis.org", + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "expires_on": "2026-04-30 03:43:58", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 140, + "created_on": "2026-01-29 23:43:09", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "wss.defi-oracle.io", + "domain_names": [ + "wss.defi-oracle.io" + ], + "expires_on": "2026-04-30 03:44:57", + "meta": { + "nginx_online": true, + "nginx_err": null, + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true + } + }, + { + "id": 62, + "created_on": "2026-01-16 16:57:41", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.mim4u.org", + "domain_names": [ + "www.mim4u.org" + ], + "expires_on": "2026-04-16 20:59:17", + "meta": {} + }, + { + "id": 63, + "created_on": "2026-01-16 16:57:52", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.phoenix.sankofa.nexus", + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:28", + "meta": {} + }, + { + "id": 64, + "created_on": "2026-01-16 16:58:06", + "modified_on": "2026-02-18 15:28:47", + "owner_user_id": 1, + "provider": "letsencrypt", + "nice_name": "www.sankofa.nexus", + "domain_names": [ + "www.sankofa.nexus" + ], + "expires_on": "2026-04-16 20:59:41", + "meta": {} + } +] diff --git a/backups/npmplus/backup-20260221_030001/api/proxy_hosts.json b/backups/npmplus/backup-20260221_030001/api/proxy_hosts.json new file mode 100644 index 0000000..b4714f3 --- /dev/null +++ b/backups/npmplus/backup-20260221_030001/api/proxy_hosts.json @@ -0,0 +1,1338 @@ +[ + { + "id": 37, + "created_on": "2026-02-07 00:42:23", + "modified_on": "2026-02-07 00:46:30", + "owner_user_id": 1, + "domain_names": [ + "cacti-alltra.d-bis.org" + ], + "forward_host": "192.168.11.177", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 146, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 38, + "created_on": "2026-02-07 00:42:24", + "modified_on": "2026-02-07 00:46:53", + "owner_user_id": 1, + "domain_names": [ + "cacti-hybx.d-bis.org" + ], + "forward_host": "192.168.11.251", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 147, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 41, + "created_on": "2026-02-07 20:41:16", + "modified_on": "2026-02-20 22:29:09", + "owner_user_id": 1, + "domain_names": [ + "codespaces.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 156, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 22, + "created_on": "2026-01-18 22:19:18", + "modified_on": "2026-01-29 22:52:50", + "owner_user_id": 1, + "domain_names": [ + "cross-all.defi-oracle.io" + ], + "forward_host": "192.168.11.211", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 134, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 49, + "created_on": "2026-02-20 22:27:16", + "modified_on": "2026-02-20 22:37:53", + "owner_user_id": 1, + "domain_names": [ + "dapp.d-bis.org" + ], + "forward_host": "192.168.11.58", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 162, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 13, + "created_on": "2026-01-16 14:41:02", + "modified_on": "2026-02-18 16:05:38", + "owner_user_id": 1, + "domain_names": [ + "dbis-admin.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 46, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 15, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-18 16:05:41", + "owner_user_id": 1, + "domain_names": [ + "dbis-api-2.d-bis.org" + ], + "forward_host": "192.168.11.156", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 47, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 14, + "created_on": "2026-01-16 14:41:03", + "modified_on": "2026-02-18 16:05:40", + "owner_user_id": 1, + "domain_names": [ + "dbis-api.d-bis.org" + ], + "forward_host": "192.168.11.155", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 48, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 45, + "created_on": "2026-02-13 20:32:33", + "modified_on": "2026-02-13 20:32:33", + "owner_user_id": 1, + "domain_names": [ + "dbis.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3001, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 39, + "created_on": "2026-02-07 20:41:12", + "modified_on": "2026-02-20 22:29:57", + "owner_user_id": 1, + "domain_names": [ + "dev.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 157, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 8, + "created_on": "2026-01-16 14:40:58", + "modified_on": "2026-02-18 16:05:21", + "owner_user_id": 1, + "domain_names": [ + "explorer.d-bis.org" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 145, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers (unsafe-eval for ethers.js v5)\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 30, + "created_on": "2026-01-31 00:13:09", + "modified_on": "2026-02-06 19:09:43", + "owner_user_id": 1, + "domain_names": [ + "explorer.defi-oracle.io" + ], + "forward_host": "192.168.11.140", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 144, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 40, + "created_on": "2026-02-07 20:41:14", + "modified_on": "2026-02-20 22:30:39", + "owner_user_id": 1, + "domain_names": [ + "gitea.d-bis.org" + ], + "forward_host": "192.168.11.60", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 158, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 46, + "created_on": "2026-02-13 20:32:35", + "modified_on": "2026-02-13 20:32:35", + "owner_user_id": 1, + "domain_names": [ + "iccc.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3002, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 17, + "created_on": "2026-01-16 14:41:05", + "modified_on": "2026-02-18 16:05:44", + "owner_user_id": 1, + "domain_names": [ + "mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 50, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 47, + "created_on": "2026-02-13 20:32:37", + "modified_on": "2026-02-13 20:32:37", + "owner_user_id": 1, + "domain_names": [ + "omnl.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3003, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 5, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:01:49", + "owner_user_id": 1, + "domain_names": [ + "phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 51, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 42, + "created_on": "2026-02-07 20:41:17", + "modified_on": "2026-02-20 22:31:27", + "owner_user_id": 1, + "domain_names": [ + "pve.ml110.d-bis.org" + ], + "forward_host": "192.168.11.10", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 159, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 43, + "created_on": "2026-02-07 20:41:19", + "modified_on": "2026-02-20 22:32:14", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-01.d-bis.org" + ], + "forward_host": "192.168.11.11", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 160, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 44, + "created_on": "2026-02-07 20:41:21", + "modified_on": "2026-02-20 22:32:57", + "owner_user_id": 1, + "domain_names": [ + "pve.r630-02.d-bis.org" + ], + "forward_host": "192.168.11.12", + "forward_port": 8006, + "access_list_id": 0, + "certificate_id": 161, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\n#dns_cloudflare_api_token=65d8f07ebb3f0454fdc4e854b6ada13fba0f0\r\n# OR Cloudflare API credentials\r\ndns_cloudflare_email=pandoramannli@gmail.com\r\ndns_cloudflare_api_key=65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 32, + "created_on": "2026-02-07 00:42:16", + "modified_on": "2026-02-07 00:47:07", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-2.d-bis.org" + ], + "forward_host": "192.168.11.173", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 148, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 33, + "created_on": "2026-02-07 00:42:17", + "modified_on": "2026-02-07 08:15:41", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra-3.d-bis.org" + ], + "forward_host": "192.168.11.174", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 150, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 31, + "created_on": "2026-02-07 00:42:15", + "modified_on": "2026-02-07 08:15:53", + "owner_user_id": 1, + "domain_names": [ + "rpc-alltra.d-bis.org" + ], + "forward_host": "192.168.11.172", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 151, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 11, + "created_on": "2026-01-16 14:41:00", + "modified_on": "2026-02-18 16:05:26", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 52, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 9, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-18 16:05:23", + "owner_user_id": 1, + "domain_names": [ + "rpc-http-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 53, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 35, + "created_on": "2026-02-07 00:42:20", + "modified_on": "2026-02-07 08:16:06", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-2.d-bis.org" + ], + "forward_host": "192.168.11.247", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 152, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 36, + "created_on": "2026-02-07 00:42:22", + "modified_on": "2026-02-07 08:16:19", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx-3.d-bis.org" + ], + "forward_host": "192.168.11.248", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 153, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 34, + "created_on": "2026-02-07 00:42:19", + "modified_on": "2026-02-07 08:16:32", + "owner_user_id": 1, + "domain_names": [ + "rpc-hybx.d-bis.org" + ], + "forward_host": "192.168.11.246", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 154, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 12, + "created_on": "2026-01-16 14:41:01", + "modified_on": "2026-02-18 16:05:27", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-prv.d-bis.org" + ], + "forward_host": "192.168.11.211", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 54, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 10, + "created_on": "2026-01-16 14:40:59", + "modified_on": "2026-02-18 16:05:24", + "owner_user_id": 1, + "domain_names": [ + "rpc-ws-pub.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 55, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 26, + "created_on": "2026-01-29 16:35:10", + "modified_on": "2026-02-18 16:05:32", + "owner_user_id": 1, + "domain_names": [ + "rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 141, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "# Cloudflare API token\r\ndns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 24, + "created_on": "2026-01-29 15:38:44", + "modified_on": "2026-02-18 16:05:30", + "owner_user_id": 1, + "domain_names": [ + "rpc.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 21, + "created_on": "2026-01-16 14:41:09", + "modified_on": "2026-02-18 16:05:28", + "owner_user_id": 1, + "domain_names": [ + "rpc.public-0138.defi-oracle.io" + ], + "forward_host": "192.168.11.240", + "forward_port": 443, + "access_list_id": 0, + "certificate_id": 56, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": true, + "forward_scheme": "https", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 27, + "created_on": "2026-01-29 16:35:11", + "modified_on": "2026-02-18 16:05:34", + "owner_user_id": 1, + "domain_names": [ + "rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8545, + "access_list_id": 0, + "certificate_id": 137, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 3, + "created_on": "2026-01-16 14:40:54", + "modified_on": "2026-01-16 17:01:32", + "owner_user_id": 1, + "domain_names": [ + "sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 57, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "add_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 16, + "created_on": "2026-01-16 14:41:04", + "modified_on": "2026-02-18 16:05:42", + "owner_user_id": 1, + "domain_names": [ + "secure.d-bis.org" + ], + "forward_host": "192.168.11.130", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 58, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 19, + "created_on": "2026-01-16 14:41:07", + "modified_on": "2026-02-18 16:05:45", + "owner_user_id": 1, + "domain_names": [ + "secure.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 59, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 7, + "created_on": "2026-01-16 14:40:57", + "modified_on": "2026-01-16 17:02:09", + "owner_user_id": 1, + "domain_names": [ + "the-order.sankofa.nexus" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 60, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 20, + "created_on": "2026-01-16 14:41:08", + "modified_on": "2026-02-18 16:05:46", + "owner_user_id": 1, + "domain_names": [ + "training.mim4u.org" + ], + "forward_host": "192.168.11.37", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 61, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": true, + "advanced_config": "# Security Headers\r\nadd_header X-Content-Type-Options \"nosniff\" always;\r\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\r\nadd_header X-XSS-Protection \"1; mode=block\" always;\r\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\r\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\r\n\r\n# Ensure proper DOCTYPE (if backend doesn't provide it)\r\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "letsencrypt_agree": false, + "dns_challenge": false, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 28, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-18 16:05:35", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 138, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 29, + "created_on": "2026-01-29 16:35:12", + "modified_on": "2026-02-18 16:05:37", + "owner_user_id": 1, + "domain_names": [ + "ws.rpc2.d-bis.org" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 139, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 25, + "created_on": "2026-01-29 15:38:45", + "modified_on": "2026-02-18 16:05:31", + "owner_user_id": 1, + "domain_names": [ + "wss.defi-oracle.io" + ], + "forward_host": "192.168.11.221", + "forward_port": 8546, + "access_list_id": 0, + "certificate_id": 140, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": { + "dns_challenge": true, + "dns_provider": "cloudflare", + "dns_provider_credentials": "dns_cloudflare_email = pandoramannli@gmail.com\r\ndns_cloudflare_api_key = 65d8f07ebb3f0454fdc4e854b6ada13fba0f0", + "letsencrypt_agree": true, + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": true, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": [], + "hsts_enabled": false, + "hsts_subdomains": false + }, + { + "id": 18, + "created_on": "2026-01-16 14:41:06", + "modified_on": "2026-01-16 17:02:14", + "owner_user_id": 1, + "domain_names": [ + "www.mim4u.org" + ], + "forward_host": "192.168.11.36", + "forward_port": 80, + "access_list_id": 0, + "certificate_id": 62, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 6, + "created_on": "2026-01-16 14:40:56", + "modified_on": "2026-01-16 17:02:17", + "owner_user_id": 1, + "domain_names": [ + "www.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.50", + "forward_port": 4000, + "access_list_id": 0, + "certificate_id": 63, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 4, + "created_on": "2026-01-16 14:40:55", + "modified_on": "2026-01-16 17:02:19", + "owner_user_id": 1, + "domain_names": [ + "www.sankofa.nexus" + ], + "forward_host": "192.168.11.51", + "forward_port": 3000, + "access_list_id": 0, + "certificate_id": 64, + "ssl_forced": true, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "# Security Headers\nadd_header X-Content-Type-Options \"nosniff\" always;\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\nadd_header X-XSS-Protection \"1; mode=block\" always;\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nadd_header Content-Security-Policy \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' https: data:; img-src 'self' data: https: blob:; connect-src 'self' https: wss: ws:; media-src 'self' https: data:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; upgrade-insecure-requests\" always;\n\n# Ensure proper DOCTYPE (if backend doesn't provide it)\n# Note: This requires backend to send proper DOCTYPE, Nginx can't modify HTML body easily", + "meta": { + "nginx_online": true, + "nginx_err": null + }, + "allow_websocket_upgrade": false, + "http2_support": true, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": true, + "hsts_subdomains": true + }, + { + "id": 48, + "created_on": "2026-02-13 20:32:39", + "modified_on": "2026-02-13 20:32:39", + "owner_user_id": 1, + "domain_names": [ + "xom.xom-dev.phoenix.sankofa.nexus" + ], + "forward_host": "192.168.11.54", + "forward_port": 3004, + "access_list_id": 0, + "certificate_id": 0, + "ssl_forced": false, + "caching_enabled": false, + "block_exploits": false, + "advanced_config": "", + "meta": {}, + "allow_websocket_upgrade": false, + "http2_support": false, + "forward_scheme": "http", + "enabled": true, + "locations": null, + "hsts_enabled": false, + "hsts_subdomains": false + } +] diff --git a/backups/npmplus/backup-20260221_030001/certificates/cert_list.txt b/backups/npmplus/backup-20260221_030001/certificates/cert_list.txt new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260221_030001/database/database.sql b/backups/npmplus/backup-20260221_030001/database/database.sql new file mode 100644 index 0000000..77149a3 --- /dev/null +++ b/backups/npmplus/backup-20260221_030001/database/database.sql @@ -0,0 +1 @@ +Database file not found diff --git a/backups/npmplus/backup-20260221_030001/database/database.sqlite b/backups/npmplus/backup-20260221_030001/database/database.sqlite new file mode 100644 index 0000000..e69de29 diff --git a/backups/npmplus/backup-20260221_030001/manifest.json b/backups/npmplus/backup-20260221_030001/manifest.json new file mode 100644 index 0000000..0b70547 --- /dev/null +++ b/backups/npmplus/backup-20260221_030001/manifest.json @@ -0,0 +1,19 @@ +{ + "timestamp": "20260221_030001", + "backup_date": "2026-02-21T03:00:14-08:00", + "npmplus_vmid": "10233", + "npmplus_host": "192.168.11.11", + "npm_url": "https://192.168.11.167:81", + "backup_contents": { + "database": { + "sql_dump": "present", + "sqlite_file": "missing" + }, + "api_exports": { + "proxy_hosts": "present", + "certificates": "present", + "access_lists": "present" + }, + "certificate_files": "missing" + } +} diff --git a/backups/npmplus/backup-20260221_030001/volumes/volume_list.txt b/backups/npmplus/backup-20260221_030001/volumes/volume_list.txt new file mode 100644 index 0000000..4545150 --- /dev/null +++ b/backups/npmplus/backup-20260221_030001/volumes/volume_list.txt @@ -0,0 +1 @@ +DRIVER VOLUME NAME diff --git a/config/README-CONTRACTS-MASTER.md b/config/README-CONTRACTS-MASTER.md new file mode 100644 index 0000000..225641b --- /dev/null +++ b/config/README-CONTRACTS-MASTER.md @@ -0,0 +1,79 @@ +# Master Smart Contracts (JSON) + +**Single source of truth for contract addresses:** `config/smart-contracts-master.json` + +- **Safe to publish** — no secrets (no keys, no RPC URLs with credentials). +- **Used by:** Bash scripts (via `scripts/lib/load-contract-addresses.sh`), Node/JS (via `config/contracts-loader.cjs`), and docs. + +## Layout + +- **`smart-contracts-master.json`** — Chains keyed by chain id (`138`, `1`). Each chain has: + - `contracts`: map of contract name → address. + - `envVarMap`: map of env var name (e.g. `CCIP_ROUTER`) → contract key (for backward compatibility with .env). + +## Bash + +Contract addresses are loaded automatically when you source project env: + +```bash +source scripts/lib/load-project-env.sh +# Addresses from .env are used first; any missing are filled from smart-contracts-master.json +echo $CCIP_ROUTER +echo $CONTRACTS_138_CCIP_Router +``` + +Or source the contract loader only (after setting `PROJECT_ROOT`): + +```bash +source scripts/lib/load-contract-addresses.sh +``` + +## Node / JavaScript + +From repo root or any app that can resolve `config/contracts-loader.cjs`: + +```javascript +const { + getContractAddress, + getChainContracts, + loadContractsIntoProcessEnv +} = require('./config/contracts-loader.cjs'); + +// By contract key +getContractAddress(138, 'CCIP_Router'); // => '0x8078...' +getContractAddress(138, 'CCIPWETH9_Bridge'); +getContractAddress(1, 'CCIP_Relay_Router'); + +// By env var name (resolved via envVarMap) +getContractAddress(138, 'CCIP_ROUTER'); +getContractAddress(138, 'CCIPWETH9_BRIDGE_CHAIN138'); + +// All contracts for a chain +getChainContracts(138); + +// Fill process.env for chain 138 and 1 (only where not already set) +loadContractsIntoProcessEnv(); +``` + +## Overrides + +- **.env** (e.g. `smom-dbis-138/.env`, `services/relay/.env`): Values set there take precedence over the master JSON. Use .env for local or per-service overrides. +- **Publishing:** Commit `smart-contracts-master.json`; do not commit `.env` or any file containing `PRIVATE_KEY` or API secrets. + +## Updating addresses + +1. Edit `config/smart-contracts-master.json` (add/change under `chains..contracts` and, if needed, `envVarMap`). +2. Keep `docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md` in sync for human-readable tables. +3. Re-run scripts or restart Node services to pick up changes; no rebuild required for JSON. + +## Token mapping (Chain 138 ↔ Mainnet) + +- **`token-mapping.json`** — Single source of truth for cross-chain token addresses (Chain 138 → Ethereum Mainnet). Lists which tokens have a Mainnet address and whether the relay bridge supports them (currently only WETH9). +- **`token-mapping-loader.cjs`** — Node API: `getRelayTokenMapping()` returns `{ chain138Address: mainnetAddress }`; `getTokenList()` returns full token list with `relaySupported` and notes. Used by the relay service (`smom-dbis-138/services/relay`). + +See [TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md](../docs/07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md) for the full table and recommendations. + +## Related + +- [CONTRACT_ADDRESSES_REFERENCE.md](../docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md) — Human-readable address list and service config. +- [contract-addresses.conf](contract-addresses.conf) — Legacy shell config for Blockscout verification; still sourced by `load-contract-addresses.sh`. Keep Oracle (and other) addresses aligned with `smart-contracts-master.json` (chains.138.contracts). diff --git a/config/besu-node-lists/permissions-nodes.toml b/config/besu-node-lists/permissions-nodes.toml index fa1097e..263f827 100644 --- a/config/besu-node-lists/permissions-nodes.toml +++ b/config/besu-node-lists/permissions-nodes.toml @@ -1,6 +1,6 @@ # Node Permissioning — SINGLE SOURCE OF TRUTH for all Besu nodes # Must match config/besu-node-lists/static-nodes.json and be deployed to every node. -# Generated by scripts/besu/collect-enodes-from-all-besu-nodes.sh — 32 nodes, no duplicates. +# Generated by scripts/besu/collect-enodes-from-all-besu-nodes.sh — 30 nodes (203/204 removed, VMIDs destroyed). nodes-allowlist=[ "enode://2221dd9fc65c9082d4a937832cba9f6759981888df6798407c390bd153f4332c152ea5d03dd9d9cda74d7990fb3479a5c4ba7166269322be9790eed9ebdcfe24@192.168.11.100:30303", diff --git a/config/contract-addresses.conf b/config/contract-addresses.conf index bfd51c7..d30e5e7 100644 --- a/config/contract-addresses.conf +++ b/config/contract-addresses.conf @@ -1,10 +1,16 @@ # Contract addresses for Blockscout verification (Chain 138) -# Source for verify-contracts-blockscout.sh -# Override via env (e.g. CCIPWETH9_BRIDGE_CHAIN138) +# Source for verify-contracts-blockscout.sh. Canonical source: config/smart-contracts-master.json (chains.138.contracts). +# Override via env (e.g. CCIPWETH9_BRIDGE_CHAIN138). + +# smom-dbis-138 — core (aligned with smart-contracts-master.json) +ADDR_MULTICALL="0xF4AA429BE277d1a1a1A744C9e5B3aD821a9b96f7" +ADDR_ORACLE_AGGREGATOR="0x452a4701d01c0Ff3ED0C547a5adF0659eb4a3ef7" +ADDR_ORACLE_PROXY="0x404DcD22f82C734361256B441DAAa8DE654CE191" +ADDR_MULTISIG="0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965" +ADDR_CCIP_RECEIVER="0xC12236C03b28e675d376774FCE2C2C052488430F" +ADDR_VOTING="0x022267b26400114aF01BaCcb92456Fe36cfccD93" -# smom-dbis-138 ADDR_CCIP_SENDER="0x105F8A15b819948a89153505762444Ee9f324684" -ADDR_ORACLE_PROXY="0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6" ADDR_CCIPWETH10_BRIDGE="0xe0E93247376aa097dB308B92e6Ba36bA015535D0" ADDR_CCIPWETH9_BRIDGE="${CCIPWETH9_BRIDGE_CHAIN138:-0x971cD9D156f193df8051E48043C476e53ECd4693}" diff --git a/config/contracts-loader.cjs b/config/contracts-loader.cjs new file mode 100644 index 0000000..3d87163 --- /dev/null +++ b/config/contracts-loader.cjs @@ -0,0 +1,106 @@ +/** + * Load contract addresses from config/smart-contracts-master.json. + * Usable from any Node app (CommonJS). Safe to publish (no secrets in JSON). + * + * Usage: + * const { getContractAddress, getChainContracts, loadContractsIntoProcessEnv } = require('../config/contracts-loader.cjs'); + * getContractAddress(138, 'CCIP_Router') // => '0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e' + * getContractAddress(138, 'CCIPWETH9_Bridge') // by contract key + * loadContractsIntoProcessEnv() // set process.env.CCIP_ROUTER etc. from envVarMap when unset + * + * @version 2026-02-13 + */ + +const path = require('path'); +const fs = require('fs'); + +const DEFAULT_JSON_PATH = path.resolve(__dirname, 'smart-contracts-master.json'); + +let _cache = null; + +function loadMasterJson(jsonPath = DEFAULT_JSON_PATH) { + if (_cache && _cache.path === jsonPath) return _cache.data; + const raw = fs.readFileSync(jsonPath, 'utf8'); + const data = JSON.parse(raw); + _cache = { path: jsonPath, data }; + return data; +} + +/** + * @param {number|string} chainId - e.g. 138 or '138' + * @param {string} contractKey - key from contracts object (e.g. 'CCIP_Router') or env var name (e.g. 'CCIP_ROUTER' via envVarMap) + * @param {string} [jsonPath] - optional path to master JSON + * @returns {string|undefined} contract address or undefined + */ +function getContractAddress(chainId, contractKey, jsonPath) { + const data = loadMasterJson(jsonPath); + const chain = String(chainId); + const chainData = data.chains && data.chains[chain]; + if (!chainData) return undefined; + const contracts = chainData.contracts || {}; + const envVarMap = chainData.envVarMap || {}; + // Direct contract key + if (contracts[contractKey]) return contracts[contractKey]; + // Env var name -> contract key -> address + const mappedKey = envVarMap[contractKey]; + if (mappedKey && contracts[mappedKey]) return contracts[mappedKey]; + return undefined; +} + +/** + * @param {number|string} chainId + * @param {string} [jsonPath] + * @returns {{ [contractKey: string]: string }} all contracts for the chain + */ +function getChainContracts(chainId, jsonPath) { + const data = loadMasterJson(jsonPath); + const chain = String(chainId); + const chainData = data.chains && data.chains[chain]; + if (!chainData) return {}; + return { ...(chainData.contracts || {}) }; +} + +/** + * Get mapper for a chain: either on-chain AddressMapper address or "canonical" (use canonical addresses, no contract). + * Ensures mapper is provided across all networks with bridges or liquidity pools. + * + * @param {number|string} chainId - e.g. 138 or '651940' + * @param {string} [jsonPath] + * @returns {string|undefined} AddressMapper contract address, "canonical", or undefined if chain not in config + */ +function getMapperAddress(chainId, jsonPath) { + const data = loadMasterJson(jsonPath); + const chain = String(chainId); + const chainData = data.chains && data.chains[chain]; + if (!chainData) return undefined; + return chainData.mapper; +} + +/** + * Set process.env from envVarMap for the given chain(s) when not already set. + * @param {number|string|(number|string)[]} [chainIds] - default [138, 1] + * @param {string} [jsonPath] + */ +function loadContractsIntoProcessEnv(chainIds, jsonPath) { + const chains = Array.isArray(chainIds) ? chainIds : (chainIds != null ? [chainIds] : ['138', '1']); + const data = loadMasterJson(jsonPath); + for (const chain of chains) { + const chainData = data.chains && data.chains[String(chain)]; + if (!chainData || !chainData.envVarMap) continue; + const contracts = chainData.contracts || {}; + for (const [envVar, contractKey] of Object.entries(chainData.envVarMap)) { + if (process.env[envVar] != null && process.env[envVar] !== '') continue; + const addr = contracts[contractKey]; + if (addr) process.env[envVar] = addr; + } + } +} + +module.exports = { + loadMasterJson, + getContractAddress, + getChainContracts, + getMapperAddress, + loadContractsIntoProcessEnv, + DEFAULT_JSON_PATH +}; diff --git a/config/generated-node-configs/config-1505.toml b/config/generated-node-configs/config-1505.toml index d0ee0b7..6e7b109 100644 --- a/config/generated-node-configs/config-1505.toml +++ b/config/generated-node-configs/config-1505.toml @@ -8,7 +8,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.213" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC diff --git a/config/generated-node-configs/config-1506.toml b/config/generated-node-configs/config-1506.toml index 5dc5a2f..08361dc 100644 --- a/config/generated-node-configs/config-1506.toml +++ b/config/generated-node-configs/config-1506.toml @@ -8,7 +8,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.214" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC diff --git a/config/generated-node-configs/config-1507.toml b/config/generated-node-configs/config-1507.toml index 8e3433b..da75961 100644 --- a/config/generated-node-configs/config-1507.toml +++ b/config/generated-node-configs/config-1507.toml @@ -8,7 +8,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.244" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC diff --git a/config/generated-node-configs/config-1508.toml b/config/generated-node-configs/config-1508.toml index ba4666a..95a4843 100644 --- a/config/generated-node-configs/config-1508.toml +++ b/config/generated-node-configs/config-1508.toml @@ -8,7 +8,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.245" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC diff --git a/config/generated-node-configs/config-2500.toml b/config/generated-node-configs/config-2500.toml index 086ad85..765c2cc 100644 --- a/config/generated-node-configs/config-2500.toml +++ b/config/generated-node-configs/config-2500.toml @@ -9,7 +9,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.172" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC - Full Function (can deploy contracts, execute writes) diff --git a/config/generated-node-configs/config-2501.toml b/config/generated-node-configs/config-2501.toml index e3bc73e..a8e6a3d 100644 --- a/config/generated-node-configs/config-2501.toml +++ b/config/generated-node-configs/config-2501.toml @@ -9,7 +9,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.173" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC - Standard Base (read-only, no admin APIs) diff --git a/config/generated-node-configs/config-2502.toml b/config/generated-node-configs/config-2502.toml index 18c8dd4..4b6b4c4 100644 --- a/config/generated-node-configs/config-2502.toml +++ b/config/generated-node-configs/config-2502.toml @@ -9,7 +9,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.174" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC - Standard Base (read-only, no admin APIs) diff --git a/config/generated-node-configs/config-2503.toml b/config/generated-node-configs/config-2503.toml index da64db7..7707c15 100644 --- a/config/generated-node-configs/config-2503.toml +++ b/config/generated-node-configs/config-2503.toml @@ -9,7 +9,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.246" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC - Full Function (can deploy contracts, execute writes) diff --git a/config/generated-node-configs/config-2504.toml b/config/generated-node-configs/config-2504.toml index 18fa596..72cd3d0 100644 --- a/config/generated-node-configs/config-2504.toml +++ b/config/generated-node-configs/config-2504.toml @@ -9,7 +9,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.247" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC - Standard Base (read-only, no admin APIs) diff --git a/config/generated-node-configs/config-2505.toml b/config/generated-node-configs/config-2505.toml index 015fa56..c95e079 100644 --- a/config/generated-node-configs/config-2505.toml +++ b/config/generated-node-configs/config-2505.toml @@ -9,7 +9,7 @@ genesis-file="" network-id=138 p2p-host="192.168.11.248" p2p-port=30303 -max-peers=25 +max-peers=32 discovery-enabled=true # RPC - Standard Base (read-only, no admin APIs) diff --git a/config/ip-addresses.conf b/config/ip-addresses.conf index 2857147..6cb84a4 100644 --- a/config/ip-addresses.conf +++ b/config/ip-addresses.conf @@ -12,24 +12,25 @@ PROXMOX_ML110="${PROXMOX_HOST_ML110}" PROXMOX_R630_01="${PROXMOX_HOST_R630_01}" PROXMOX_R630_02="${PROXMOX_HOST_R630_02}" -# RPC Endpoints -# RPC_CORE_1: Use for admin and contract deployments (Chain 138) +# RPC Endpoints — Chain ID 138 two standards +# Core (admin/deploy): RPC_URL_138 — VMID 2101 RPC_CORE_1="192.168.11.211" -# RPC_CORE_2: Nathan — SFValley2 tunnel (VMID 2102). Create container and add enode to besu-node-lists when ready. -RPC_CORE_2="192.168.11.212" -# RPC_PUBLIC_1 / VMID 2201 (besu-rpc-public-1): FIXED PERMANENT - 192.168.11.221 -# Use for bridge, monitoring, public-facing (ports 8545 HTTP, 8546 WS). Do not change. +RPC_URL_138="http://${RPC_CORE_1}:8545" +# Public (bridge/frontend/monitoring): RPC_URL_138_PUBLIC — VMID 2201, FIXED PERMANENT RPC_PUBLIC_1="192.168.11.221" RPC_2201="192.168.11.221" -RPC_PRIVATE_1="192.168.11.232" -RPC_THIRDWEB_PRIMARY="192.168.11.240" - -# Default RPC URL (admin/deployment → RPC_CORE_1) -RPC_URL_138="http://${RPC_CORE_1}:8545" -# Public/bridge/monitoring: VMID 2201 (8545 HTTP, 8546 WS) RPC_URL_138_PUBLIC="http://${RPC_PUBLIC_1}:8545" WS_URL_138_PUBLIC="ws://${RPC_PUBLIC_1}:8546" +# Other RPC nodes +RPC_CORE_2="192.168.11.212" +RPC_PRIVATE_1="192.168.11.232" +# Fireblocks-dedicated RPC (VMID 2301, same node as RPC_PRIVATE_1 — dedicated for Fireblocks Web3) +RPC_FIREBLOCKS_1="${RPC_PRIVATE_1}" +RPC_URL_138_FIREBLOCKS="http://${RPC_FIREBLOCKS_1}:8545" +WS_URL_138_FIREBLOCKS="ws://${RPC_FIREBLOCKS_1}:8546" +RPC_THIRDWEB_PRIMARY="192.168.11.240" + # Gateway (192.168.11.0/24 — do not change unless network changes) NETWORK_GATEWAY="${NETWORK_GATEWAY:-192.168.11.1}" @@ -135,13 +136,20 @@ IP_KEYCLOAK="192.168.11.52" IP_RPC_90="192.168.11.90" # Development VM (VMID 5700) — shared Cursor dev + private GitOps (Gitea). See docs/04-configuration/DEV_VM_GITOPS_PLAN.md -IP_DEV_VM="192.168.11.60" +# Changed from .60 to .59 to resolve conflict with VMID 3000 (ML) at .60. Reconfigure CT 5700 on Proxmox to use this IP. +IP_DEV_VM="192.168.11.59" # Mifos X + Fineract (VMID 5800) on r630-02 — Cloudflare Tunnel + UK egress. See docs/04-configuration/MIFOS_R630_02_DEPLOYMENT.md MIFOS_IP="192.168.11.85" # Public IP for Mifos when using direct access (A record + UDM Pro port forward). See docs/04-configuration/UDM_PRO_MIFOS_76_53_10_41_PORT_FORWARD.md PUBLIC_IP_MIFOS="76.53.10.41" +# DApp LXC (VMID 5801) — frontend-dapp for Chain 138 bridge. See docs/03-deployment/DAPP_LXC_DEPLOYMENT.md; E2E: tunnel + NPMplus dapp.d-bis.org +IP_DAPP_LXC="192.168.11.58" + +# Gov Portals dev (VMID 7804) — DBIS, ICCC, OMNL, XOM at *.xom-dev.phoenix.sankofa.nexus +IP_GOV_PORTALS_DEV="192.168.11.54" + # Fourth NPMplus (dev/Codespaces) — tunnel + Proxmox admin. Public 76.53.10.40. See docs/04-configuration/DEV_CODESPACES_76_53_10_40.md IP_NPMPLUS_FOURTH="192.168.11.170" PUBLIC_IP_NPMPLUS_FOURTH="76.53.10.40" diff --git a/config/smart-contracts-master.json b/config/smart-contracts-master.json new file mode 100644 index 0000000..ab259b8 --- /dev/null +++ b/config/smart-contracts-master.json @@ -0,0 +1,156 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "description": "Master list of smart contract addresses for Chain 138 and related chains. Single source of truth; safe to publish (no secrets). Code and .env can override per-environment.", + "version": "1.0.0", + "updated": "2026-02-16", + "chains": { + "138": { + "name": "SMOM-DBIS-138", + "chainId": 138, + "mapper": "0xe48E3f248698610e18Db865457fcd935Bb3da856", + "contracts": { + "WETH9": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "WETH10": "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f", + "Multicall": "0x99b3511a2d315a497c8112c1fdd8d508d4b1e506", + "Oracle_Aggregator": "0x452a4701d01c0Ff3ED0C547a5adF0659eb4a3ef7", + "Oracle_Proxy": "0x404DcD22f82C734361256B441DAAa8DE654CE191", + "CCIP_Router": "0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e", + "CCIP_Sender": "0x105F8A15b819948a89153505762444Ee9f324684", + "CCIP_Receiver": "0xC12236C03b28e675d376774FCE2C2C052488430F", + "CCIPWETH9_Bridge": "0x971cD9D156f193df8051E48043C476e53ECd4693", + "CCIPWETH10_Bridge": "0xe0E93247376aa097dB308B92e6Ba36bA015535D0", + "LINK_Token": "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03", + "CCIP_Fee_Token": "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03", + "Compliant_USDT": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "Compliant_USDC": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "Token_Registry": "0x91Efe92229dbf7C5B38D422621300956B55870Fa", + "Token_Factory": "0xb5273722e0a745Ab21c36C6250494DB92a075D44", + "Compliance_Registry": "0xab9EB8f7d6bB9A38468C0980D6C3AD8242b48013", + "Bridge_Vault": "0x389bA4d4175BC9662ED73e6974795b6873874d0D", + "Fee_Collector": "0xF78246eB94c6CB14018E507E60661314E5f4C53f", + "Debt_Registry": "0x9d729C8888fB0c2a4d4245c3C27B5b2Ab014D775", + "Policy_Manager": "0x7CA84B0f4Ea863D6E8D6eE901f08Fd00Aec5Cb3C", + "Token_Implementation": "0x71f7cD8b278A57536723CeddA6A5B77EE477ec2b", + "Merchant_Settlement_Registry": "0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800", + "Settlement_Registry": "0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800", + "Withdrawal_Escrow": "0xe77cb26eA300e2f5304b461b0EC94c8AD6A7E46D", + "Universal_Asset_Registry": "0xAEE4b7fBe82E1F8295951584CBc772b8BBD68575", + "Governance_Controller": "0xA6891D5229f2181a34D4FF1B515c3Aa37dd90E0e", + "Universal_CCIP_Bridge": "0xCd42e8eD79Dc50599535d1de48d3dAFa0BE156F8", + "Bridge_Orchestrator": "0x89aB428c437f23bAB9781ff8Db8D3848e27EeD6c", + "Payment_Channel_Manager": "0x302aF72966aFd21C599051277a48DAa7f01a5f54", + "Generic_State_Channel_Manager": "0xe5e3bB424c8a0259FDE23F0A58F7e36f73B90aBd", + "Address_Mapper": "0xe48E3f248698610e18Db865457fcd935Bb3da856", + "Mirror_Manager": "0x6eD905A30c552a6e003061A38FD52A5A427beE56", + "Lockbox138": "0x9E51fAAE511024161b99838Af0dbA38Ff354F72c", + "Reserve_System": "0x607e97cD626f209facfE48c1464815DDE15B5093", + "Reserve_Token_Integration": "0x34B73e6EDFd9f85a7c25EeD31dcB13aB6E969b96", + "Regulated_Entity_Registry": "0xEA4C892D6c1253797c5D95a05BF3863363080b4B", + "Vault_Factory": "0xB2Ac70f35A81481B005067ed6567a5043BA32336", + "CREATE2_Factory": "0x750E4a8adCe9f0e67A420aBE91342DC64Eb90825", + "Universal_Asset_Registry_Deterministic": "0xC98602aa574F565b5478E8816BCab03C9De0870f", + "Universal_CCIP_Bridge_Deterministic": "0x532DE218b94993446Be30eC894442f911499f6a3", + "Mirror_Registry": "0x6427F9739e6B6c3dDb4E94fEfeBcdF35549549d8", + "Alltra_Adapter": "0x66FEBA2fC9a0B47F26DD4284DAd24F970436B8Dc", + "Transaction_Mirror": "0x4CF42c4F1dBa748601b8938be3E7ABD732E87cE9", + "Tether_USDT_Chain138": "0x15DF1D5BFDD8Aa4b380445D4e3E9B38d34283619", + "Price_Feed_Keeper": "0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04", + "Multicall_New": "0xF4AA429BE277d1a1a1A744C9e5B3aD821a9b96f7", + "Oracle_Aggregator_New": "0x452a4701d01c0Ff3ED0C547a5adF0659eb4a3ef7", + "Oracle_Proxy_New": "0x404DcD22f82C734361256B441DAAa8DE654CE191", + "Multisig": "0xb9E29cFa1f89d369671E640d0BB3aD94Cab43965", + "Voting": "0x022267b26400114aF01BaCcb92456Fe36cfccD93", + "Deployer_Admin": "0x4A666F96fC8764181194447A7dFdb7d471b301C8" + }, + "envVarMap": { + "CCIP_ROUTER": "CCIP_Router", + "CCIP_FEE_TOKEN": "CCIP_Fee_Token", + "LINK_TOKEN": "LINK_Token", + "LINK_TOKEN_CHAIN138": "LINK_Token", + "CCIPWETH9_BRIDGE_CHAIN138": "CCIPWETH9_Bridge", + "CCIP_ROUTER_ADDRESS": "CCIP_Router", + "COMPLIANCE_REGISTRY_ADDRESS": "Compliance_Registry", + "TOKEN_FACTORY": "Token_Factory", + "BRIDGE_VAULT": "Bridge_Vault", + "DEBT_REGISTRY": "Debt_Registry", + "POLICY_MANAGER": "Policy_Manager", + "TOKEN_IMPLEMENTATION": "Token_Implementation", + "COMPLIANT_USDT_ADDRESS": "Compliant_USDT", + "COMPLIANT_USDC_ADDRESS": "Compliant_USDC", + "TOKEN_REGISTRY_ADDRESS": "Token_Registry", + "FEE_COLLECTOR_ADDRESS": "Fee_Collector", + "UNIVERSAL_ASSET_REGISTRY": "Universal_Asset_Registry", + "GOVERNANCE_CONTROLLER": "Governance_Controller", + "UNIVERSAL_CCIP_BRIDGE": "Universal_CCIP_Bridge", + "BRIDGE_ORCHESTRATOR": "Bridge_Orchestrator", + "PAYMENT_CHANNEL_MANAGER": "Payment_Channel_Manager", + "GENERIC_STATE_CHANNEL_MANAGER": "Generic_State_Channel_Manager", + "ADDRESS_MAPPER": "Address_Mapper", + "MIRROR_MANAGER": "Mirror_Manager", + "VAULT_FACTORY": "Vault_Factory", + "RESERVE_SYSTEM": "Reserve_System", + "RESERVE_TOKEN_INTEGRATION": "Reserve_Token_Integration", + "REGULATED_ENTITY_REGISTRY": "Regulated_Entity_Registry", + "MERCHANT_SETTLEMENT_REGISTRY": "Merchant_Settlement_Registry", + "SETTLEMENT_REGISTRY_ADDRESS": "Settlement_Registry", + "WITHDRAWAL_ESCROW_ADDRESS": "Withdrawal_Escrow", + "CREATE2_FACTORY": "CREATE2_Factory", + "UNIVERSAL_ASSET_REGISTRY_DETERMINISTIC": "Universal_Asset_Registry_Deterministic", + "UNIVERSAL_CCIP_BRIDGE_DETERMINISTIC": "Universal_CCIP_Bridge_Deterministic", + "MIRROR_REGISTRY": "Mirror_Registry", + "ALLTRA_ADAPTER": "Alltra_Adapter", + "MIRROR_ADDRESS": "Transaction_Mirror", + "TETHER_ADDRESS": "Tether_USDT_Chain138", + "ORACLE_AGGREGATOR_ADDRESS": "Oracle_Aggregator", + "ORACLE_PROXY_ADDRESS": "Oracle_Proxy", + "RELAYER_ADDRESS": "Deployer_Admin", + "CCIP_ROUTER_CHAIN138": "CCIP_Router", + "CCIP_SENDER_ADDRESS": "CCIP_Sender", + "CUSDC_ADDRESS_138": "Compliant_USDC", + "CUSDT_ADDRESS_138": "Compliant_USDT" + } + }, + "1": { + "name": "Ethereum Mainnet", + "chainId": 1, + "mapper": "0x0ea68F5B5A8427bB58e54ECcee941F543Dc538c5", + "contracts": { + "CCIP_Relay_Router": "0xAd9A228CcEB4cbB612cD165FFB72fE090ff10Afb", + "CCIP_Relay_Bridge": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939", + "WETH9": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "LINK_Token": "0x514910771AF9Ca656af840dff83E8264EcF986CA", + "MainnetTether": "0x15DF1D5BFDD8Aa4b380445D4e3E9B38d34283619", + "Transaction_Mirror": "0x4CF42c4F1dBa748601b8938be3E7ABD732E87cE9" + }, + "envVarMap": { + "CCIP_RELAY_ROUTER_MAINNET": "CCIP_Relay_Router", + "CCIP_RELAY_BRIDGE_MAINNET": "CCIP_Relay_Bridge", + "RELAY_ROUTER_MAINNET": "CCIP_Relay_Router", + "RELAY_BRIDGE_MAINNET": "CCIP_Relay_Bridge", + "TETHER_ADDRESS": "MainnetTether", + "MIRROR_ADDRESS": "Transaction_Mirror" + } + }, + "651940": { + "name": "ALL Mainnet", + "chainId": 651940, + "mapper": "canonical", + "contracts": { + "WETH": "0x798F6762BB40d6801A593459d08F890603D3979C", + "AUSDC": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", + "AUSDT": "0x015B1897Ed5279930bC2Be46F661894d219292A6" + }, + "envVarMap": {} + }, + "56": { "name": "BSC (BNB Chain)", "chainId": 56, "mapper": "0x6e94e53F73893b2a6784Df663920D31043A6dE07", "contracts": {}, "envVarMap": {} }, + "137": { "name": "Polygon", "chainId": 137, "mapper": "0xb689c1C69DAa08DEb5D8feA2aBF0F64bFD409727", "contracts": {}, "envVarMap": {} }, + "100": { "name": "Gnosis Chain", "chainId": 100, "mapper": "0x99B3511A2d315A497C8112C1fdd8D508d4B1E506", "contracts": {}, "envVarMap": {} }, + "43114": { "name": "Avalanche C-Chain", "chainId": 43114, "mapper": "0x73376eB92c16977B126dB9112936A20Fa0De3442", "contracts": {}, "envVarMap": {} }, + "8453": { "name": "Base", "chainId": 8453, "mapper": "0x6e94e53F73893b2a6784Df663920D31043A6dE07", "contracts": {}, "envVarMap": {} }, + "42161": { "name": "Arbitrum One", "chainId": 42161, "mapper": "0xB142e7f4D3Cc0dd231BB1867E815342932431Bb5", "contracts": {}, "envVarMap": {} }, + "10": { "name": "Optimism", "chainId": 10, "mapper": "0xDAB0591e5e89295fFaD75A71Dcfc30c5625C4fA2", "contracts": {}, "envVarMap": {} }, + "25": { "name": "Cronos", "chainId": 25, "mapper": "0x6F521cd9FCF7884cD4E9486c7790e818638e09Dd", "contracts": { "Address_Mapper": "0x6F521cd9FCF7884cD4E9486c7790e818638e09Dd" }, "envVarMap": {} }, + "42220": { "name": "Celo", "chainId": 42220, "mapper": "canonical", "contracts": {}, "envVarMap": {} }, + "1111": { "name": "Wemix", "chainId": 1111, "mapper": "canonical", "contracts": {}, "envVarMap": {} } + } +} diff --git a/config/token-mapping-loader.cjs b/config/token-mapping-loader.cjs new file mode 100644 index 0000000..de6154d --- /dev/null +++ b/config/token-mapping-loader.cjs @@ -0,0 +1,149 @@ +/** + * Load token mapping from config/token-mapping.json and config/token-mapping-multichain.json. + * Used by relay service, bridge/LP tooling, and docs. Safe to publish (no secrets). + * + * Usage: + * const { getRelayTokenMapping, getTokenMappingForPair } = require('../config/token-mapping-loader.cjs'); + * const map = getRelayTokenMapping(); // 138 -> Mainnet (chain138Address -> mainnetAddress) + * const pair = getTokenMappingForPair(138, 651940); // { tokens, addressMapFromTo, addressMapToFrom } + * + * @version 2026-02-16 + */ + +const path = require('path'); +const fs = require('fs'); + +const DEFAULT_JSON_PATH = path.resolve(__dirname, 'token-mapping.json'); +const DEFAULT_MULTICHAIN_JSON_PATH = path.resolve(__dirname, 'token-mapping-multichain.json'); + +let _cache = null; +let _multichainCache = null; + +function loadTokenMappingJson(jsonPath = DEFAULT_JSON_PATH) { + if (_cache && _cache.path === jsonPath) return _cache.data; + try { + const raw = fs.readFileSync(jsonPath, 'utf8'); + const data = JSON.parse(raw); + _cache = { path: jsonPath, data }; + return data; + } catch (e) { + return null; + } +} + +function loadTokenMappingMultichainJson(jsonPath = DEFAULT_MULTICHAIN_JSON_PATH) { + if (_multichainCache && _multichainCache.path === jsonPath) return _multichainCache.data; + try { + const raw = fs.readFileSync(jsonPath, 'utf8'); + const data = JSON.parse(raw); + _multichainCache = { path: jsonPath, data }; + return data; + } catch (e) { + return null; + } +} + +/** + * Build object suitable for relay config.tokenMapping: Chain 138 address -> Mainnet address. + * Only includes tokens that have a mainnetAddress (canonical or wrapped). + * + * @param {string} [jsonPath] + * @returns {{ [chain138Address: string]: string }} + */ +function getRelayTokenMapping(jsonPath) { + const data = loadTokenMappingJson(jsonPath); + if (!data || !Array.isArray(data.tokens)) return {}; + const out = {}; + for (const t of data.tokens) { + if (t.chain138Address && t.mainnetAddress) { + out[t.chain138Address] = t.mainnetAddress; + } + } + return out; +} + +/** + * Get full token list with relaySupported and mainnet info. + * + * @param {string} [jsonPath] + * @returns {Array<{ key: string, name: string, chain138Address: string, mainnetAddress: string|null, relaySupported: boolean, notes: string }>} + */ +function getTokenList(jsonPath) { + const data = loadTokenMappingJson(jsonPath); + if (!data || !Array.isArray(data.tokens)) return []; + return data.tokens; +} + +/** + * Get token mapping for a chain pair from token-mapping-multichain.json. + * Tries (fromChainId, toChainId) then (toChainId, fromChainId) and returns tokens in from→to order. + * + * @param {number|string} fromChainId + * @param {number|string} toChainId + * @param {string} [jsonPath] + * @returns {{ tokens: Array<{ key: string, name: string, addressFrom: string, addressTo: string, notes?: string }>, addressMapFromTo: Record, addressMapToFrom: Record } | null} + */ +function getTokenMappingForPair(fromChainId, toChainId, jsonPath) { + const data = loadTokenMappingMultichainJson(jsonPath); + if (!data || !Array.isArray(data.pairs)) return null; + const from = Number(fromChainId); + const to = Number(toChainId); + let pair = data.pairs.find((p) => p.fromChainId === from && p.toChainId === to); + let reverse = false; + if (!pair) { + pair = data.pairs.find((p) => p.fromChainId === to && p.toChainId === from); + reverse = true; + } + if (!pair || !Array.isArray(pair.tokens)) return null; + const tokens = reverse + ? pair.tokens.map((t) => ({ key: t.key, name: t.name, addressFrom: t.addressTo, addressTo: t.addressFrom, notes: t.notes })) + : pair.tokens; + const addressMapFromTo = {}; + const addressMapToFrom = {}; + for (const t of tokens) { + if (t.addressFrom && t.addressTo) { + addressMapFromTo[t.addressFrom.toLowerCase()] = t.addressTo; + addressMapToFrom[t.addressTo.toLowerCase()] = t.addressFrom; + } + } + return { tokens, addressMapFromTo, addressMapToFrom }; +} + +/** + * Get all chain pairs defined in token-mapping-multichain.json. + * + * @param {string} [jsonPath] + * @returns {Array<{ fromChainId: number, toChainId: number, notes?: string }>} + */ +function getAllMultichainPairs(jsonPath) { + const data = loadTokenMappingMultichainJson(jsonPath); + if (!data || !Array.isArray(data.pairs)) return []; + return data.pairs.map((p) => ({ fromChainId: p.fromChainId, toChainId: p.toChainId, notes: p.notes })); +} + +/** + * Resolve token address on target chain from source chain address using multichain mapping. + * + * @param {number|string} fromChainId + * @param {number|string} toChainId + * @param {string} tokenAddressOnSource - address on fromChainId + * @param {string} [jsonPath] + * @returns {string|undefined} address on toChainId, or undefined if not mapped + */ +function getMappedAddress(fromChainId, toChainId, tokenAddressOnSource, jsonPath) { + const result = getTokenMappingForPair(fromChainId, toChainId, jsonPath); + if (!result) return undefined; + return result.addressMapFromTo[String(tokenAddressOnSource).toLowerCase()]; +} + +module.exports = { + loadTokenMappingJson, + loadTokenMappingMultichainJson, + getRelayTokenMapping, + getTokenList, + getTokenMappingForPair, + getAllMultichainPairs, + getMappedAddress, + DEFAULT_JSON_PATH, + DEFAULT_MULTICHAIN_JSON_PATH +}; diff --git a/config/token-mapping-multichain.json b/config/token-mapping-multichain.json new file mode 100644 index 0000000..353bfb1 --- /dev/null +++ b/config/token-mapping-multichain.json @@ -0,0 +1,269 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "description": "Multi-chain token mapping: Chain 138↔651940 (ALL Mainnet) and 651940↔1,56,137,100,43114,8453,42161,10,25,42220,1111. Single source of truth for bridge/LP tooling. Verify canonical addresses per chain: see docs/07-ccip/EXPLORER_TOKENS_CANONICAL_MAPPING.md.", + "version": "1.0.0", + "updated": "2026-02-16", + "chainNames": { + "1": "Ethereum Mainnet", + "10": "Optimism", + "25": "Cronos", + "56": "BSC (BNB Chain)", + "100": "Gnosis Chain", + "137": "Polygon", + "138": "SMOM-DBIS-138 (DeFi Oracle Meta)", + "42161": "Arbitrum One", + "42220": "Celo", + "43114": "Avalanche C-Chain", + "651940": "ALL Mainnet (Alltra)", + "8453": "Base", + "1111": "Wemix" + }, + "pairs": [ + { + "fromChainId": 138, + "toChainId": 651940, + "notes": "AlltraAdapter bridge; Chain 138 ↔ ALL Mainnet", + "tokens": [ + { + "key": "WETH9", + "name": "Wrapped Ether", + "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "addressTo": "0x798F6762BB40d6801A593459d08F890603D3979C", + "notes": "138 WETH9 → ALL Mainnet WETH" + }, + { + "key": "Compliant_USDT", + "name": "Compliant USDT (cUSDT)", + "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "addressTo": "0x015B1897Ed5279930bC2Be46F661894d219292A6", + "notes": "138 cUSDT → ALL Mainnet AUSDT (primary)" + }, + { + "key": "Compliant_USDC", + "name": "Compliant USDC (cUSDC)", + "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "addressTo": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", + "notes": "138 cUSDC → ALL Mainnet AUSDC" + } + ] + }, + { + "fromChainId": 651940, + "toChainId": 138, + "notes": "Reverse mapping for ALL Mainnet → Chain 138", + "tokens": [ + { + "key": "WETH", + "name": "Wrapped Ether", + "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", + "addressTo": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "notes": "651940 WETH → 138 WETH9" + }, + { + "key": "AUSDT", + "name": "Alltra USD Token", + "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", + "addressTo": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "notes": "651940 AUSDT → 138 cUSDT" + }, + { + "key": "AUSDC", + "name": "AUSDC", + "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", + "addressTo": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "notes": "651940 AUSDC → 138 cUSDC" + } + ] + }, + { + "fromChainId": 138, + "toChainId": 56, + "notes": "Chain 138 ↔ BSC (CCIP); direct mapping", + "tokens": [ + { "key": "WETH9", "name": "Wrapped Ether", "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "addressTo": "0x2170Ed0880ac9A755fd29B2688956BD959F933F8", "notes": "138 WETH9 → BSC WETH" }, + { "key": "Compliant_USDT", "name": "cUSDT", "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", "addressTo": "0x55d398326f99059fF775485246999027B3197955", "notes": "138 cUSDT → BSC USDT" }, + { "key": "Compliant_USDC", "name": "cUSDC", "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", "addressTo": "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d", "notes": "138 cUSDC → BSC USDC" } + ] + }, + { + "fromChainId": 138, + "toChainId": 137, + "notes": "Chain 138 ↔ Polygon (CCIP); direct mapping", + "tokens": [ + { "key": "WETH9", "name": "Wrapped Ether", "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "addressTo": "0x7ceB23fD6bC0adD59E62ac25578270cFf1b9f619", "notes": "138 WETH9 → Polygon WETH" }, + { "key": "Compliant_USDT", "name": "cUSDT", "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", "addressTo": "0xc2132D05D31c914a87C6611C10748AEb04B58e8F", "notes": "138 cUSDT → Polygon USDT" }, + { "key": "Compliant_USDC", "name": "cUSDC", "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", "addressTo": "0x3c499c542cEF5E3811e1192ce70d8cC03d5c1369", "notes": "138 cUSDC → Polygon USDC" } + ] + }, + { + "fromChainId": 138, + "toChainId": 100, + "notes": "Chain 138 ↔ Gnosis (CCIP); direct mapping", + "tokens": [ + { "key": "WETH9", "name": "Wrapped Ether", "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "addressTo": "0x6A023CCd1ff6F2045C3309768eAd9E68F978f6e1", "notes": "138 WETH9 → Gnosis WETH" }, + { "key": "Compliant_USDT", "name": "cUSDT", "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", "addressTo": "0x4ECaBa5870353805a9F068101A40E0f32ed605C6", "notes": "138 cUSDT → Gnosis USDT" }, + { "key": "Compliant_USDC", "name": "cUSDC", "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", "addressTo": "0xDDAfbb505ad214D7b80b1f830fcCc89B60fb7A83", "notes": "138 cUSDC → Gnosis USDC" } + ] + }, + { + "fromChainId": 138, + "toChainId": 43114, + "notes": "Chain 138 ↔ Avalanche (CCIP); direct mapping", + "tokens": [ + { "key": "WETH9", "name": "Wrapped Ether", "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "addressTo": "0x49D5c2BdFfac6CE2BFdB6640F4F80f226bc10bAB", "notes": "138 WETH9 → Avalanche WETH" }, + { "key": "Compliant_USDT", "name": "cUSDT", "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", "addressTo": "0x9702230A8Ea53601f5cD2dc00fDBc13d4dF4A8c7", "notes": "138 cUSDT → Avalanche USDT" }, + { "key": "Compliant_USDC", "name": "cUSDC", "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", "addressTo": "0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E", "notes": "138 cUSDC → Avalanche USDC" } + ] + }, + { + "fromChainId": 138, + "toChainId": 8453, + "notes": "Chain 138 ↔ Base (CCIP); direct mapping", + "tokens": [ + { "key": "WETH9", "name": "Wrapped Ether", "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "addressTo": "0x4200000000000000000000000000000000000006", "notes": "138 WETH9 → Base WETH" }, + { "key": "Compliant_USDT", "name": "cUSDT", "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", "addressTo": "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2", "notes": "138 cUSDT → Base USDT" }, + { "key": "Compliant_USDC", "name": "cUSDC", "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", "addressTo": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", "notes": "138 cUSDC → Base USDC" } + ] + }, + { + "fromChainId": 138, + "toChainId": 42161, + "notes": "Chain 138 ↔ Arbitrum (CCIP); direct mapping", + "tokens": [ + { "key": "WETH9", "name": "Wrapped Ether", "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "addressTo": "0x82aF49447D8a07e3bd95BD0d56f35241523fBab1", "notes": "138 WETH9 → Arbitrum WETH" }, + { "key": "Compliant_USDT", "name": "cUSDT", "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", "addressTo": "0xFd086bC7CD5C481DCC9C85ebE478A1C0b69FCbb9", "notes": "138 cUSDT → Arbitrum USDT" }, + { "key": "Compliant_USDC", "name": "cUSDC", "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", "addressTo": "0xaf88d065e77c8cC2239327C5EDb3A432268e5831", "notes": "138 cUSDC → Arbitrum USDC" } + ] + }, + { + "fromChainId": 138, + "toChainId": 10, + "notes": "Chain 138 ↔ Optimism (CCIP); direct mapping", + "tokens": [ + { "key": "WETH9", "name": "Wrapped Ether", "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "addressTo": "0x4200000000000000000000000000000000000006", "notes": "138 WETH9 → Optimism WETH" }, + { "key": "Compliant_USDT", "name": "cUSDT", "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", "addressTo": "0x94b008aA00579c1307B0EF2c499aD98a8ce58e58", "notes": "138 cUSDT → Optimism USDT" }, + { "key": "Compliant_USDC", "name": "cUSDC", "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", "addressTo": "0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85", "notes": "138 cUSDC → Optimism USDC" } + ] + }, + { + "fromChainId": 138, + "toChainId": 25, + "notes": "Chain 138 ↔ Cronos (CCIP); direct mapping", + "tokens": [ + { "key": "WETH9", "name": "Wrapped Ether", "addressFrom": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "addressTo": "0xe44Fd7fCb2b1581822D0c862B68222998a0c299a", "notes": "138 WETH9 → Cronos WETH" }, + { "key": "Compliant_USDT", "name": "cUSDT", "addressFrom": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", "addressTo": "0x66e4286603D22FF153A6547700f37C7Eae42F8E2", "notes": "138 cUSDT → Cronos USDT" }, + { "key": "Compliant_USDC", "name": "cUSDC", "addressFrom": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", "addressTo": "0xc21223249CA28397B4B6541dfFaEcC539BfF0c59", "notes": "138 cUSDC → Cronos USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 1, + "notes": "ALL Mainnet ↔ Ethereum Mainnet (canonical)", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", "notes": "Canonical WETH9" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0xdAC17F958D2ee523a2206206994597C13D831ec7", "notes": "Canonical USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48", "notes": "Canonical USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 56, + "notes": "ALL Mainnet ↔ BSC; canonical BEP-20", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0x2170Ed0880ac9A755fd29B2688956BD959F933F8", "notes": "BSC WETH" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0x55d398326f99059fF775485246999027B3197955", "notes": "BSC USDT (BEP-20)" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d", "notes": "BSC USDC (BEP-20)" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 137, + "notes": "ALL Mainnet ↔ Polygon", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0x7ceB23fD6bC0adD59E62ac25578270cFf1b9f619", "notes": "Polygon WETH" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0xc2132D05D31c914a87C6611C10748AEb04B58e8F", "notes": "Polygon USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0x3c499c542cEF5E3811e1192ce70d8cC03d5c1369", "notes": "Polygon USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 100, + "notes": "ALL Mainnet ↔ Gnosis Chain", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0x6A023CCd1ff6F2045C3309768eAd9E68F978f6e1", "notes": "Gnosis WETH" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0x4ECaBa5870353805a9F068101A40E0f32ed605C6", "notes": "Gnosis USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0xDDAfbb505ad214D7b80b1f830fcCc89B60fb7A83", "notes": "Gnosis USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 43114, + "notes": "ALL Mainnet ↔ Avalanche C-Chain", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0x49D5c2BdFfac6CE2BFdB6640F4F80f226bc10bAB", "notes": "Avalanche WETH.e" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0x9702230A8Ea53601f5cD2dc00fDBc13d4dF4A8c7", "notes": "Avalanche USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0xB97EF9Ef8734C71904D8002F8b6Bc66Dd9c48a6E", "notes": "Avalanche USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 8453, + "notes": "ALL Mainnet ↔ Base", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0x4200000000000000000000000000000000000006", "notes": "Base WETH" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2", "notes": "Base USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913", "notes": "Base USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 42161, + "notes": "ALL Mainnet ↔ Arbitrum One", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0x82aF49447D8a07e3bd95BD0d56f35241523fBab1", "notes": "Arbitrum WETH" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0xFd086bC7CD5C481DCC9C85ebE478A1C0b69FCbb9", "notes": "Arbitrum USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0xaf88d065e77c8cC2239327C5EDb3A432268e5831", "notes": "Arbitrum USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 10, + "notes": "ALL Mainnet ↔ Optimism", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0x4200000000000000000000000000000000000006", "notes": "Optimism WETH" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0x94b008aA00579c1307B0EF2c499aD98a8ce58e58", "notes": "Optimism USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0x0b2C639c533813f4Aa9D7837CAf62653d097Ff85", "notes": "Optimism USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 25, + "notes": "ALL Mainnet ↔ Cronos", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0xe44Fd7fCb2b1581822D0c862B68222998a0c299a", "notes": "Cronos WETH" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0x66e4286603D22FF153A6547700f37C7Eae42F8E2", "notes": "Cronos USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0xc21223249CA28397B4B6541dfFaEcC539BfF0c59", "notes": "Cronos USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 42220, + "notes": "ALL Mainnet ↔ Celo", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0xD221812de1BD094f35587EE8E174B07B6167D9Af", "notes": "Celo WETH" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0x48065fbBE25f71C9282ddf5e1cD6D6A887483D5e", "notes": "Celo USDT" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0xcebA9300f2b948710d2653dD7B07f33A8B32118C", "notes": "Celo USDC" } + ] + }, + { + "fromChainId": 651940, + "toChainId": 1111, + "notes": "ALL Mainnet ↔ Wemix. Addresses from scan.wemix.com (2026-02-16). Operator: verify on scan.wemix.com before production – see docs/07-ccip/WEMIX_TOKEN_VERIFICATION.md.", + "tokens": [ + { "key": "WETH", "name": "Wrapped Ether", "addressFrom": "0x798F6762BB40d6801A593459d08F890603D3979C", "addressTo": "0x5adcb99e7ccd357aceaade7abc5dfbd6f2fce1ae", "notes": "Wemix WETH – https://scan.wemix.com/token/0x5adcb99e7ccd357aceaade7abc5dfbd6f2fce1ae" }, + { "key": "AUSDT", "name": "USDT", "addressFrom": "0x015B1897Ed5279930bC2Be46F661894d219292A6", "addressTo": "0xA649325Aa7C5093d12D6F98EB4378deAe68CE23F", "notes": "Wemix USDT – https://scan.wemix.com/address/0xA649325Aa7C5093d12D6F98EB4378deAe68CE23F (verify official Tether deployment)" }, + { "key": "AUSDC", "name": "USDC", "addressFrom": "0xa95EeD79f84E6A0151eaEb9d441F9Ffd50e8e881", "addressTo": "0xE3F5a90F9cb311505cd691a46596599aA1A0AD7D", "notes": "Wemix USDC – https://scan.wemix.com/address/0xE3F5a90F9cb311505cd691a46596599aA1A0AD7D (scan shows USD Coin; verify official Circle/bridged)" } + ] + } + ] +} diff --git a/config/token-mapping.json b/config/token-mapping.json new file mode 100644 index 0000000..0239249 --- /dev/null +++ b/config/token-mapping.json @@ -0,0 +1,64 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "description": "Cross-chain token mapping: Chain 138 ↔ Ethereum Mainnet. Single source of truth for relay tokenMapping and docs. No secrets.", + "version": "1.0.0", + "updated": "2026-02-16", + "relayBridgeMainnet": "0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939", + "relayBridgeNote": "CCIPRelayBridge on Mainnet is WETH9-only; it has no token registry. Only tokens listed with relaySupported true can be delivered 138→Mainnet via the current relay.", + "tokens": [ + { + "key": "WETH9", + "name": "Wrapped Ether (WETH9)", + "chain138Address": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "mainnetAddress": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "relaySupported": true, + "notes": "Canonical WETH9; same address on both chains. Only token the Mainnet CCIPRelayBridge accepts." + }, + { + "key": "LINK_Token", + "name": "Chainlink (LINK)", + "chain138Address": "0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03", + "mainnetAddress": "0x514910771AF9Ca656af840dff83E8264EcF986CA", + "relaySupported": false, + "notes": "Canonical Mainnet LINK. Relay bridge does not accept LINK; add LINK support to bridge or a separate receiver to enable." + }, + { + "key": "WETH10", + "name": "Wrapped Ether v10 (WETH10)", + "chain138Address": "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f", + "mainnetAddress": null, + "relaySupported": false, + "notes": "Chain 138 only. No Mainnet wrapped/mirrored contract; bridge has no mapping for this token." + }, + { + "key": "Compliant_USDT", + "name": "Compliant USDT (cUSDT)", + "chain138Address": "0x93E66202A11B1772E55407B32B44e5Cd8eda7f22", + "mainnetAddress": null, + "relaySupported": false, + "notes": "Chain 138 compliant stablecoin. Mainnet canonical USDT is different (Tether); no bridge-wrapped address in current design." + }, + { + "key": "Compliant_USDC", + "name": "Compliant USDC (cUSDC)", + "chain138Address": "0xf22258f57794CC8E06237084b353Ab30fFfa640b", + "mainnetAddress": null, + "relaySupported": false, + "notes": "Chain 138 compliant stablecoin. Mainnet canonical USDC is different (Circle); no bridge-wrapped address in current design." + }, + { + "key": "Tether_USDT_Chain138", + "name": "Tether USDT (Chain 138)", + "chain138Address": "0x15DF1D5BFDD8Aa4b380445D4e3E9B38d34283619", + "mainnetAddress": null, + "relaySupported": false, + "notes": "Chain 138 Tether deployment. Mainnet canonical USDT: 0xdAC17F958D2ee523a2206206994597C13D831ec7; no bridge-wrapped address in current design." + } + ], + "mainnetCanonicalReference": { + "USDT": "0xdAC17F958D2ee523a2206206994597C13D831ec7", + "USDC": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48", + "WETH9": "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2", + "LINK": "0x514910771AF9Ca656af840dff83E8264EcF986CA" + } +} diff --git a/docs/00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md b/docs/00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md new file mode 100644 index 0000000..3d6c9de --- /dev/null +++ b/docs/00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md @@ -0,0 +1,174 @@ +# 502 Deep Dive: Root Causes and Fixes + +**Last updated:** 2026-02-14 + +This document maps each E2E 502 to its backend, root cause, and fix. Use from **LAN** with SSH to Proxmox. + +## Full maintenance (all RPC + 502 in one run) + +From project root on **LAN** (SSH to r630-01, ml110, r630-02): + +```bash +./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e +``` + +This runs in order: (0) make RPC VMIDs 2101, 2500–2505 writable (e2fsck); (1) resolve-and-fix (Dev VM IP, start containers, DBIS); (2) fix 2101 JNA reinstall; (3) install Besu on missing nodes (2500–2505, 1505–1508); (4) address-all-502s (backends + NPM + RPC diagnostics); (5) E2E verification. Use `--verbose` to see all step output; `STEP2_TIMEOUT=0` to disable step-2 timeout. See [MAINTENANCE_SCRIPTS_REVIEW.md](MAINTENANCE_SCRIPTS_REVIEW.md) and [CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md](../05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md) §9. + +## Backend map (domain → IP:port → VMID, host) + +| Domain(s) | Backend | VMID | Proxmox host | Service to start | +|-----------|---------|------|--------------|-------------------| +| dbis-admin.d-bis.org, secure.d-bis.org | 192.168.11.130:80 | 10130 | r630-01 (192.168.11.11) | nginx | +| dbis-api.d-bis.org, dbis-api-2.d-bis.org | 192.168.11.155:3000, .156:3000 | 10150, 10151 | r630-01 | node | +| rpc-http-prv.d-bis.org, rpc-ws-prv.d-bis.org | 192.168.11.211:8545/8546 | 2101 | r630-01 | besu | +| www.mim4u.org | 192.168.11.37:80 | 7810 | r630-02 (192.168.11.12) | nginx | +| rpc-alltra*.d-bis.org (3) | 192.168.11.172/173/174:8545 | 2500, 2501, 2502 | r630-01 | besu | +| rpc-hybx*.d-bis.org (3) | 192.168.11.246/247/248:8545 | 2503, 2504, 2505 | r630-01 or ml110 | besu | +| cacti-1 (if proxied) | 192.168.11.80:80 | 5200 | r630-02 | nginx/apache2 | +| cacti-alltra.d-bis.org | 192.168.11.177:80 | 5201 | r630-02 | nginx/apache2 | +| cacti-hybx.d-bis.org | 192.168.11.251:80 | 5202 | r630-02 | nginx/apache2 | + +## One-command: address all remaining 502s + +From a host on the **LAN** (can reach NPMplus and Proxmox): + +```bash +# Full flow: backends + NPMplus proxy update (if NPM_PASSWORD set) + RPC diagnostics +./scripts/maintenance/address-all-remaining-502s.sh + +# Skip NPMplus update (e.g. no .env yet) +./scripts/maintenance/address-all-remaining-502s.sh --no-npm + +# Also run Besu mass-fix (config + restart) and E2E at the end +./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e +``` + +This runs in order: (1) `fix-all-502s-comprehensive.sh`, (2) NPMplus proxy update when `NPM_PASSWORD` is set, (3) `diagnose-rpc-502s.sh` (saves report under `docs/04-configuration/verification-evidence/`), (4) optional `fix-all-besu-nodes.sh`, (5) optional E2E. + +## Per-step diagnose and fix + +From a host that can SSH to Proxmox (r630-01, r630-02, ml110): + +```bash +# Comprehensive fix (DBIS 10130 Python, dbis-api, 2101, 2500-2505 Besu, Cacti Python) +./scripts/maintenance/fix-all-502s-comprehensive.sh + +# RPC diagnostics only (2101, 2500-2505): ss -tlnp + journalctl, to file +./scripts/maintenance/diagnose-rpc-502s.sh | tee docs/04-configuration/verification-evidence/rpc-502-diagnostics.txt + +# Diagnose only (no starts) +./scripts/maintenance/diagnose-and-fix-502s-via-ssh.sh --diagnose-only + +# Apply fixes per-backend (start containers + nginx/node/besu) +./scripts/maintenance/diagnose-and-fix-502s-via-ssh.sh +``` + +The comprehensive fix script will: + +- For each backend: SSH to the host, check `pct status `, start container if stopped. +- If container is running: curl from host to backend IP:port; if 000/fail, run `systemctl start nginx` / `node` / `besu` as appropriate and show in-CT `ss -tlnp`. +- HYBX (2503–2505): if ML110 has no such VMID, try r630-01. +- Cacti: VMID 5200 (cacti-1), 5201 (cacti-alltra), 5202 (cacti-hybx) on r630-02 (migrated 2026-02-15). + +## Root cause summary (typical) + +| 502 | Typical cause | Fix | +|-----|----------------|-----| +| dbis-admin, secure | Container 10130 stopped or nginx not running | `pct start 10130` on r630-01; inside CT: `systemctl start nginx` | +| dbis-api, dbis-api-2 | Containers 10150/10151 stopped or Node app not running | `pct start` on r630-01; inside CT: `systemctl start node` | +| rpc-http-prv | Container 2101 stopped or Besu not listening on 8545 | `pct start 2101`; inside CT: `systemctl start besu` (allow 30–60s) | +| rpc-alltra*, rpc-hybx* | Containers 2500–2505 stopped or Besu not running | Same: `pct start `; inside CT: `systemctl start besu` | +| cacti-alltra, cacti-hybx, cacti-1 | 5200/5201/5202 stopped or web server not running | On r630-02: `pct start 5200/5201/5202`; inside CT: `systemctl start nginx` or `apache2` | + +### VMID 2400 (ThirdWeb RPC primary, 192.168.11.240) + +**Host:** ml110 (192.168.11.10). Service: `besu-rpc` (config: `/etc/besu/config-rpc-thirdweb.toml`). Nginx on 443/80. + +**Intermittent RPC timeouts:** If `eth_chainId` to :8545 sometimes fails, Besu may be hitting Vert.x **BlockedThreadChecker** (worker thread blocked >60s during heavy ops). **Fix applied:** In `/etc/systemd/system/besu-rpc.service`, `BESU_OPTS` was extended with `-Dvertx.options.blockedThreadCheckInterval=120000` (120s) so occasional slow operations (e.g. trace, compaction) don’t trigger warnings as quickly. Restart: `pct exec 2400 -- systemctl restart besu-rpc.service`. After a restart, Besu may run **RocksDB compaction** before binding 8545; allow 5–15 minutes then re-check RPC. Config already has `host-allowlist=["*"]`. If the node is down, check: `pct exec 2400 -- journalctl -u besu-rpc -n 30` (look for "Compacting database" or "JSON-RPC service started"). + +## If 502 persists after running the script + +1. **Backends verified in-container but public still 502 (dbis-admin, secure, dbis-api, dbis-api-2):** + The origin (76.53.10.36) routes by hostname. Refresh NPMplus proxy targets from LAN so the proxy forwards to 130:80 and 155/156:3000: + `NPM_PASSWORD=xxx ./scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` + Then purge Cloudflare cache for those hostnames if needed. + +2. **From the Proxmox host** (e.g. SSH to 192.168.11.11): + - `pct exec -- ss -tlnp` — see what is listening. + - `pct exec -- systemctl status nginx` (or `node`, `besu`) — check unit name and errors. + +3. **NPMplus** must be able to reach the backend IP. From the NPMplus host: `curl -s -o /dev/null -w '%{http_code}' http://:/`. + +4. **RPC (2101, 2500–2505):** If Besu still does not respond after 90s: + - Run `./scripts/maintenance/diagnose-rpc-502s.sh` and check the report (or `pct exec -- ss -tlnp` and `journalctl -u besu-rpc` / `besu`). + - Fix config/nodekey/genesis per journal errors. + - Run `./scripts/besu/fix-all-besu-nodes.sh` from project root (optionally `--no-restart` first to only fix configs), or use `./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix`. + +**Known infrastructure causes and fixes:** +- **2101:** If journal shows `NoClassDefFoundError: com.sun.jna.Native` or "JNA/Udev" or "Read-only file system" for JNA/libjnidispatch, run from project root (LAN): + `./scripts/maintenance/fix-rpc-2101-jna-reinstall.sh` — reinstalls Besu and sets JNA to use `/data/besu/tmp`. If the script exits with "Container … /tmp is not writable", make the CT writable (see **Read-only CT** below) then re-run. + The fix script also sets **p2p-host** in `/etc/besu/config-rpc.toml` to **192.168.11.211** (RPC_CORE_1). If 2101 had `p2p-host="192.168.11.250"` (RPC_ALLTRA_1), other nodes would see the wrong advertised address; correct node lists are in repo `config/besu-node-lists/static-nodes.json` and `permissions-nodes.toml` (2101 = .211). +- **2500–2505:** If journal shows "Failed to locate executable /opt/besu/bin/besu", install Besu in each CT: + `./scripts/besu/install-besu-permanent-on-missing-nodes.sh` — installs Besu (23.10.3) in 1505–1508 and 2500–2505 where missing, deploys config/genesis/node lists, enables and starts the service. Allow ~5–10 minutes per node. Use `--dry-run` to see which VMIDs would be updated. If install fails with "Read-only file system", make the CT writable first. + +### VMID 2101: checklist of causes + +When 2101 (Core RPC at 192.168.11.211) is down or crash-looping, check in order: + +| Cause | What to check | Fix | +|-------|----------------|-----| +| **Read-only root (emergency_ro)** | `pct exec 2101 -- mount \| grep 'on / '` — if `ro` or `emergency_ro`, root is read-only (e.g. after ext4 errors). | Run `./scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh` (stops 2101, e2fsck on host, starts CT). Or on host: stop 2101, `e2fsck -f -y /dev/pve/vm-2101-disk-0`, start 2101. | +| **Wrong p2p-host** | `pct exec 2101 -- grep p2p-host /etc/besu/config-rpc.toml` — must be `192.168.11.211` (not .250). | Run `./scripts/maintenance/fix-rpc-2101-jna-reinstall.sh` (it sets p2p-host to RPC_CORE_1). Or manually: `sed -i 's|p2p-host=.*|p2p-host="192.168.11.211"|' /etc/besu/config-rpc.toml` in CT. | +| **Static / permissioned node lists** | In CT: `/etc/besu/static-nodes.json` and `/etc/besu/permissions-nodes.toml` should list 2101 as `...@192.168.11.211:30303`. Repo: `config/besu-node-lists/`. | Deploy from repo: the fix script copies `static-nodes.json` and `permissions-nodes.toml` when present. Or run `./scripts/deploy-besu-node-lists-to-all.sh`. | +| **No space / RocksDB compaction** | Journal: "No space left on device" during "Compacting database". Host thin pool: `lvs` on r630-01. | Free thin pool (see **LVM thin pool full** below). If root was emergency_ro, fix that first; then restart `besu-rpc`. Optionally start with fresh `/data/besu` to resync. | +| **JNA / Besu binary** | Journal: `NoClassDefFoundError: com.sun.jna.Native` or missing `/opt/besu/bin/besu`. | Run `./scripts/maintenance/fix-rpc-2101-jna-reinstall.sh` (reinstalls Besu in CT). | + +After any fix: `pct exec 2101 -- systemctl restart besu-rpc` then wait ~60s and `curl -s -X POST -H 'Content-Type: application/json' -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' http://192.168.11.211:8545/`. + +### Read-only CT (2101, 2500–2505) + +If fix or install scripts fail with **"Read-only file system"** (e.g. when creating files in `/root`, `/tmp`, or `/opt`), the container’s root (or key mounts) are read-only. Besu/JNA also needs a writable `java.io.tmpdir` (e.g. `/data/besu/tmp`); the install and fix scripts set that when they can write to the CT. + +**Make all RPC VMIDs writable in one go (from project root, LAN):** +`./scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh` — SSHs to r630-01 and for each of 2101, 2500–2505 runs: stop CT, e2fsck -f -y on rootfs LV, start CT. Then re-run the fix or install script. The full maintenance runner (`run-all-maintenance-via-proxmox-ssh.sh`) runs this step first automatically. + +**Make a single CT writable (from the Proxmox host):** + +1. **Check mount:** `pct exec -- mount | grep 'on / '` — if you see `ro,` then root is mounted read-only. +2. **Remount from inside (if allowed):** `pct exec -- mount -o remount,rw /` + If that fails (e.g. "Operation not permitted"), the CT may be running with a read-only rootfs by design. +3. **From the host:** Inspect the CT config: `pct config `. If `rootfs` has an option making it read-only, remove or change it (Proxmox UI: CT → Hardware → Root disk; or `pct set --rootfs :` to recreate only if you have a backup). +4. **Alternative:** Ensure at least `/tmp` and `/opt` are writable (e.g. bind-mount writable storage or tmpfs for `/tmp`). Then re-run the fix/install script. + +After the CT is writable, run `./scripts/maintenance/fix-rpc-2101-jna-reinstall.sh` (2101) or `./scripts/besu/install-besu-permanent-on-missing-nodes.sh` (2500–2505) again. + +### LVM thin pool full (2101 / 2500–2505 "No space left on device") + +If Besu fails with **"No space left on device"** on `/data/besu/database/*.dbtmp` while `df` inside the CT shows free space, the **host** LVM thin pool is full. The CT’s disk is thin-provisioned; writes fail when the pool has no free space. + +**Check on the Proxmox host (e.g. r630-01):** +```bash +lvs -o lv_name,data_percent,metadata_percent # data at 100% = pool full +``` + +**Fix:** Free space in the thin pool on that host: +- Remove or shrink unused CT/VM disks, or move VMs to another storage. +- Optionally expand the thin pool (add PV or resize). +- After freeing space, restart the affected service: `pct exec -- systemctl restart besu-rpc` (or `besu`). + +Until the pool has free space, Besu on 2101 (and any other CT on that host that does large writes) will keep failing with "No space left on device". + +**2026-02-15 actions on r630-01:** Ran `fstrim` in all running CTs (pool 100% → 98.33%). Destroyed six **stopped** CTs to free thin pool space: **106, 107, 108, 10000, 10001, 10020** (purge). Migrated **5200–5202, 6000–6002, 6400–6402, 5700** to r630-02. Pool **74.48%**. If 2101 still crash-loops during RocksDB compaction, retry `systemctl restart besu-rpc` or start Besu with a fresh `/data/besu` (resync). See [MIGRATE_CT_R630_01_TO_R630_02.md](../03-deployment/MIGRATE_CT_R630_01_TO_R630_02.md). + +## Re-run E2E after fixes + +```bash +./scripts/verify/verify-end-to-end-routing.sh +``` + +Report: `docs/04-configuration/verification-evidence/e2e-verification-/verification_report.md`. + +To allow exit 0 when only 502s remain (e.g. CI): +`E2E_ACCEPT_502_INTERNAL=1 ./scripts/verify/verify-end-to-end-routing.sh` + +**See also:** [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md) §3 (LAN steps), [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) §3 (fix 502s), [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md) (quick commands). diff --git a/docs/00-meta/ALL_TASKS_DETAILED_STEPS.md b/docs/00-meta/ALL_TASKS_DETAILED_STEPS.md index 6a9e954..e9b569d 100644 --- a/docs/00-meta/ALL_TASKS_DETAILED_STEPS.md +++ b/docs/00-meta/ALL_TASKS_DETAILED_STEPS.md @@ -149,12 +149,12 @@ ### O-3: On-chain contract check (Chain 138) -**Blocker:** RPC reachable (e.g. VMID 2101: `http://192.168.11.211:8545` or `https://rpc-core.d-bis.org`). +**Blocker:** RPC reachable — set `RPC_URL_138` (e.g. `http://192.168.11.211:8545` or `https://rpc-core.d-bis.org`). **Steps:** -1. From repo root: `./scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545` -2. Or with default RPC: `./scripts/verify/check-contracts-on-chain-138.sh` +1. From repo root: `./scripts/verify/check-contracts-on-chain-138.sh` (uses `RPC_URL_138`) +2. Or pass URL: `./scripts/verify/check-contracts-on-chain-138.sh $RPC_URL_138` 3. Fix any MISS: deploy or correct address in docs/.env. **Ref:** CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md § Part 2. @@ -374,7 +374,7 @@ **Steps:** 1. From `smom-dbis-138/`: `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast`. -2. See [SMART_ACCOUNTS_DEPLOYMENT_NOTE](../../smom-dbis-138/metamask-integration/docs/SMART_ACCOUNTS_DEPLOYMENT_NOTE.md). +2. See [SMART_ACCOUNTS_DEPLOYMENT_NOTE](../../metamask-integration/docs/SMART_ACCOUNTS_DEPLOYMENT_NOTE.md). **Ref:** TODO_TASK_LIST_MASTER §2. @@ -412,7 +412,7 @@ - **W1-3, W1-4:** smom security audits (VLT-024, ISO-024); bridge integrations (BRG-VLT, BRG-ISO) — smom backlog. - **W1-14:** dbis_core ~1186 TypeScript errors — fix by module; `npx prisma generate`; explicit types. - **W1-15–W1-17:** smom placeholders (canonical env-only, AlltraAdapter fee, smart accounts, quote Fabric 999, .bak deprecation) — see PLACEHOLDERS_AND_*. -- **Improvements 1–139:** [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) by cohort. +- **Improvements 1–139:** [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) by cohort. --- diff --git a/docs/00-meta/ARCHIVE_CANDIDATES.md b/docs/00-meta/ARCHIVE_CANDIDATES.md index 4ddf14a..8539915 100644 --- a/docs/00-meta/ARCHIVE_CANDIDATES.md +++ b/docs/00-meta/ARCHIVE_CANDIDATES.md @@ -1,6 +1,7 @@ # Documentation Archive Candidates **Last Updated:** 2026-02-08 +**Last reviewed:** 2026-02-20 **Purpose:** List of docs/folders that may be archived to reduce clutter. Review before moving. **Use:** Run in full parallel with other Wave 1 doc tasks. See [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md). @@ -39,3 +40,7 @@ **Last consolidation run:** 2026-02-05. Moved 32 files from `docs/00-meta/` to `docs/archive/00-meta-status/`. See `docs/archive/00-meta-status/` for the list. **2026-02-08 prune/archive:** Superseded 05-network docs → `archive/05-network-superseded/` (stubs in 05-network). **Batch 1:** 10 redundant 00-meta docs → `archive/00-meta-pruned/`. **Batch 2:** 17 planning/script/audit docs (DEPLOYMENT_MASTER_DOC_PLAN, script reduction/audit set, migration/framework set, BREAKING_CHANGES, TODOS_COMPLETION_SUMMARY, etc.) → `archive/00-meta-pruned/`. See `archive/00-meta-pruned/README.md` and `archive/05-network-superseded/README.md`. + +**2026-02-16:** **Batch 3:** 3 Blitzkrieg dated exports (Blitzkrieg_Super_Pro_Max_Plan_2026-02-13.md, .txt, .json) → `archive/00-meta-pruned/`. Canonical plan remains `00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md`. **Note:** `DOCUMENTATION_FIXES_COMPLETE.md` does not exist; completed fixes are in [DOCUMENTATION_FIX_TASK_LIST.md](DOCUMENTATION_FIX_TASK_LIST.md). + +**2026-02-20:** **Batch 4:** 12 one-off/dated docs from 00-meta → `archive/00-meta-pruned/`: COMPLETION_STATUS_20260215, MASTER_DOCUMENTATION_REVIEW_20260205, DOCUMENTATION_REVIEW_20260216, DOCUMENTATION_REVIEW_CONTINUED_20260216, COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31, DOCUMENTATION_UPGRADE_SUMMARY, DOCUMENTATION_REVIEW, DOCUMENTATION_METRICS, DOCUMENTATION_RELATIONSHIP_MAP (duplicate of DOCUMENT_RELATIONSHIP_MAP), JNA_WHY_NOT_WORKING_REVIEW, VMID_2101_CHANGES_AND_FAILURES, COMPREHENSIVE_PROJECT_REVIEW. **Batch 5:** CONTINUE_AND_COMPLETE, FULL_PARALLEL_RUN_LOG → 00-meta-pruned. **Root cleanup:** ALL_TASKS_COMPLETE → archive/root-status-reports; 40+ root status/temp files + screenshots → [archive/root-cleanup-20260220/](../archive/root-cleanup-20260220/README.md). fix-wsl-ip.sh → scripts/. **Added:** DOCUMENTATION_CONSOLIDATION_PLAN, NEXT_STEPS_INDEX. See archive/00-meta-pruned/README.md Batches 4–5. diff --git a/docs/00-meta/BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md b/docs/00-meta/BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md new file mode 100644 index 0000000..bb4ad68 --- /dev/null +++ b/docs/00-meta/BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md @@ -0,0 +1,53 @@ +# Blitzkrieg — Source Document Index (Where to Update When Completed) + +**Purpose:** When you complete a task or close a gap from the [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) or the Blitzkrieg Execution Plan, update the corresponding source doc below so the repo stays in sync. This file is the single checklist for "where to update when completed." + +**Related:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) | [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) | [MASTER_PLAN](MASTER_PLAN.md) §8 + +--- + +## Index: Document → Path → When to update + +| Document | Path | When to update | +|----------|------|-----------------| +| REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS | [docs/00-meta/REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) | Mark tasks/recommendations done; Part 1–4 | +| NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS | [docs/00-meta/NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md) | Mark section steps done | +| GAPS_AND_RECOMMENDATIONS_CONSOLIDATED | [docs/GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) | Close security/config/code gaps | +| PLACEHOLDERS_AND_COMPLETION_MASTER_LIST | [docs/00-meta/PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) | Mark placeholder completed; §13 "Where to update" | +| CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE | [docs/11-references/CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md](../11-references/CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md) | Operator/pending status | +| TEZOS_CCIP_REMAINING_ITEMS | [docs/07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md](../07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md) | External/contracts/off-chain/routing/DON/monitoring/testing | +| REQUIRED_FIXES_UPDATES_GAPS | [docs/REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md) | Build/canonical/placeholders/docs/tests | +| ALL_REQUIREMENTS | [docs/00-meta/ALL_REQUIREMENTS.md](ALL_REQUIREMENTS.md) | Foundation, security, deployment blocks | +| CONTRACT_ADDRESSES_REFERENCE | [docs/11-references/CONTRACT_ADDRESSES_REFERENCE.md](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) | New/deprecated addresses; canonical source | +| CONTRACT_INVENTORY_AND_VERIFICATION | [docs/11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md) | Deployed/verified status | +| BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN | [docs/00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) | §2 three-column table; §3 numbered trail; §5 phase/category | +| MASTER_PLAN / MASTER_INDEX | [docs/00-meta/MASTER_PLAN.md](MASTER_PLAN.md), [docs/MASTER_INDEX.md](../MASTER_INDEX.md) | Link to Blitzkrieg; §8 file summary | +| STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS | [docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) | When LAN/Proxmox steps change | +| OPERATOR_OPTIONAL_CHECKLIST | [docs/11-references/OPERATOR_OPTIONAL_CHECKLIST.md](../11-references/OPERATOR_OPTIONAL_CHECKLIST.md) | Blockscout, trustless, mainnet, CREATE2, Vault, Dodo, etc. | +| PLACEHOLDERS_AND_TBD | [docs/00-meta/PLACEHOLDERS_AND_TBD.md](../PLACEHOLDERS_AND_TBD.md) | AlltraAdapter fee; other TBDs | +| TOKEN_MAPPING_AND_MAINNET_ADDRESSES | [docs/07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md) | Token mapping (138↔Mainnet); relay-supported tokens; when adding tokens update this and config/token-mapping.json | +| REMAINING_WORK_BREAKDOWN_AND_ANSWERS | [docs/00-meta/REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md](REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md) | Per-item breakdown: prerequisites, owner, steps to complete, where to update; add "Done [date]" when item completed | +| token-mapping.json | [config/token-mapping.json](../../config/token-mapping.json) | Single source of truth for Chain 138↔Mainnet token addresses; add/update entries when adding tokens or enabling relay for LINK | + +--- + +## Key operator commands (Blitzkrieg steps) + +| Step | Action | Command | +|------|--------|---------| +| 0 | Config validation | `./scripts/validation/validate-config-files.sh` | +| 0 / 16 | Completable from anywhere (all 4 steps) | `./scripts/run-completable-tasks-from-anywhere.sh` [`--dry-run`] | +| 11 | On-chain check (Chain 138, 36 addresses) | `./scripts/verify/check-contracts-on-chain-138.sh` (uses `RPC_URL_138`; optional arg overrides) | +| 11 | Blockscout source verification | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | + +Full command list: [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) Part 3. + +--- + +## Quick reference + +- **Tasks 1–30 / R1–R24:** Update [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md). +- **Code placeholders (AlltraAdapter, Smart accounts, TezosRelay, etc.):** Update [NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md) and [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md). +- **New contract / address:** Update [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [CONTRACT_INVENTORY_AND_VERIFICATION](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md). +- **New token or bridge in the march:** Update [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) §2 (three-column table) and §3 (numbered trail). +- **New token (Chain 138 or bridged):** Update [config/token-mapping.json](../../config/token-mapping.json) and optionally [TOKEN_MAPPING_AND_MAINNET_ADDRESSES](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md), [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md). diff --git a/docs/00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md b/docs/00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md new file mode 100644 index 0000000..92a1c7f --- /dev/null +++ b/docs/00-meta/BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md @@ -0,0 +1,531 @@ + + +# Blitzkrieg Ultra Uber Max Pro Master Plan — Marching Ants + +## 1. Title and Purpose + +**Blitzkrieg Ultra Uber Max Pro Master Plan — Marching Ants** + +This document is the single, authoritative execution spine for the full unified rollout of Chain 138 + Alltra + GRU + ISO-4217 eMoney + W-Tokens + Bridges + Consumers. It expresses the entire system as a strict single-path, sequential "marching ants" progression while integrating and mapping every existing recommendation (R1–R23 and all supplemental items) without duplicating large source tables. + +It is the operational command document for coordinated token authority, list emission, bridge activation, wallet exposure, monitoring, automation, security hardening, and optional Tezos/Etherlink expansion. + +--- + +# 2. Marching Ants — Three-Column Deterministic Flow + +Each row is a deterministic forward step. No branching. Optional expansions are explicitly marked. + +| Step | Tokens and Lists (What Marches) | Bridges and Protocols (How It Marches) | Networks (Where It Marches) | +|------|----------------------------------|------------------------------------------|------------------------------| +| 0 | Environment freeze + canonical authority declared | — | 138, 651940 | +| 1 | Canonical token registry locked (`canonical-tokens.ts`) | — | Global source | +| 2 | Deterministic emit: `dbis-138.tokenlist.json` | — | 138 | +| 3 | Deterministic emit: `all-mainnet.tokenlist.json` | — | 651940 | +| 4 | GRU M1 validation (cUSDC, cUSDT) | BridgeVault wiring | 1, 137, 56, 138 | +| 5 | GRU M1 CCIP enablement | CCIP routes validated | 1 ↔ 138, 137 ↔ 138 | +| 6 | ISO-4217 eMoney (all c*, w*) canonical inclusion | CCIP propagation | 138 ↔ 1, 10, 137, 56 | +| 7 | W-Tokens (USDW, ac*, vdc*, sdc*) canonical inclusion | AlltraAdapter mapping | 138, 651940 | +| 8 | Canonical → dual list sync enforcement | Schema + lint validation | All listed chains | +| 9 | Token Aggregation API deployment | Versioned endpoint | All consumers | +| 10 | Wallet ingestion (MetaMask, Ledger, Trust) | LiFi, Stargate, Hop routing | All supported | +| 11 | Explorer verification (Blockscout + contract verify) | On-chain bytecode match | All deployed chains | +| 12 | Bridge coverage hardening | CCIP + BridgeVault + AlltraAdapter full sync | 138 ↔ configured chains | +| 13 | CI/CD enforcement (lint, diff, schema) | Automated build + alerting | Repo-wide | +| 14 | Monitoring + alerting activation | Bridge events + registry drift | Production | +| 15 | Security hardening pass | Secrets vault + deprecated bridge removal | All environments | +| 16 | Dry-run full march (gas + nonce discipline) | Deterministic execution test | All live targets | +| 17 (Optional) | Tezos / Etherlink token list | Relay + DON alignment | 138, 42793, Tezos L1 | +| 18 (Optional) | DODO / EnhancedSwapRouter enablement | PMM + liquidity sync | 138 ecosystem | + +References: +- `../../token-lists/lists/dbis-138.tokenlist.json` +- `../../token-lists/lists/all-mainnet.tokenlist.json` +- `../../smom-dbis-138/services/token-aggregation/src/config/canonical-tokens.ts` +- `../11-references/CHAINS_AND_PROTOCOLS_BRIDGE_INTEGRATION.md` + +--- + +# 3. Ultra Uber Max Pro — Single-Path Execution Trail + +1. Freeze environment variables and registry authority (R1–R3). +2. Establish canonical registry as the only source of truth. +3. Emit 138 token list deterministically. +4. Emit Alltra mainnet list deterministically. +5. Validate GRU M1 contracts on-chain (R8–R11). +6. Wire BridgeVault for GRU routing. +7. Enable CCIP routes for GRU M1. +8. Insert ISO-4217 eMoney tokens into canonical. +9. Insert W-Tokens and confirm AlltraAdapter mapping. +10. Sync canonical → all lists (automated). +11. Deploy Token Aggregation API (versioned endpoint). +12. Integrate wallets + explorers (Part 1 visibility tasks). +13. Verify contracts via Blockscout and inventory registry. +14. Activate monitoring + registry drift alerts (R17–R18). +15. Activate CI/CD automation (R14–R16). +16. Remove deprecated bridges + enforce secrets discipline (R4–R7). +17. Execute full dry-run march (R23 quick win validation). +18. Optional: Deploy Tezos/Etherlink relay + DON monitoring. +19. Optional: Activate DODO PMM / EnhancedSwapRouter. + +No branching logic is permitted in this path. Optional items are activated only after Step 17 validation. + +--- + +# 4. Mermaid — Ultra Uber Max Pro March Flow + +```mermaid +flowchart TB + subgraph Tokens + canonicalTokens["Canonical Tokens"] + list138["138 Token List"] + listAlltra["Alltra Token List"] + gruM1["GRU M1"] + eMoney["ISO 4217 eMoney"] + wTokens["W Tokens"] + end + + subgraph Bridges + bridgeVault["BridgeVault"] + ccip["CCIP"] + alltraAdapter["AlltraAdapter"] + end + + subgraph Consumers + api["Token API"] + wallets["Wallets"] + explorers["Explorers"] + dex["DEX Routing"] + end + + canonicalTokens --> list138 + list138 --> listAlltra + listAlltra --> gruM1 + gruM1 --> eMoney + eMoney --> wTokens + wTokens --> bridgeVault + bridgeVault --> ccip + ccip --> alltraAdapter + alltraAdapter --> api + api --> wallets + api --> explorers + api --> dex +``` + +--- + +# 5. All Recommendations and Suggestions — Fully Mapped + +## 5.1 By Phase + +### Phase 0 — Foundation (Steps 0–2) +- R1–R3: Environment normalization + authority freeze. +- Protection layer and admin gating alignment. +Source: MASTER_PLAN §2; REMAINING_COMPONENTS R1–R3. + +### Phase 1 — Tokens and Lists (Steps 3–9) +- R4–R7: Deprecated bridge removal, secret isolation. +- Canonical enforcement + deterministic list emission. +Source: GAPS_AND_RECOMMENDATIONS; NOT_CHANGED_BY_DESIGN. + +### Phase 2 — Bridges and Networks (Steps 10–14) +- R8–R11: Deployment ordering, gas discipline, nonce integrity. +- CCIP + AlltraAdapter verification. +Source: CONTRACT_NEXT_STEPS; CHAINS_AND_PROTOCOLS_BRIDGE_INTEGRATION. + +### Phase 3 — Automation and Hardening (Steps 15–17) +- R14–R16: CI/CD automation. +- R17–R18: Monitoring + alerting. +- R23: Dry-run and progress dashboard. +Source: REMAINING_COMPONENTS. + +### Phase 4 — Optional Expansion +- Tezos/Etherlink relay + DON (TEZOS_CCIP_REMAINING_ITEMS). +- DODO PMM (DODO_PMM_NEXT_STEPS). + +--- + +## 5.2 By Category + +**Security and Secrets (R4–R7)** +Secrets vaulting, API key rotation, deprecated bridge elimination. +Source: REMAINING_COMPONENTS. + +**Deployment Discipline (R8–R11)** +Gas profiling, nonce order control, deterministic contract sequence. +Source: CONTRACT_NEXT_STEPS. + +**Documentation and Runbooks (R12–R13)** +Token list authoring standards and operator checklists. +Source: TOKEN_LIST_AUTHORING_GUIDE; OPERATOR_OPTIONAL_CHECKLIST. + +**Automation and CI/CD (R14–R16)** +Schema validation, contract diff alerts, lint enforcement. +Source: GAPS_AND_RECOMMENDATIONS. + +**Monitoring and Operations (R17–R18)** +Bridge event alerting and registry drift detection. +Source: REMAINING_COMPONENTS. + +**Testing and Quality (R19–R20)** +Dry-run deployments and cross-chain reconciliation. +Source: NOT_CHANGED_BY_DESIGN. + +**Configuration and DNS (R21–R22)** +Sankofa alignment and configuration blocks 2–6. +Source: ALL_REQUIREMENTS. + +**Quick Wins (R23)** +Dry-run validation and visible progress tracking. +Source: REMAINING_COMPONENTS. + +**Wallet Visibility** +Ledger, Trust, MetaMask, CoinGecko alignment. +Source: REMAINING_COMPONENTS Part 1. + +**Contract Verification** +Blockscout verification + on-chain confirmation. +Source: CONTRACT_INVENTORY_AND_VERIFICATION. + +**Tezos/Etherlink** +Relay, DON, contract verification. +Source: TEZOS_CCIP_REMAINING_ITEMS. + +**Protection Layer and Admin Panels** +Role-based gating and operational dashboards. +Source: MASTER_PLAN §2. + +--- + +# 6. Source Document Index + +**Where to update when completed:** See [BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md) for paths and "when to update" for each source doc below. + +| Document | Contribution | Reference Scope | +|----------|--------------|----------------| +| REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS | R1–R23 master set | Full | +| NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS | Design-stable actions | Full | +| GAPS_AND_RECOMMENDATIONS_CONSOLIDATED | Gap closure | Full | +| PLACEHOLDERS_AND_COMPLETION_MASTER_LIST | Tracking | Full | +| OPERATOR_OPTIONAL_CHECKLIST | Optional execution | Full | +| CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE | Deployment discipline | Full | +| TEZOS_CCIP_REMAINING_ITEMS | Tezos/Etherlink | Full | +| MASTER_PLAN | Structural + protection layer | §2, §8 | +| ALL_REQUIREMENTS | Config + DNS | Blocks 2–6 | +| CHAINS_AND_PROTOCOLS_BRIDGE_INTEGRATION | Bridge matrix | Full | +| CONTRACT_ADDRESSES_REFERENCE | Address registry | Full | +| CONTRACT_INVENTORY_AND_VERIFICATION | Explorer verification | Full | +| TOKEN_LIST_AUTHORING_GUIDE | Token list compliance | Full | +| DODO_PMM_NEXT_STEPS | DEX expansion | smom-dbis-138 | + +--- + +# 7. Success Criteria and Maintenance + +## Success Criteria + +1. Single document = full execution spine. +2. No duplication of 100+ item tables. +3. MASTER_INDEX and MASTER_PLAN link to this file. +4. Deterministic sequential execution preserved. +5. Optional modules isolated from main path. + +## Maintenance Protocol + +When new tokens, bridges, chains, or recommendations are added: +- Update the three-column deterministic table. +- Update the numbered execution trail. +- Map new recommendation IDs in Phase + Category sections. +- Preserve this file as orchestration spine only; detailed tasks remain in source docs. +- **Where to update when completed:** See [BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md) for the full list of source docs and when to update each (REMAINING_COMPONENTS, PLACEHOLDERS, CONTRACT_NEXT_STEPS, etc.). + +**Key operator commands (Steps 0, 11, 16):** Step 0 — `./scripts/validation/validate-config-files.sh`; Step 11 — `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` and `./scripts/verify/check-contracts-on-chain-138.sh [RPC]`; Step 16 — `./scripts/run-completable-tasks-from-anywhere.sh` [`--dry-run`]. See [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) Part 3 for full command list. + +--- + +**Blitzkrieg Ultra Uber Max Pro Master Plan — Marching Ants** +Single Path. Full Coverage. Zero Drift. Deterministic Execution. + +# 8. Supreme Command Tier Escalation — Luftwaffe Doctrine Layer + +This section upgrades the plan from deterministic execution to operational dominance. It introduces deployment matrices, risk scoring, reconciliation doctrine, and war-room command controls. + +--- + +## 8.1 Deterministic Deployment Matrix (Chain-by-Chain Readiness) + +| Chain | Canonical Synced | Token List Emitted | Contracts Verified | Bridge Active | Monitoring Active | Status | +|--------|------------------|-------------------|--------------------|---------------|------------------|--------| +| 138 | Yes | Yes | Yes | Yes | Yes | Production Ready | +| 651940 | Yes | Yes | Pending Verify | Adapter Active | Partial | Staging | +| 1 | Partial | N/A | Verified | CCIP Active | Yes | Live External | +| 137 | Yes | N/A | Verified | CCIP Active | Yes | Live External | +| 56 | Yes | N/A | Verified | CCIP Active | Yes | Live External | +| 10 | Config Ready | N/A | Pending | Planned | No | Config Mode | + +Status values permitted: Config Mode, Staging, Production Ready, Live External. + +This table must be updated whenever: +- A new chain is added +- A bridge route is modified +- A contract is upgraded + +--- + +## 8.2 Risk-Weighted Execution Scoreboard + +Each march step is assigned a risk weight (1–5) and mitigation control. + +| Step | Risk Weight | Risk Type | Mitigation | +|------|------------|----------|------------| +| Canonical Freeze | 5 | Registry Drift | Immutable tagging + CI enforcement | +| List Emission | 4 | Metadata Corruption | Schema validation + hash lock | +| Bridge Activation | 5 | Liquidity / Routing Failure | Dry-run + small-volume test | +| Wallet Exposure | 3 | Visibility Inconsistency | Versioned API | +| Monitoring Activation | 4 | Blindspot Risk | Multi-channel alerts | + +Doctrine: No step proceeds if risk ≥4 without mitigation confirmed. + +--- + +## 8.3 Red / Amber / Green Operational Dashboard + +Operational state must be visible in real time. + +- **Green**: Canonical synced, bridges active, monitoring confirmed. +- **Amber**: Drift detected, contract mismatch, route degraded. +- **Red**: Registry corruption, bridge disabled, verification failure. + +Dashboard Inputs: +- Token registry hash diff +- Bridge event heartbeat +- Contract bytecode checksum +- API response validation + +Source references: REMAINING_COMPONENTS (R17–R18), CONTRACT_INVENTORY_AND_VERIFICATION. + +--- + +## 8.4 Cross-Chain Reconciliation Schema + +Reconciliation must occur at three layers: + +1. Token Metadata Layer + - Symbol, decimals, address, chain ID match canonical. + +2. Liquidity / Routing Layer + - BridgeVault balances vs expected mapping. + - CCIP route confirmation. + +3. Consumer Exposure Layer + - Wallet display accuracy. + - API JSON parity across endpoints. + +Verification cadence: +- Pre-deployment +- Post-deployment +- Scheduled interval (24h production sweep) + +--- + +## 8.5 Production vs Testnet Separation Matrix + +| Layer | Production | Testnet | Enforcement | +|--------|-----------|----------|-------------| +| Canonical Registry | Locked | Mutable | Environment gating | +| Token Lists | Versioned | Dev-tagged | Build pipeline | +| Bridges | Rate-limited | Sandbox | Routing config | +| API | Stable endpoint | Dev endpoint | DNS separation | + +Rule: No testnet address may appear in production token list. + +--- + +## 8.6 Operator War-Room Annex + +This annex defines live execution protocol during deployment. + +### Pre-March Checklist +- Canonical hash frozen +- Gas estimates computed +- Nonce order locked +- Secrets rotated +- Deprecated routes disabled + +### Live March Controls +- Execute in deterministic order only +- Confirm transaction receipt + event log +- Update dashboard state immediately + +### Post-March Verification +- Cross-chain reconciliation sweep +- Registry diff comparison +- Wallet ingestion verification +- Bridge heartbeat check + +### Escalation Protocol +If RED state detected: +1. Halt new deployments +2. Freeze canonical registry +3. Disable affected bridge route +4. Initiate reconciliation + +--- + +## 9. Supreme Command Success Criteria + +1. Deterministic march maintained. +2. Zero registry drift across chains. +3. All bridges monitored with heartbeat. +4. Wallet visibility consistent. +5. Risk score <4 across all active steps. + +--- + +**Blitzkrieg Ultra Uber Max Pro — Supreme Command Tier (Luftwaffe Escalation)** + +Deterministic Spine. +Operational Dominance. +Full Spectrum Chain Control. +Zero Drift Doctrine. + +--- + +# 10. Absolute Air Superiority Tier — Beyond Infinity Doctrine + +This tier moves from operational dominance to autonomous sovereignty-grade resilience. The system becomes self-monitoring, self-defending, self-validating, and cryptographically anchored. + +--- + +## 10.1 Autonomous Sentinel Layer (Self-Protecting Infrastructure) + +Deploy a Sentinel control layer with the following properties: + +- Continuous canonical hash monitoring +- Automatic bridge circuit pause on drift detection +- Contract bytecode mismatch auto-flag +- Registry tamper detection + +Sentinel Modes: +- Observe Mode (logs only) +- Guard Mode (alerts + throttle) +- Sovereign Mode (auto-pause + isolate route) + +No manual intervention required for first-layer containment. + +--- + +## 10.2 Cryptographic Canonical Anchoring + +Every canonical registry hash must be: + +1. SHA-256 hashed +2. Anchored on-chain (Chain 138 primary) +3. Cross-anchored on secondary chain (optional redundancy) +4. Timestamp notarized + +Rule: +No token list emission proceeds without canonical hash anchor confirmation. + +--- + +## 10.3 Bridge Circuit Breaker Specification + +Define deterministic circuit breaker thresholds: + +- Liquidity deviation >5% +- Event heartbeat gap >2 blocks +- Unexpected token mint/burn event + +Circuit Breaker Actions: +1. Freeze affected route +2. Log anomaly +3. Trigger Sentinel escalation +4. Require manual override for restart + +This ensures systemic shock containment. + +--- + +## 10.4 Liquidity Shock Stress Testing Model + +Before production activation: + +- Simulate 2x expected daily bridge volume +- Simulate sudden 30% liquidity withdrawal +- Simulate routing interruption on one connected chain + +Success Conditions: +- No registry corruption +- No inconsistent supply accounting +- All Sentinel triggers behave deterministically + +--- + +## 10.5 Time-to-Containment Incident Model + +Maximum containment targets: + +- Drift detection: < 30 seconds +- Bridge isolation: < 2 minutes +- Canonical freeze: < 1 minute +- Full reconciliation sweep: < 15 minutes + +All monitoring systems must report timestamps for compliance review. + +--- + +## 10.6 Formal Verification Roadmap + +Priority contracts for formal verification: + +- BridgeVault +- AlltraAdapter +- GRU M1 mint/burn logic +- Canonical registry contract (if on-chain anchoring used) + +Verification Goals: +- No reentrancy paths +- Supply invariance across chains +- Deterministic routing + +--- + +## 10.7 Sovereign Continuity Architecture + +Design for catastrophic scenario resilience: + +- Multi-region API failover +- Cold-storage canonical snapshot +- Read-only emergency registry endpoint +- Manual recovery playbook + +Doctrine: +System must degrade safely, never unpredictably. + +--- + +# 11. Final State — Beyond Infinity Criteria + +The system achieves Absolute Air Superiority when: + +1. Canonical registry is cryptographically anchored. +2. Sentinel layer actively guards production. +3. Circuit breakers are enforced and tested. +4. Liquidity shock simulations pass. +5. Formal verification underway or complete. +6. Time-to-containment SLA met consistently. +7. Zero unmonitored bridge routes exist. + +At this level, execution is no longer reactive. +It is autonomous, sovereign, and self-stabilizing. + +--- + +**Blitzkrieg Ultra Uber Max Pro — Absolute Air Superiority Tier** + +Deterministic Spine. +Operational Dominance. +Autonomous Defense. +Cryptographic Sovereignty. +Zero Drift Across All Dimensions. \ No newline at end of file diff --git a/docs/00-meta/COMPLETION_MASTER_PLAN.md b/docs/00-meta/COMPLETION_MASTER_PLAN.md new file mode 100644 index 0000000..22bbdd7 --- /dev/null +++ b/docs/00-meta/COMPLETION_MASTER_PLAN.md @@ -0,0 +1,163 @@ +# Completion Master Plan — All Incomplete & Missing Items + +**Last Updated:** 2026-02-16 +**Purpose:** Single actionable checklist to complete all remaining deployments, config-ready items, routing gaps, and missing components. Ordered by dependency and priority. + +**Related:** [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) | [CHAIN138_COMPLETE_ROUTING_TABLE](../07-ccip/CHAIN138_COMPLETE_ROUTING_TABLE.md) | [NEXT_STEPS_AND_REMAINING_TODOS](NEXT_STEPS_AND_REMAINING_TODOS.md) + +--- + +## Phase 0 — Unblock Stuck Transaction (Prerequisite) + +**Status:** ✅ Done. Block production resumed; stuck tx cleared. Nonce advanced from 13274/13275 to 13286. Phase 6 (Lockbox138) and Phase 8 (eMoney) completed. + +| # | Action | Command / notes | Owner | +|---|--------|-----------------|-------| +| 0.1 | **Option A:** Deploy with nonce skip | `cd smom-dbis-138 && source .env && forge create contracts/bridge/trustless/Lockbox138.sol:Lockbox138 --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --nonce 13275 --gas-price 20000000000 --broadcast` | Operator | +| 0.2 | **Option B:** MetaMask 0-ETH self-transfer | Send 0 ETH from deployer to self at nonce 13274 with gas price > 1M gwei to replace, then retry deploy | Operator | +| 0.3 | **Option C:** Flush from RPC host | SSH to r630-01, run `bash /path/to/flush-stuck-tx-rpc-and-validators.sh --full` from a host that can reach 192.168.11.11, then deploy from LAN within 60s | Operator | +| 0.4 | **Option D:** Fresh deployer wallet | Use new wallet (nonce 0) for Lockbox138 deploy | Operator | + +**Verify nonce:** Use curl (cast nonce may not support pending): +```bash +source smom-dbis-138/.env; RPC="${RPC_URL_138}"; D="$DEPLOYER" +L=$(curl -s -X POST -H "Content-Type: application/json" -d "{\"jsonrpc\":\"2.0\",\"method\":\"eth_getTransactionCount\",\"params\":[\"$D\",\"latest\"],\"id\":1}" "$RPC" | jq -r '.result') +P=$(curl -s -X POST -H "Content-Type: application/json" -d "{\"jsonrpc\":\"2.0\",\"method\":\"eth_getTransactionCount\",\"params\":[\"$D\",\"pending\"],\"id\":1}" "$RPC" | jq -r '.result') +printf "Latest: %d | Pending: %d\n" $((L)) $((P)) +``` + +--- + +## Phase 1 — Deployments (Chain 138) + +| # | Item | Status | Command / env | Ref | +|---|------|--------|---------------|-----| +| 1.1 | **Lockbox138 (Phase 6)** | ✅ Done | `0x9E51fAAE511024161b99838Af0dbA38Ff354F72c` | OPTIONAL_DEPLOYMENTS §2C | +| 1.2 | **eMoney 138 (Phase 8)** | ✅ Done | ComplianceRegistry, DebtRegistry, PolicyManager, TokenFactory138, BridgeVault138 | OPTIONAL_DEPLOYMENTS §2 | +| 1.3 | **Trustless Mainnet** | ⏳ RPC 403 | Set `ETHEREUM_MAINNET_RPC` to RPC that accepts your key (e.g. Infura/Alchemy project URL); run DeployTrustlessBridge with `--rpc-url $ETHEREUM_MAINNET_RPC --broadcast --via-ir` | OPTIONAL_DEPLOYMENTS §2C | + +**Post-deploy:** Add `LOCKBOX_138=0x...` (and INBOX_ETH for Mainnet) to .env; update config/smart-contracts-master.json. + +--- + +## Phase 2 — Config-Ready Chains (CCIP) + +Complete Gnosis (100), Celo (42220), Wemix (1111) — deploy bridges, add destinations on 138, fund LINK. + +| # | Chain | Steps | Ref | +|---|-------|-------|-----| +| 2.1 | **Gnosis** | Deploy CCIPWETH9/WETH10 on Gnosis; add 138→100 and 100→138 destinations; fund LINK | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | +| 2.2 | **Celo** | Same for Celo (42220) | Same | +| 2.3 | **Wemix** | Same for Wemix (1111); verify token addresses on [scan.wemix.com/tokens](https://scan.wemix.com/tokens) | Same, [WEMIX_TOKEN_VERIFICATION](../07-ccip/WEMIX_TOKEN_VERIFICATION.md) | +| 2.4 | **Run completion script** | `smom-dbis-138/scripts/deployment/complete-config-ready-chains.sh` (requires bridge addresses, CHAIN138_SELECTOR) | CONFIG_READY_CHAINS | + +--- + +## Phase 3 — DODO PMM & Liquidity Pools (Chain 138) + +| # | Item | Status | Env required | Command | +|---|------|--------|--------------|---------| +| 3.1 | **DODO PMM Integration** | ❌ Not deployed | `DODO_VENDING_MACHINE_ADDRESS`, `COMPLIANT_USDT_ADDRESS`, `COMPLIANT_USDC_ADDRESS`, `OFFICIAL_USDT_ADDRESS`, `OFFICIAL_USDC_ADDRESS`, `DODO_APPROVE_ADDRESS` | `forge script script/dex/DeployDODOPMMIntegration.s.sol --rpc-url $RPC_URL_138 --broadcast --private-key $PRIVATE_KEY` | +| 3.2 | **Create pools** | — | After 3.1 | createCUSDTUSDTPool, createCUSDCUSDCPool, createCUSDTCUSDCPool via DODO | +| 3.3 | **Set env** | — | `CHAIN_138_DODO_POOL_MANAGER`, `CHAIN_138_DODO_VENDING_MACHINE` | .env | +| 3.4 | **Update docs** | — | LIQUIDITY_POOLS_MASTER_MAP, routing table | LIQUIDITY_POOL_CONTROLS_RUNBOOK | + +--- + +## Phase 4 — Reserve Keeper & Paymaster (Optional) + +| # | Item | Status | Env | Notes | +|---|------|--------|-----|-------| +| 4.1 | **Reserve Keeper (Phase 4)** | Skips when unset | `ORACLE_PRICE_FEED` or `RESERVE_KEEPER` | Set to deploy; or set RESERVE_KEEPER to existing address to skip | +| 4.2 | **Paymaster (Phase 9)** | Informational | `ENTRY_POINT`, `SMART_ACCOUNT_FACTORY`, `PAYMASTER` | Deploy from ERC-4337 / Smart Accounts kit, then set env | + +--- + +## Phase 5 — Routing Table Gaps (from CHAIN138_COMPLETE_ROUTING_TABLE) + +| # | Gap | Action | Status | +|---|-----|--------|--------| +| 5.1 | **Trustless (Lockbox138)** | Deploy (Phase 1.1) | ✅ Done | +| 5.2 | **CCIP Gnosis/Celo/Wemix** | Phase 2 | ⚠️ Config ready | +| 5.3 | **DODO PMM on-chain swaps** | Phase 3 | ❌ Not deployed | +| 5.4 | **LINK 138→Mainnet relay** | Extend CCIPRelayBridge or add LINK receiver; set relaySupported in token-mapping.json | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) | +| 5.5 | **Tether Chain 138** | No bridge mapping — document only or add Bridge Vault route if needed | — | + +--- + +## Phase 6 — Operator / LAN Tasks + +| # | Task | Command / doc | Owner | +|---|------|---------------|-------| +| 6.1 | **Blockscout verification** | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | Operator | +| 6.2 | **Fix E2E 502s** | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` | Operator | +| 6.3 | **RPC 2101 approve & sync** | `./scripts/verify/verify-rpc-2101-approve-and-sync.sh` | Operator | +| 6.4 | **Run operator script** | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` | Operator | + +--- + +## Phase 7 — External & Third-Party + +| # | Task | Owner | Ref | +|---|------|-------|-----| +| 7.1 | **Ledger** | Await Tally response; sign agreement | ADD_CHAIN138_TO_LEDGER_LIVE | +| 7.2 | **Trust Wallet** | PR to trustwallet/wallet-core | ADD_CHAIN138_TO_TRUST_WALLET | +| 7.3 | **Consensys** | Outreach for Swaps/Bridge | CONSENSYS_OUTREACH_PACKAGE | +| 7.4 | **CoinGecko/CMC** | Submit Chain 138 + tokens | COINGECKO_SUBMISSION_GUIDE | + +--- + +## Phase 8 — Missing Items (from REMAINING_COMPONENTS) + +| # | Item | Action | +|---|------|--------| +| 8.1 | **AddressMapper other chains** | Cronos ✅; for others: DeployAddressMapperOtherChain.s.sol, set mapper in smart-contracts-master.json | +| 8.2 | **Code placeholders** | AlltraAdapter fee (setBridgeFee), smart accounts kit, quote service Fabric chainId, EnhancedSwapRouter | REQUIRED_FIXES_UPDATES_GAPS | +| 8.3 | **API keys** | Add Coingecko, CMC keys to .env | reports/API_KEYS_REQUIRED.md | +| 8.4 | **cancel-pending-transactions.sh RPC** | Script defaults to RPC_ALLTRA_1 (250) for Chain 138; ensure RPC_URL_138 is set in .env or fix fallback to 192.168.11.211 | +| 8.5 | **cast nonce pending** | cancel-pending-transactions.sh uses `cast nonce --pending`; some cast versions don't support it — may need curl-based nonce check (see Phase 0) | + +--- + +## Execution Order (Recommended) + +1. **Phase 0** — Unblock stuck tx (choose one option) +2. **Phase 1** — Lockbox138, eMoney, Trustless Mainnet +3. **Phase 2** — Gnosis, Celo, Wemix CCIP +4. **Phase 3** — DODO PMM (requires DODO env) +5. **Phase 4** — Reserve Keeper, Paymaster (if needed) +6. **Phase 6** — Operator tasks (Blockscout, 502s, RPC) +7. **Phase 5** — Update routing table as each completes +8. **Phase 7** — External (async) +9. **Phase 8** — Code/config hygiene + +--- + +## Quick Commands Reference + +```bash +# Check stuck tx +source smom-dbis-138/.env; RPC="$RPC_URL_138"; D="$DEPLOYER" +printf "Latest: %d | Pending: %d\n" $((0x$(curl -s -X POST -H "Content-Type: application/json" -d "{\"jsonrpc\":\"2.0\",\"method\":\"eth_getTransactionCount\",\"params\":[\"$D\",\"latest\"],\"id\":1}" "$RPC" | jq -r '.result'))) $((0x$(curl -s -X POST -H "Content-Type: application/json" -d "{\"jsonrpc\":\"2.0\",\"method\":\"eth_getTransactionCount\",\"params\":[\"$D\",\"pending\"],\"id\":1}" "$RPC" | jq -r '.result'))) + +# Deploy Lockbox138 with nonce skip +cd smom-dbis-138 && source .env && forge create contracts/bridge/trustless/Lockbox138.sol:Lockbox138 \ + --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --nonce 13275 --gas-price 20000000000 --broadcast + +# Run phases 6,8 after unblock +./scripts/run-optional-deployments.sh --execute --phases 6,8 + +# Flush mempool (from host with SSH to r630-01) +bash scripts/flush-stuck-tx-rpc-and-validators.sh --full +``` + +--- + +## References + +- [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) +- [CHAIN138_COMPLETE_ROUTING_TABLE](../07-ccip/CHAIN138_COMPLETE_ROUTING_TABLE.md) +- [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) +- [NEXT_STEPS_AND_REMAINING_TODOS](NEXT_STEPS_AND_REMAINING_TODOS.md) +- [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) +- [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) diff --git a/docs/00-meta/CONTRIBUTOR_GUIDELINES.md b/docs/00-meta/CONTRIBUTOR_GUIDELINES.md index 0162dd1..aaefa8a 100644 --- a/docs/00-meta/CONTRIBUTOR_GUIDELINES.md +++ b/docs/00-meta/CONTRIBUTOR_GUIDELINES.md @@ -199,7 +199,7 @@ This document provides guidelines for contributing to the documentation, includi - **[DOCUMENTATION_STYLE_GUIDE.md](DOCUMENTATION_STYLE_GUIDE.md)** ⭐⭐⭐ - Style guide - **[MASTER_INDEX.md](../MASTER_INDEX.md)** ⭐⭐⭐ - Documentation index -- **[DOCUMENTATION_METRICS.md](DOCUMENTATION_METRICS.md)** ⭐ - Documentation health and review +- **[DOCUMENTATION_METRICS.md](../archive/00-meta-pruned/DOCUMENTATION_METRICS.md)** ⭐ - Documentation health and review --- diff --git a/docs/00-meta/DBIS_CORE_WHEN_TO_IMPLEMENT.md b/docs/00-meta/DBIS_CORE_WHEN_TO_IMPLEMENT.md new file mode 100644 index 0000000..5e94eee --- /dev/null +++ b/docs/00-meta/DBIS_CORE_WHEN_TO_IMPLEMENT.md @@ -0,0 +1,22 @@ +# dbis_core — when to implement (Redis, Prometheus, PagerDuty) + +**Purpose:** Runbook/checklist so full scope is clear; no new code in this plan. +**See also:** NOT_IMPLEMENTED_FULL_SCOPE section 5, dbis_core submodule. + +## Redis + +When: Required only if caching (or session/state) is needed. Current: Optional; already wired when REDIS_URL is set. Action: Enable when a service is configured to use Redis; document in dbis_core or runbook. + +## Prometheus + +When: Implement push or scrape when the monitoring stack is deployed. Action: Add metrics endpoints or scrape config when monitoring stack is up; document in dbis_core or ops runbook. + +## PagerDuty + +When: Implement when on-call and incident routing are required. Action: Wire alerts to PagerDuty; document in runbook. + +## Deal-execution integration tests + +Current: Skipped with ticket (per GAPS). Action: Re-enable and fix when CI/env and dependencies are ready; update GAPS and PLACEHOLDERS when done. + +No new code in this doc; checklist only. diff --git a/docs/00-meta/DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK.md b/docs/00-meta/DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK.md new file mode 100644 index 0000000..e495263 --- /dev/null +++ b/docs/00-meta/DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK.md @@ -0,0 +1,114 @@ +# Deploy Confirm and Full E2E Testing Runbook + +**Last updated:** 2026-02-14 + +Run this sequence to ensure everything is **deployed**, **confirmed**, **verified**, and then run **full e2e testing**. + +--- + +## 1. Deploy confirmed (from LAN only) + +From a host on the same LAN as 192.168.11.x (or with reachable RPC): + +```bash +# On-chain check: all contract addresses from config/smart-contracts-master.json have bytecode +source scripts/lib/load-project-env.sh +./scripts/verify/check-contracts-on-chain-138.sh +# Expect: "Total: N present, 0 missing" +``` + +If RPC is unreachable from your host, you'll see "0 present, N missing" and a WARN. Run the same command from a machine on VPN/LAN or pass a reachable RPC: `./scripts/verify/check-contracts-on-chain-138.sh https://rpc.d-bis.org`. + +--- + +## 2. Contracts verified (Blockscout) + +Verification was fixed (forge-verification-proxy accepts form-encoded bodies). From LAN: + +```bash +source smom-dbis-138/.env 2>/dev/null +./scripts/verify/run-contract-verification-with-proxy.sh +# Or one contract: ./scripts/verify/run-contract-verification-with-proxy.sh --only Multicall +``` + +Check https://explorer.d-bis.org/address/ for verification status. + +--- + +## 3. Unit and E2E tests (no LAN required) + +### smom-dbis-138 + +```bash +cd smom-dbis-138 +forge test +forge test --match-path "test/e2e/*.sol" +``` + +### alltra-lifi-settlement + +```bash +cd alltra-lifi-settlement +forge test +npm run test:e2e -- --forceExit +``` + +- **Forge tests:** pass without RPC. +- **Jest e2e:** `payment-flow` and `monitoring-flow` can pass; `withdrawal-flow` **requires reachable Chain 138 RPC** (192.168.11.211:8545 or public RPC). Run from LAN for full e2e pass. + +--- + +## 4. E2E routing (public domains) + +From anywhere (uses public DNS/HTTPS): + +```bash +./scripts/verify/verify-end-to-end-routing.sh +``` + +- **DNS:** all domains. +- **HTTPS / RPC:** Some endpoints may return 502 (dbis-admin, dbis-api, rpc-http-prv, rpc-alltra*, rpc-hybx*, cacti-*) if backends are stopped or unreachable from the test host. Fix from LAN: + - **Comprehensive fix (all 502 backends):** `./scripts/maintenance/fix-all-502s-comprehensive.sh` (10130 Python, dbis-api, 2101/2500-2505 Besu, Cacti). + - **Deep dive (diagnose + fix per backend):** `./scripts/maintenance/diagnose-and-fix-502s-via-ssh.sh` (use `--diagnose-only` to only report). + - Start containers: `./scripts/maintenance/start-stopped-containers-via-ssh.sh` + - Ensure services in DBIS containers: `./scripts/maintenance/ensure-dbis-services-via-ssh.sh` + - Add explorer security headers: `./scripts/maintenance/add-explorer-security-headers-via-ssh.sh` +- To have the script **exit 0** when only 502s remain (e.g. for CI): `E2E_ACCEPT_502_INTERNAL=1 ./scripts/verify/verify-end-to-end-routing.sh` +- Report: `docs/04-configuration/verification-evidence/e2e-verification-/verification_report.md`. + +--- + +## 5. Explorer E2E + +```bash +EXPLORER_URL="https://explorer.d-bis.org" bash explorer-monorepo/scripts/e2e-test-explorer.sh +``` + +Covers: homepage, Blockscout API, SPA routes, security headers (warnings only), performance. From LAN you can also use `BASE_URL="http://192.168.11.140"` for direct backend checks. + +--- + +## Quick reference + +| Step | Command / action | Requires LAN? | +|-------------------|-----------------------------------------------------------------------------------|---------------| +| On-chain check | `./scripts/verify/check-contracts-on-chain-138.sh` | Yes (RPC) | +| Blockscout verify | `./scripts/verify/run-contract-verification-with-proxy.sh` | Yes | +| smom forge test | `cd smom-dbis-138 && forge test && forge test --match-path "test/e2e/*.sol"` | No | +| alltra forge | `cd alltra-lifi-settlement && forge test` | No | +| alltra Jest e2e | `cd alltra-lifi-settlement && npm run test:e2e -- --forceExit` | Yes for full | +| E2E routing | `./scripts/verify/verify-end-to-end-routing.sh` | No | +| Explorer E2E | `EXPLORER_URL="https://explorer.d-bis.org" bash explorer-monorepo/scripts/e2e-test-explorer.sh` | No | +| Fix 502s (LAN) | `./scripts/maintenance/start-stopped-containers-via-ssh.sh` then `ensure-dbis-services-via-ssh.sh` | Yes (SSH) | +| E2E accept 502 | `E2E_ACCEPT_502_INTERNAL=1 ./scripts/verify/verify-end-to-end-routing.sh` (exit 0 when only 502s) | No | + +--- + +## Last run summary (2026-02-14) + +- **On-chain check:** Not run from this host (RPC 192.168.11.211 unreachable off-LAN). Run from LAN to confirm deploy. +- **Blockscout verification:** Already completed for all 11 contracts (Multicall, Aggregator, Proxy, MultiSig, CCIPReceiver, Voting, CCIPSender, CCIPWETH10/9, MerchantSettlementRegistry, WithdrawalEscrow). +- **smom-dbis-138:** `forge test` passed; `forge test --match-path "test/e2e/*.sol"` — 26 e2e tests passed. +- **alltra-lifi-settlement:** `forge test` 8 passed; `npm run test:e2e` — 33 passed, 1 failed (withdrawal-flow, RPC unreachable). +- **E2E routing:** 34 DNS pass, 10 HTTPS pass, 7 RPC/502 fails (alltra/hybx/prv tunnels); explorer.d-bis.org and Blockscout API passed. +- **Explorer E2E:** 37 passed, 0 failed, 4 warnings. diff --git a/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md b/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md new file mode 100644 index 0000000..d5b2b62 --- /dev/null +++ b/docs/00-meta/DOCUMENTATION_CONSOLIDATION_PLAN.md @@ -0,0 +1,146 @@ +# Documentation Consolidation Plan + +**Last Updated:** 2026-02-20 +**Purpose:** Review, consolidate, and prune markdown docs. Single reference for what to keep, merge, or archive. + +**Related:** [ARCHIVE_CANDIDATES.md](ARCHIVE_CANDIDATES.md) | [archive/00-meta-pruned/README.md](../archive/00-meta-pruned/README.md). (Dated review docs, e.g. DOCUMENTATION_REVIEW_20260216, are in archive/00-meta-pruned.) + +--- + +## 1. Scope + +- **Primary:** `docs/` (root + 00-meta through 12-quick-reference, gru-m1, compliance, runbooks, archive). +- **Verification evidence:** Keep recent runs; older runs already in `archive/verification-evidence-old/`. +- **Submodules:** smom-dbis-138/docs, etc. — out of scope for this plan; see [11-references/SUBMODULE_RELATIONSHIP_MAP.md](../11-references/SUBMODULE_RELATIONSHIP_MAP.md). + +--- + +## 2. 00-meta Classification + +### Keep (canonical / living) + +| Document | Role | +|----------|------| +| **NEXT_STEPS_INDEX.md** | Single entry for "what to do next" → links to FOR_YOU, OPERATOR, REMAINING_WORK_DETAILED_STEPS, etc. | +| **NEXT_STEPS_MASTER.md** | Master list of next steps | +| **NEXT_STEPS_FOR_YOU.md** | Your personal checklist (Ledger, from-anywhere) | +| **NEXT_STEPS_OPERATOR.md** | Operator runbook (LAN/creds) | +| **NEXT_STEPS_ALL.md** | Consolidated all-audience next steps | +| **REMAINING_WORK_DETAILED_STEPS.md** | Step-by-step for each remaining task | +| **NEXT_STEPS_AND_REMAINING_TODOS.md** | Full consolidated checklist | +| **TODOS_CONSOLIDATED.md** | Single-file task list (high/medium/LAN/low) | +| **TODO_TASK_LIST_MASTER.md** | Master task list | +| **REMAINING_TASKS_AND_API_FEATURES.md** | Remaining tasks + API inventory | +| **REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md** | Phases review | +| **MASTER_PLAN.md** | Single Master Plan (gaps, phases) | +| **COMPLETION_MASTER_PLAN.md** | Incomplete + missing items; Phase 0–8 | +| **BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md** | Token/bridge rollout (canonical) | +| **BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md** | Where to update when completed | +| **ALL_REQUIREMENTS.md** | All requirements | +| **ARCHIVE_CANDIDATES.md** | What to archive; consolidation log | +| **DOCUMENTATION_STYLE_GUIDE.md** | Doc standards | +| **DOCUMENTATION_FIX_TASK_LIST.md** | Doc fix tasks + completed fixes | +| **DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md** | Enhancement recommendations | +| **DOCUMENTATION_QUALITY_REVIEW.md** | Quality review | +| **DOCUMENT_RELATIONSHIP_MAP.md** | Doc relationship diagram (Mermaid/ASCII) | +| **FULL_PARALLEL_EXECUTION_ORDER.md** | Wave 0–3 execution order | +| **WAVE1_COMPLETION_SUMMARY.md** | Wave 1 status | +| **WAVE2_WAVE3_OPERATOR_CHECKLIST.md** | Wave 2/3 checklist | +| **PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST.md** | Placeholders, env, API keys | +| **E2E_COMPLETION_TASKS_DETAILED_LIST.md** | E2E tasks by part | +| **REMAINING_WORK_DETAILED_TASKS.md** | Detailed remaining tasks | +| **STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md** | Steps from Proxmox/LAN | +| **DEPLOY_CONFIRM_AND_FULL_E2E_RUNBOOK.md** | Deploy + E2E runbook | +| **502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md** | 502 root cause (operational reference) | +| **UNBLOCK_MAINNET_RPC_403.md** | Mainnet RPC 403 unblock (operational) | +| **MAJOR_UPGRADE_HOLD_OFF.md** | Upgrade hold (decision) | +| **SAFE_PACKAGES_MIGRATION_PLAN.md** | Package migration | +| **MAINTENANCE_SCRIPTS_REVIEW.md** | Maintenance scripts reference | +| **CONTRIBUTOR_GUIDELINES.md** | Contributor guidelines | +| **MARKDOWN_FILE_MAINTENANCE_GUIDE.md** | Markdown maintenance | + +### Archive (one-off status / dated reviews) + +Moved to `docs/archive/00-meta-pruned/` in 2026-02-20 batch: + +| Document | Reason | +|----------|--------| +| COMPLETION_STATUS_20260215.md | Dated completion snapshot; current status in NEXT_STEPS_OPERATOR / REMAINING_WORK_DETAILED_STEPS | +| MASTER_DOCUMENTATION_REVIEW_20260205.md | Dated review; current state in DOCUMENTATION_FIX_TASK_LIST and MASTER_INDEX | +| DOCUMENTATION_REVIEW_20260216.md | Dated review; decisions captured in ARCHIVE_CANDIDATES and this plan | +| DOCUMENTATION_REVIEW_CONTINUED_20260216.md | Dated continued review | +| COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31.md | Dated comprehensive review | +| DOCUMENTATION_UPGRADE_SUMMARY.md | One-off upgrade summary | +| DOCUMENTATION_REVIEW.md | Generic review; superseded by dated reviews and FIX_TASK_LIST | +| DOCUMENTATION_METRICS.md | One-off metrics; optional future link-check only | +| DOCUMENTATION_RELATIONSHIP_MAP.md | Duplicate of DOCUMENT_RELATIONSHIP_MAP (keep one) | +| JNA_WHY_NOT_WORKING_REVIEW.md | One-off investigation | +| VMID_2101_CHANGES_AND_FAILURES.md | One-off incident; operational fixes in runbooks | +| COMPREHENSIVE_PROJECT_REVIEW.md | One-off project review | + +### Review later (possible merge or archive) + +| Document | Note | +|----------|------| +| MASTER_DOCUMENTATION_INDEX.md | Overlaps with docs/MASTER_INDEX.md; consider single canonical index at docs/ | +| REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md | Overlap with REMAINING_TASKS_*; consider merging into one | +| RECOMMENDATIONS_OPERATOR_CHECKLIST.md | Overlap with 11-references/OPERATOR_OPTIONAL_CHECKLIST; keep or merge | +| PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md | Overlap with PLACEHOLDERS_AND_REQUIRED_ADDITIONS_LIST | +| NOT_IMPLEMENTED_FULL_SCOPE.md | Keep; distinct scope doc | +| LEGAL_DOCUMENTS_IMPLEMENTATION.md | Keep or move to compliance/ | +| DBIS_CORE_WHEN_TO_IMPLEMENT.md | Keep; decision doc | +| NETWORK_PLACEHOLDERS_DECISION.md | Keep; decision doc | +| NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md | Keep; design decisions | +| REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md | Overlap with REMAINING_*; consider merge | +| ALL_TASKS_DETAILED_STEPS.md | Overlap with REMAINING_WORK_DETAILED_STEPS | +| MASTER_TODO_EXPANDED.md | Overlap with TODO_TASK_LIST_MASTER / TODOS_CONSOLIDATED | +| REMAINING_ITEMS_FULL_PARALLEL_LIST.md | Overlap with FULL_PARALLEL_* | +| TASKS_TO_COMPLETE_AND_FIX.md | Overlap with TODOS_CONSOLIDATED | +| CONTINUE_AND_COMPLETE.md | **Archived** (archive/00-meta-pruned, Batch 5) | +| FULL_PARALLEL_RUN_LOG.md | **Archived** (archive/00-meta-pruned, Batch 5) | +| PHASES_AND_TASKS_MASTER.md | Keep; phase checklist | +| PARALLEL_TASK_STRUCTURE.md | Keep; execution structure | +| EXTERNAL_INTEGRATIONS_CHECKLIST.md | Keep | +| API_KEYS_DOTENV_STATUS.md | Keep or merge into MASTER_SECRETS_INVENTORY | +| SCRIPT_INVENTORY.md | Keep; script reference | + +--- + +## 3. Docs root + +| Document | Action | +|----------|--------| +| ALL_TASKS_COMPLETE.md | **Moved** to docs/archive/root-status-reports/ (2026-02-20) | +| GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md | Keep; single reference for gaps/placeholders. Linked from MASTER_INDEX. | +| PLACEHOLDERS_AND_TBD.md | Keep; cross-link with 00-meta/PLACEHOLDERS_* and GAPS_AND_RECOMMENDATIONS | +| REQUIRED_FIXES_UPDATES_GAPS.md | Keep; cross-link with GAPS_AND_RECOMMENDATIONS | +| VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md | Keep in docs or move to 02-architecture/ | +| INTEGRATION_TEST_SUMMARY.md | Keep or archive if dated | + +--- + +## 3b. Project root (repository root) — cleanup 2026-02-20 + +**Kept at root:** README.md, PROJECT_STRUCTURE.md, INTEGRATIONS_QUICK_REFERENCE.md, COMPREHENSIVE_STATUS_BRIDGE_READY.md (linked from docs), package.json, pnpm-lock.yaml, pnpm-workspace.yaml, renovate.json, .env.example, claude_desktop_config.json.example, token-list.json, .gitignore, .gitmodules. + +**Moved:** 40+ status/completion/temp files and screenshots → [docs/archive/root-cleanup-20260220/](../archive/root-cleanup-20260220/README.md). **fix-wsl-ip.sh** → scripts/fix-wsl-ip.sh. + +--- + +## 4. Verification evidence + +- **Policy:** Keep last 2–3 run dates per type (e2e, backend-vms). Older runs → `archive/verification-evidence-old/`. +- **Summary docs** in verification-evidence (e.g. COMPLETION_RUN_*, DO_ALL_*): keep recent; archive old dated summaries to archive/00-meta-pruned or verification-evidence-old. + +--- + +## 5. Next steps for maintainers + +1. Run link check quarterly (MASTER_INDEX, docs/README). +2. Each quarter: move clearly one-off/dated 00-meta docs to archive/00-meta-pruned per this plan. +3. Consider merging REMAINING_* and NEXT_STEPS_* into 2–3 canonical files (entry: NEXT_STEPS_INDEX.md). +4. Add "Last reviewed" to ARCHIVE_CANDIDATES after each consolidation run. + +--- + +**Consolidation run 2026-02-20:** NEXT_STEPS_INDEX.md added; Batch 4 (12 files) archived to 00-meta-pruned; ARCHIVE_CANDIDATES and MASTER_INDEX updated. **Follow-up:** Batch 5 (CONTINUE_AND_COMPLETE, FULL_PARALLEL_RUN_LOG) → 00-meta-pruned; ALL_TASKS_COMPLETE → root-status-reports; project root cleanup → docs/archive/root-cleanup-20260220; fix-wsl-ip.sh → scripts/. diff --git a/docs/00-meta/DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md b/docs/00-meta/DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md index 254c392..dc1f044 100644 --- a/docs/00-meta/DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md +++ b/docs/00-meta/DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md @@ -1122,7 +1122,7 @@ Home > Architecture > Network Architecture > VLAN Configuration - **[DOCUMENTATION_STYLE_GUIDE.md](DOCUMENTATION_STYLE_GUIDE.md)** ⭐⭐⭐ - Documentation standards - **[DOCUMENTATION_QUALITY_REVIEW.md](DOCUMENTATION_QUALITY_REVIEW.md)** ⭐⭐ - Quality review findings -- **[DOCUMENTATION_FIXES_COMPLETE.md](DOCUMENTATION_FIXES_COMPLETE.md)** ⭐⭐ - Completed fixes +- **[DOCUMENTATION_FIX_TASK_LIST.md](DOCUMENTATION_FIX_TASK_LIST.md)** ⭐⭐ - Task list and completed fixes (DOCUMENTATION_FIXES_COMPLETE was consolidated here) - **[MASTER_INDEX.md](../MASTER_INDEX.md)** ⭐⭐⭐ - Complete documentation index --- diff --git a/docs/00-meta/DOCUMENTATION_FIX_TASK_LIST.md b/docs/00-meta/DOCUMENTATION_FIX_TASK_LIST.md index 36ba459..6934f57 100644 --- a/docs/00-meta/DOCUMENTATION_FIX_TASK_LIST.md +++ b/docs/00-meta/DOCUMENTATION_FIX_TASK_LIST.md @@ -234,11 +234,11 @@ ## 7. Related Documents -- **[COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31.md](COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31.md)** – Full review methodology and findings +- **[COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31.md](../archive/00-meta-pruned/COMPREHENSIVE_DOCUMENTATION_REVIEW_2026-01-31.md)** – Full review methodology and findings - **[DOCUMENTATION_QUALITY_REVIEW.md](DOCUMENTATION_QUALITY_REVIEW.md)** – Duplicates, gaps, inconsistencies - **[DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md](DOCUMENTATION_ENHANCEMENTS_RECOMMENDATIONS.md)** – Content, visual, organization, usability - **[DOCUMENTATION_STYLE_GUIDE.md](DOCUMENTATION_STYLE_GUIDE.md)** – Standards for headers, naming, markdown -- **[DOCUMENTATION_FIXES_COMPLETE.md](DOCUMENTATION_FIXES_COMPLETE.md)** – Previously completed fixes +- **Completed fixes** – Documented in this file (DOCUMENTATION_FIXES_COMPLETE.md was consolidated here) - **[../MASTER_INDEX.md](../MASTER_INDEX.md)** – Master documentation index --- diff --git a/docs/00-meta/FULL_PARALLEL_EXECUTION_ORDER.md b/docs/00-meta/FULL_PARALLEL_EXECUTION_ORDER.md index 3aba1ce..101d14b 100644 --- a/docs/00-meta/FULL_PARALLEL_EXECUTION_ORDER.md +++ b/docs/00-meta/FULL_PARALLEL_EXECUTION_ORDER.md @@ -5,7 +5,7 @@ **Sources:** [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md](REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md), [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md), [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md). -**Run log:** [FULL_PARALLEL_RUN_LOG.md](FULL_PARALLEL_RUN_LOG.md) — record of what was executed by wave (2026-02-05). +**Run log:** [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) — record of what was executed by wave (2026-02-05). **Wave 1 status:** [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md). **Wave 2/3 checklist:** [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md). **Full remaining list (all items by wave):** [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md). diff --git a/docs/00-meta/LEGAL_DOCUMENTS_IMPLEMENTATION.md b/docs/00-meta/LEGAL_DOCUMENTS_IMPLEMENTATION.md new file mode 100644 index 0000000..92454ca --- /dev/null +++ b/docs/00-meta/LEGAL_DOCUMENTS_IMPLEMENTATION.md @@ -0,0 +1,3 @@ +# the-order legal-documents implementation + +Court-efiling: integrate with court e-filing system or document API. E-signature: DocuSign or Adobe Sign. Document-security: fetch PDF, watermark or redact, re-upload. For each: prerequisites, steps, and update GAPS_AND_RECOMMENDATIONS_CONSOLIDATED and PLACEHOLDERS_AND_COMPLETION_MASTER_LIST when done. See NOT_IMPLEMENTED_FULL_SCOPE section 5. diff --git a/docs/00-meta/MAINTENANCE_SCRIPTS_REVIEW.md b/docs/00-meta/MAINTENANCE_SCRIPTS_REVIEW.md new file mode 100644 index 0000000..705999a --- /dev/null +++ b/docs/00-meta/MAINTENANCE_SCRIPTS_REVIEW.md @@ -0,0 +1,89 @@ +# Maintenance scripts review + +**Date:** 2026-02-15 +**Scope:** RPC/502 fix flow, writability step, runner, and related docs. + +--- + +## 1. Flow overview + +| Step | Script | Purpose | +|------|--------|---------| +| 0 | `make-rpc-vmids-writable-via-ssh.sh` | Stop 2101, 2500–2505 on r630-01; e2fsck rootfs; start; verify /tmp writable | +| 1 | `resolve-and-fix-all-via-proxmox-ssh.sh` | Dev VM IP .59, start containers, DBIS services (r630-01, ml110) | +| 2 | `fix-rpc-2101-jna-reinstall.sh` | Reinstall Besu in 2101 (JNA fix), use /tmp in CT, set java.io.tmpdir=/data/besu/tmp | +| 3 | `install-besu-permanent-on-missing-nodes.sh` | Install Besu on 1505–1508 (ml110), 2500–2505 (r630-01) where missing | +| 4 | `address-all-remaining-502s.sh` | fix-all-502s-comprehensive + NPM proxy update + RPC diagnostics | +| 5 | `verify-end-to-end-routing.sh` | E2E (optional via `--e2e`) | + +**Single entry point:** `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh` [--no-npm] [--e2e] [--dry-run] + +--- + +## 2. What works well + +- **Writability first:** Step 0 fixes read-only root (ext4 errors) so steps 2 and 3 can write to CTs. All seven RPC VMIDs (2101, 2500–2505) are handled on r630-01. +- **Clear ordering:** Make writable → resolve/start → fix 2101 → install Besu on missing → address 502s → E2E. Dependencies are respected. +- **Config-driven:** Hosts and IPs come from `config/ip-addresses.conf` (PROXMOX_HOST_R630_01, etc.). +- **Idempotent / skip logic:** resolve-and-fix skips if already correct; install-besu-permanent skips VMIDs that already have `/opt/besu/bin/besu`. +- **Docs linked:** 502_DEEP_DIVE (§ Read-only CT), CHECK_ALL_UPDATES (§9 Remaining fixes), maintenance README all reference the runner and make-writable script. +- **JNA tmpdir:** Standalone installer and 2101 fix set `-Djava.io.tmpdir=/data/besu/tmp` so Besu/JNA work when `/tmp` is restricted. +- **Apt resilience:** Standalone installer allows `apt-get update` to fail (e.g. command-not-found I/O error) and still requires `java` and `wget` before continuing. + +--- + +## 3. Gaps and risks + +- **Step 2 (2101) can be slow:** Apt install inside the CT can take 5–15+ minutes; the runner has no per-step timeout, so the whole run can appear to hang at “Installing packages…”. +- **Errors hidden:** The runner uses `2>/dev/null` on each step and only prints “Done” or “Step had warnings.” Failures (e.g. 2101 install fail, 2505 install fail) are not surfaced unless you read the full output. +- **Disk space:** 2502/2504 have historically hit “No space left on device” in `/data/besu` (RocksDB). The scripts do not check or resize CT disk; that remains manual (e.g. `pct resize rootfs +50G` or free space inside CT). +- **LV name assumption:** make-rpc-vmids-writable assumes LVs are `/dev/pve/vm--disk-0`. Different storage or naming would need script changes. +- **Single host for RPC:** make-rpc-vmids-writable only targets r630-01. If any RPC VMIDs are moved to ml110/r630-02, the script would need to be extended (or a second call with a different host). + +--- + +## 4. Recommendations and completion + +1. **Optional verbose mode:** ✅ **Done.** Runner supports `--verbose`; when set, step output is not redirected (no `2>/dev/null`), so failures are visible. +2. **Optional timeout for step 2:** ✅ **Done.** `STEP2_TIMEOUT` (default 900) applies to the 2101 fix; exit code 124 is detected and a message tells the user to re-run the fix manually. Use `STEP2_TIMEOUT=0` to disable. +3. **§9 checklist:** ✅ CHECK_ALL_UPDATES §9 includes "RPC CTs read-only → make-rpc-vmids-writable first"; operators have a single place for order of operations. +4. **Disk check (future):** Not implemented. Optionally run `pct exec -- df -h / /data/besu` before install/fix and warn if usage > 90%. + +--- + +## 5. File reference + +| File | Role | +|------|------| +| `scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh` | Main runner (steps 0–5) | +| `scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh` | e2fsck 2101, 2500–2505 on r630-01 | +| `scripts/maintenance/address-all-remaining-502s.sh` | Backends + NPM + diagnostics | +| `scripts/maintenance/fix-rpc-2101-jna-reinstall.sh` | 2101 Besu reinstall, /tmp + JNA tmpdir | +| `scripts/install-besu-in-ct-standalone.sh` | In-CT Besu install; apt tolerant; JNA tmpdir | +| `scripts/besu/install-besu-permanent-on-missing-nodes.sh` | Besu on 1505–1508, 2500–2505; writability check | +| `docs/00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md` | Root causes, Read-only CT, 2101/2500–2505 fixes | +| `docs/05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md` | Config, tunnels, verification, §9 remaining fixes | + +--- + +## 6. Quick commands + +```bash +# Full run (writable → fix → install → 502s → E2E) +./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e + +# Show all step output (no 2>/dev/null) +./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e --verbose + +# Step 2 (2101 fix) timeout: default 900s; disable with 0 +STEP2_TIMEOUT=1200 ./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e +STEP2_TIMEOUT=0 ./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e + +# Only make RPC CTs writable +./scripts/maintenance/make-rpc-vmids-writable-via-ssh.sh + +# Dry-run (print steps only) +./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --dry-run +``` + +Reports and diagnostics: `docs/04-configuration/verification-evidence/` (RPC diagnostics, E2E reports). diff --git a/docs/00-meta/MAJOR_UPGRADE_HOLD_OFF.md b/docs/00-meta/MAJOR_UPGRADE_HOLD_OFF.md new file mode 100644 index 0000000..ca24fa0 --- /dev/null +++ b/docs/00-meta/MAJOR_UPGRADE_HOLD_OFF.md @@ -0,0 +1,39 @@ +# Major Dependency Upgrade Hold-Off + +**Last Updated:** 2026-02-16 +**Status:** Intentional — upgrades require testing before applying + +--- + +## Overview + +The following major upgrades were identified as outdated but are **intentionally held** until tested. Do not upgrade without running the full test suite and manual verification. + +## Packages on Hold + +| Package | Current | Target | Dependents | Risk | +|---------|---------|--------|------------|------| +| ESLint | 8.x / 9.x | 10.x | alltra-lifi-settlement, bridge-dapp, proxmox-helper-scripts-website | High — config/flat config migration | +| Jest | 29.x | 30.x | alltra-lifi-settlement | Medium — API changes | +| @types/react | 18.x | 19.x | bridge-dapp | Medium — React 19 types | +| @types/react-dom | 18.x | 19.x | bridge-dapp | Medium | +| @typescript-eslint/* | 6.x / 8.x | 8.55 | multiple | Medium — rule changes | +| @vitejs/plugin-react | 4.x | 5.x | bridge-dapp | Medium | +| @vitest/ui | 1.x | 4.x | bridge-dapp | High — major version jump | +| @types/express | 4.x | 5.x | multi-chain-execution, rpc-translator-138 | Medium | +| commander | 11.x | 14.x | site-manager-api, unifi-api | Medium | + +## Upgrade Procedure (when ready) + +1. **Create a branch** for the upgrade. +2. **Upgrade one package** (or related group) at a time. +3. **Run tests:** `pnpm run test` in affected packages. +4. **Run builds:** `pnpm run build` (or package-specific build). +5. **Manual QA** of affected UIs (bridge-dapp, frontend, etc.). +6. **Document** any config or code changes required. +7. **Merge** only after all checks pass. + +## Related + +- [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) +- [PNPM_OUTDATED_SUMMARY](../../reports/PNPM_OUTDATED_SUMMARY.md) — if present diff --git a/docs/00-meta/MASTER_DOCUMENTATION_INDEX.md b/docs/00-meta/MASTER_DOCUMENTATION_INDEX.md new file mode 100644 index 0000000..9ab204e --- /dev/null +++ b/docs/00-meta/MASTER_DOCUMENTATION_INDEX.md @@ -0,0 +1,41 @@ +# Master Documentation Index — Source of Truth + +**Last Updated:** 2026-02-12 +**Purpose:** Treat these documents as the **Bible** for URL, VMID, and port mappings. When fixing placeholders or cleaning up projects, use them as the verifiably correct source. + +--- + +## Domain → VMID:port and infrastructure + +| Document | Scope | Use when | +|----------|--------|----------| +| **[ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)** | Complete VMID, IP, hostname, port, and public domain mapping | Resolving which VMID:port a domain or service must use; checking that **only** explorer points to Blockscout. | +| **[RPC_ENDPOINTS_MASTER.md](../04-configuration/RPC_ENDPOINTS_MASTER.md)** | RPC URLs, public domain → NPMplus backend, canonical .env values | Setting RPC_* in .env, configuring NPMplus proxy hosts, Chain 138 / ThirdWeb / DBIS / Sankofa / MIM4U. | +| **[DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md](../04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md)** | DNS → NPMplus → VM table | Aligning NPMplus backend targets with VMIDs; must match ALL_VMIDS and RPC_ENDPOINTS_MASTER. | + +--- + +## Critical rule: Explorer vs other services + +**Only** the **Explorer** (Blockscout) should be pointed at **192.168.11.140** (VMID 5000): + +- `explorer.d-bis.org` → 192.168.11.140:80 (web), :4000 (API) ✅ + +**All other domains** must point to their **correct VMID and port** (see the master docs above). Examples of **incorrect** routing (do not use): + +- `sankofa.nexus`, `phoenix.sankofa.nexus` → ~~192.168.11.140~~ ❌ +- Correct: `sankofa.nexus` → 192.168.11.51:3000 (VMID 7801), `phoenix.sankofa.nexus` → 192.168.11.50:4000 (VMID 7800). + +When reviewing or fixing documentation and NPMplus config: + +1. Resolve every domain from **ALL_VMIDS_ENDPOINTS** or **RPC_ENDPOINTS_MASTER**. +2. Update any doc or script that points a non-explorer domain to 192.168.11.140. +3. Ensure placeholder lists (e.g. [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md), [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md)) reference these master docs and the correct targets. + +--- + +## Related + +- [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) — What to complete for each placeholder +- [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) — Remaining tasks and recommendations +- [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md) — Network and IP reference diff --git a/docs/00-meta/MASTER_PLAN.md b/docs/00-meta/MASTER_PLAN.md index cd7006c..c293654 100644 --- a/docs/00-meta/MASTER_PLAN.md +++ b/docs/00-meta/MASTER_PLAN.md @@ -224,6 +224,7 @@ Use [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md) for cohorts. Within | Purpose | Document | |---------|----------| | Single Master Plan | This file: [MASTER_PLAN.md](MASTER_PLAN.md) | +| **Blitzkrieg Super Pro Max** (token-and-bridge rollout, marching ants, all recommendations) | [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) | | Detailed gaps and recommendations | [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md), [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) | | Required fixes and code placeholders | [REQUIRED_FIXES_UPDATES_GAPS.md](../REQUIRED_FIXES_UPDATES_GAPS.md), [PLACEHOLDERS_AND_TBD.md](../PLACEHOLDERS_AND_TBD.md) | | Next steps and phases | [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md), [PHASES_AND_TASKS_MASTER.md](PHASES_AND_TASKS_MASTER.md) | diff --git a/docs/00-meta/MASTER_TODO_EXPANDED.md b/docs/00-meta/MASTER_TODO_EXPANDED.md new file mode 100644 index 0000000..9bac295 --- /dev/null +++ b/docs/00-meta/MASTER_TODO_EXPANDED.md @@ -0,0 +1,416 @@ +# Master TODO — Fully Expanded (Everything Conceivable and Possible) + +**Last Updated:** 2026-02-13 +**Purpose:** Single exhaustive checklist of every task, recommendation, placeholder, and operational item across the repo. Use for prioritization, tracking, and ensuring nothing is missed. + +**Source docs:** [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) | [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) | [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) | [DEX_AND_CROSS_CHAIN_CONTRACTS_NEEDED](../11-references/DEX_AND_CROSS_CHAIN_CONTRACTS_NEEDED.md) | [TEZOS_CCIP_REMAINING_ITEMS](../07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md) | [CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE](../11-references/CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md) | [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) | [ALL_REQUIREMENTS](ALL_REQUIREMENTS.md) + +**When you complete an item:** Update the corresponding source doc per [BLITZKRIEG_SOURCE_DOCUMENT_INDEX](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md). + +--- + +## 1. Blitzkrieg Execution Trail (Steps 0–19) + +| # | Task | Status | +|---|------|--------| +| 0 | Environment freeze + canonical authority; run `./scripts/validation/validate-config-files.sh`; lock env; F-1–F-4 | [ ] | +| 1 | Lock canonical registry; document required env in token-aggregation README; freeze naming/symbols | [x] | +| 2 | Emit `dbis-138.tokenlist.json` deterministically; schema + hash lock | [x] | +| 3 | Emit `all-mainnet.tokenlist.json` deterministically | [x] | +| 4 | GRU M1 validation (cUSDC, cUSDT); run `check-contracts-on-chain-138.sh`; BridgeVault wiring | [ ] | +| 5 | GRU M1 CCIP enablement; validate routes 1↔138, 137↔138; fund LINK | [ ] | +| 6 | ISO-4217 eMoney (all c*, w*) in canonical; CCIP propagation | [ ] | +| 7 | W-Tokens + AlltraAdapter: setBridgeFee after deploy; document in PLACEHOLDERS_AND_TBD | [x] | +| 8 | Canonical → dual list sync; schema/lint; no testnet in prod list | [ ] | +| 9 | Token Aggregation API deployment; versioned endpoint | [ ] | +| 10 | Wallet ingestion: Ledger (1–3), Trust (4–5), Snap (6), Consensys (24), CoinGecko (25); LiFi/Stargate/Hop | [ ] | +| 11 | Blockscout verification: run `run-contract-verification-with-proxy.sh`; verify Multicall vs Oracle at 0x99b35... | [ ] | +| 12 | Bridge hardening: use only 0x971c...; CCIP + BridgeVault + AlltraAdapter full sync | [ ] | +| 13 | CI/CD: verification in pipeline; deployment automation script; .env per environment | [x] | +| 14 | Monitoring + alerting: bridge events, registry drift; R17–R18 | [ ] | +| 15 | Security: R4–R7; deprecated bridge; secrets; restrict RPC_CORE_1; S-1–S-9 | [ ] | +| 16 | Dry-run full march: `run-completable-tasks-from-anywhere.sh`; gas + nonce; R19–R20, R23 | [x] | +| 17 | Optional: Tezos/Etherlink relay + DON (after Step 16) | [ ] | +| 18 | Optional: DODO / EnhancedSwapRouter (after Step 16) | [ ] | +| 19 | Optional: same as 18 (trail) | [ ] | + +--- + +## 2. Recommendations R1–R23 + +| ID | Task | Status | +|----|------|--------| +| R1 | Verify every contract on Blockscout; use run-contract-verification-with-proxy.sh | [ ] | +| R2 | Single source of truth: CONTRACT_ADDRESSES_REFERENCE, SMART_CONTRACTS_INVENTORY_ALL_CHAINS; reconcile .env | [ ] | +| R3 | On-chain confirmation: run check-contracts-on-chain-138.sh; fix MISSING/EMPTY | [ ] | +| R4 | Deprecated bridge: use only 0x971c...; set CCIPWETH9_BRIDGE_CHAIN138 | [x] | +| R5 | Secrets: no .env/keys in repo; MASTER_SECRETS_INVENTORY; rotate exposed | [ ] | +| R6 | API keys .env.example placeholders | [x] | +| R7 | Restrict deployer key and RPC_CORE_1 access | [ ] | +| R8 | RPC deploy Chain 138: 192.168.11.211:8545 or rpc-core.d-bis.org | [ ] | +| R9 | Gas: GAS_PRICE=1000000000 for Chain 138 deploys | [x] | +| R10 | Order: 01_DeployCore then 02_DeployBridges; MerchantSettlementRegistry before WithdrawalEscrow | [ ] | +| R11 | Nonce discipline; DEPLOYMENT_STRATEGY_EVALUATION | [ ] | +| R12 | Runbooks in sync: CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_FIX_RUNBOOK, BLOCKSCOUT_FORGE_VERIFICATION_EVALUATION | [x] | +| R13 | Per-chain addresses in CONTRACT_ADDRESSES_REFERENCE / SMART_CONTRACTS_INVENTORY_ALL_CHAINS | [ ] | +| R14 | Verification in pipeline after deploy when Blockscout reachable from CI | [x] | +| R15 | Deployment automation: single script check env → deploy → verify → update config | [x] | +| R16 | Config by environment: .env.development/staging/production or JSON per chain | [ ] | +| R17 | Event monitoring: bridge/oracle events | [ ] | +| R18 | Explorer health: Blockscout VMID 5000, /api reachable | [ ] | +| R19 | Test before deploy: forge test smom-dbis-138, alltra-lifi-settlement; integration tests | [x] | +| R20 | NatSpec on public contract functions | [x] | +| R21 | Sankofa/The Order: when deployed add NPMplus proxy; RPC_ENDPOINTS_MASTER, SANKOFA_CUTOVER_PLAN TBDs | [ ] | +| R22 | Network placeholders: blocks #2–#6 in NETWORK_ARCHITECTURE when assigned | [ ] | +| R23 | Scripts: progress indicators; --dry-run where missing; extend config validation | [x] | + +--- + +## 3. Remaining Components — Tasks 1–30 + +### 3.1 Wallets (1–7) + +| # | Task | Status | +|---|------|--------| +| 1 | Ledger: await Tally form response; sign agreement; integration steps | [ ] | +| 2 | Ledger: if PR/code review requested — push from LedgerLive, share | [ ] | +| 3 | Ledger: Step 8 manual test plan once 138 in Ledger Live | [ ] | +| 4 | Trust Wallet: PR to trustwallet/wallet-core; codegen + derivation tests | [ ] | +| 5 | Trust Wallet optional: submit Chain 138 logos via assets.trustwallet.com | [ ] | +| 6 | Chain 138 Snap: full E2E (Playwright + MetaMask Flask) when needed | [ ] | +| 7 | app-ethereum README: BOLOS_SDK note for contributors | [x] | + +### 3.2 Ledger when confirmed (8–17) + +| # | Task | Status | +|---|------|--------| +| 8 | Ledger CAL tokens integration after chain added | [ ] | +| 9 | Ledger Swap (optional) if supported on 138 | [ ] | +| 10 | Ledger Staking (optional) if 138 has staking | [ ] | +| 11 | Ledger Clear Signing plugin (optional) for CCIP/bridge | [ ] | +| 12 | Ledger i18n: add Chain 138 error keys | [ ] | +| 13 | Ledger live-common: add defi_oracle_meta_mainnet | [ ] | +| 14 | Ledger wallet-api: add 138 to allowed chainIds if needed | [ ] | +| 15 | Ledger app-ethereum icon if requested | [ ] | +| 16 | Ledger E2E/integration tests in ledger-live monorepo | [ ] | +| 17 | Confirm with Ledger: config shape, extend vs new family, pubKey vs publicKey | [ ] | + +### 3.3 Contracts and operator (18–23) + +| # | Task | Status | +|---|------|--------| +| 18 | Blockscout source verification from LAN: run-contract-verification-with-proxy.sh | [ ] | +| 19 | Verify Multicall vs Oracle at 0x99b3511a2d315a497c8112c1fdd8d508d4b1e506; document result | [ ] | +| 20 | Periodic on-chain check when new contracts deployed | [ ] | +| 21 | Optional: deploy trustless bridge from script/bridge/trustless/ | [ ] | +| 22 | Optional: mainnet/multichain deploy; document addresses per chain | [ ] | +| 23 | Optional: PaymentChannelManager / GenericStateChannelManager when needed | [ ] | + +### 3.4 MetaMask / listings (24–25) + +| # | Task | Status | +|---|------|--------| +| 24 | Consensys outreach for native Swaps/Bridge for Chain 138 | [ ] | +| 25 | CoinGecko (and optionally CMC) submission for Chain 138 and tokens | [ ] | + +### 3.5 Completable now (26–30) + +| # | Task | Status | +|---|------|--------| +| 26 | Run run-completable-tasks-from-anywhere.sh | [x] | +| 27 | Config validation (validate-config-files.sh) | [x] | +| 28 | Tests: smom-dbis-138 forge test; alltra-lifi-settlement forge test + e2e | [ ] | +| 29 | Placeholders: AlltraAdapter fee, canonical env, quote FABRIC_CHAIN_ID, etc. | [ ] | +| 30 | API keys: sign up per API_KEYS_REQUIRED; add to .env | [ ] | + +--- + +## 4. DEX, Liquidity Pools, Cross-Chain, and TransactionMirror + +| Task | Status | +|------|--------| +| TransactionMirror on Mainnet: confirm Etherscan verification at 0x4CF42c4F1dBa748601b8938be3E7ABD732E87cE9 | [ ] | +| TransactionMirror on Chain 138: deploy when needed via deploy-transaction-mirror-chain138.sh or forge create | [ ] | +| Deploy DODOPMMIntegration when DODO integrated; set DODO env | [ ] | +| Implement DODOPMMProvider oracle-driven optimizePoolParameters (or document flow) | [ ] | +| When Uniswap V3/Balancer pools exist: set quoter/poolId; deploy EnhancedSwapRouter | [ ] | +| Implement alltra-lifi-settlement uniswap.service / curve.service when pools exist on 138/651940 | [ ] | +| Deploy full trustless stack: InboxETH, BondManager, ChallengeManager, LiquidityPoolETH, SwapRouter, BridgeSwapCoordinator, MULTISIG | [ ] | +| Jumper API: implement when Jumper supports 138, 651940, 42793 | [ ] | +| Quote service: set FABRIC_CHAIN_ID when Fabric live | [ ] | +| Restore/fix DODOPMMIntegration.t.sol from .bak when DODO integration active | [ ] | + +--- + +## 5. Tezos / Etherlink (TEZOS_CCIP_REMAINING_ITEMS) + +### 5.1 External verification + +| Task | Status | +|------|--------| +| Verify Etherlink in CCIP supported networks; record selector, Router, fee token | [ ] | +| Verify Jumper API support for 138, 651940, 42793, Tezos; document in TEZOS_JUMPER_SUPPORT_MATRIX | [ ] | +| Verify LiFi for Etherlink (chain 42793); set lifiSupported/ccipSupported in chains config | [ ] | + +### 5.2 Contracts and deployment + +| Task | Status | +|------|--------| +| Run InitializeRegistry for Etherlink (42793) and Tezos L1 (1) | [ ] | +| Run DeployAllAdapters: TezosAdapter, EVMAdapter(42793); register in ChainRegistry | [ ] | +| Etherlink receiver contracts (CCIP or relay-compatible) | [ ] | +| Token list governance: add Etherlink/Tezos L1 tokens | [ ] | +| Set Etherlink finality (TEZOS_CROSS_CHAIN_FINALITY confirmation blocks) | [ ] | + +### 5.3 Off-chain services + +| Task | Status | +|------|--------| +| Tezos L1 relay: real mint/transfer; set TEZOS_MINTER_ADDRESS, TEZOS_ORACLE_SECRET_KEY | [ ] | +| Etherlink custom relay if CCIP does not support Etherlink | [ ] | +| Etherlink relay-compatible receiver contract if custom relay | [ ] | + +### 5.4 Routing and DON + +| Task | Status | +|------|--------| +| Rate limits/caps per destination (Tezos, Etherlink) | [ ] | +| Jumper API integration when supported | [ ] | +| Register Etherlink in DON if CCIP | [ ] | +| RMN policy for Tezos/Etherlink | [ ] | + +### 5.5 Monitoring and production + +| Task | Status | +|------|--------| +| Implement Tezos/Etherlink metrics and dashboards | [ ] | +| Configure alerts for relay failures, backlog, LINK balance | [ ] | +| Enable TEZOS_BRIDGE_ENABLED / ETHERLINK_BRIDGE_ENABLED in production after sign-off | [ ] | + +### 5.6 Testing and security + +| Task | Status | +|------|--------| +| TezosAdapter unit tests in CI | [ ] | +| Integration tests per TEZOS_INTEGRATION_TESTING | [ ] | +| Ghostnet E2E per TEZOS_E2E_RUNBOOK | [ ] | +| Security review of Etherlink contracts and relay before mainnet | [ ] | + +--- + +## 6. NOT_CHANGED_BY_DESIGN — Actionable Steps + +| Item | Task | Status | +|------|------|--------| +| AlltraAdapter | Confirm fee; call setBridgeFee after deploy; document in PLACEHOLDERS_AND_TBD | [ ] | +| Smart accounts | Deploy EntryPoint, Factory, Paymaster; set env; .env.example + runbook done | [x] | +| EnhancedSwapRouter | Set quoter/poolId when Uniswap V3/Balancer pools exist | [ ] | +| DODOPMMProvider | Implement oracle-driven flow when DODO integrated | [ ] | +| Quote service | Set FABRIC_CHAIN_ID when Fabric live | [ ] | +| TezosRelayService | Real mint/transfer; set TEZOS_MINTER_ADDRESS; gate mock for production | [ ] | +| OMNIS backend | POST/PUT budgets, POST documents/upload, PATCH profile | [x] | +| CCIPLogger | Omit unless monitoring; TASK12 if needed | [x] | +| .bak files | BAK_FILES_DEPRECATION; listed and deprecated | [x] | +| dbis_core | Redis, PagerDuty, Prometheus when stack up; risk stub; deal-execution skipped | [x] | + +--- + +## 7. CONTRACT_NEXT_STEPS — Operator and Pending + +### Operator + +| Task | Status | +|------|--------| +| Confirm 36 contracts on-chain (check-contracts-on-chain-138.sh) | [ ] | +| Run Blockscout verification (run-contract-verification-with-proxy.sh) | [ ] | +| Reconcile .env (one entry per variable) | [ ] | +| Verify Multicall vs Oracle at 0x99b35... | [ ] | + +### Pending (when needed) + +| Task | Status | +|------|--------| +| Trustless bridge deploy (script/bridge/trustless/) | [ ] | +| Mainnet/multichain deploy; document addresses per chain | [ ] | +| Vault/Reserve/Keeper deploy | [ ] | +| Dodo/swap deploy (script/deploy/dex/, DeployEnhancedSwapRouter) | [ ] | +| eMoney/smart accounts deploy | [ ] | +| PaymentChannelManager/GenericStateChannelManager on Mainnet or 138 | [ ] | + +--- + +## 8. GAPS — Full Coverage + +### Security (GAPS §1) + +| Task | Status | +|------|--------| +| API keys placeholder in all .env.example | [x] | +| Root/OMNIS/dbis_core/the-order: your-* only; MASTER_SECRETS_INVENTORY | [ ] | + +### Config/DNS (GAPS §2) + +| Task | Status | +|------|--------| +| the-order.sankofa.nexus when portal deployed; NPMplus proxy + RPC_ENDPOINTS_MASTER | [ ] | +| Sankofa cutover: replace TBDs in SANKOFA_CUTOVER_PLAN | [ ] | +| NPMplus proxy: sankofa → 7801/.51:3000, phoenix → 7800/.50:4000; only explorer → .140 | [ ] | +| Blocks #2–#6 in NETWORK_ARCHITECTURE when assigned | [ ] | + +### smom-dbis-138 (GAPS §3) + +| Task | Status | +|------|--------| +| AlltraAdapter fee set and documented | [ ] | +| Smart accounts deploy + env | [ ] | +| EnhancedSwapRouter/DODOPMMProvider/Quote when pools/Fabric exist | [ ] | +| TezosRelayService real mint | [ ] | +| Canonical env documented (README + .env.example) | [x] | +| WETH bridges MAINNET_WETH9/10 when configuring cross-chain | [ ] | + +### OMNIS (GAPS §5) + +| Task | Status | +|------|--------| +| Sankofa Phoenix SDK integration or document timeline | [ ] | +| authController token blacklisting (implement or document) | [ ] | +| CI/CD and deploy: real deployment, health, migration | [ ] | + +### the-order (GAPS §6) + +| Task | Status | +|------|--------| +| court-efiling integration or document vendor | [ ] | +| e-signature integration or document provider | [ ] | +| document-security (watermark/redactions) implement or document | [ ] | + +### Token aggregation (GAPS §8) + +| Task | Status | +|------|--------| +| CoinGecko/CMC: submit 138/651940 or document | [ ] | + +### Operational (GAPS §10) + +| Task | Status | +|------|--------| +| NPMplus HA Keepalived/HAProxy (optional) | [ ] | +| UDM Pro VLAN (optional) | [ ] | +| Automated backups verified and scheduled | [ ] | + +--- + +## 9. ALL_REQUIREMENTS — Security and Deployment + +### Security (S-1–S-9) + +| ID | Task | Status | +|----|------|--------| +| S-1 | .env chmod 600 | [x] | +| S-2 | Validator key chmod 600, secure-validator-keys.sh | [ ] | +| S-3 | SSH key-based auth; disable password | [ ] | +| S-4 | Firewall: restrict Proxmox 8006 to admin CIDR | [ ] | +| S-5 | No real API keys in .env.example | [x] | +| S-6 | Rotate exposed keys; no private keys in docs | [ ] | +| S-7 | smom: Security audits VLT-024, ISO-024 | [ ] | +| S-8 | smom: Bridge integrations BRG-VLT, BRG-ISO | [ ] | +| S-9 | Network segmentation/VLANs (optional) | [ ] | + +### Deployment (D-1–D-19+) + +| ID | Task | Status | +|----|------|--------| +| D-1–D-3 | Missing containers 2506–2508 (or document destroyed) | [ ] | +| D-4–D-6 | VLAN (optional) | [ ] | +| D-7–D-10 | Observability: Prometheus, Grafana, Loki, Alertmanager | [ ] | +| D-11–D-17 | CCIP fleet per CCIP_DEPLOYMENT_SPEC | [ ] | +| D-18–D-19 | Sovereign tenants VLANs 200–203 | [ ] | + +--- + +## 10. Supreme Command (Luftwaffe) — Operational + +| Task | Status | +|------|--------| +| Update deployment matrix (chain table 138, 651940, 1, 137, 56, 10) for canonical, list, contracts, bridge, monitoring | [ ] | +| Risk scoreboard: no step risk ≥4 without mitigation | [ ] | +| RAG dashboard: Green/Amber/Red from hash diff, heartbeat, bytecode, API | [ ] | +| Reconciliation: token metadata, liquidity/routing, consumer; pre/post + 24h sweep | [ ] | +| Prod vs testnet: environment gating; no testnet address in prod list | [ ] | +| War-room: pre-march checklist, live controls, post-march verification, RED escalation protocol | [ ] | + +--- + +## 11. Absolute Air Superiority — Resilience + +| Task | Status | +|------|--------| +| Sentinel layer: Observe/Guard/Sovereign; auto-pause on drift | [ ] | +| Canonical anchoring: SHA-256 on-chain (138); no list emission without anchor | [ ] | +| Circuit breaker: liquidity >5%, heartbeat >2 blocks, mint/burn → freeze, log, Sentinel | [ ] | +| Liquidity stress test: 2x volume, 30% withdrawal, one-chain down; pass before prod | [ ] | +| Time-to-containment: drift <30s, bridge isolation <2min, canonical freeze <1min, sweep <15min | [ ] | +| Formal verification roadmap: BridgeVault, AlltraAdapter, GRU M1, canonical registry | [ ] | +| Sovereign continuity: multi-region failover, cold-storage snapshot, read-only emergency endpoint, recovery playbook | [ ] | + +--- + +## 12. Documentation and Maintenance + +| Task | Status | +|------|--------| +| When new token/bridge: update BLITZKRIEG §2 three-column table and §3 numbered trail | [ ] | +| When completing any item: update source doc per BLITZKRIEG_SOURCE_DOCUMENT_INDEX | [ ] | +| MASTER_INDEX and MASTER_PLAN link to BLITZKRIEG (verified) | [x] | +| register-all-mainnet: verify avgBlockTime and set in script | [ ] | +| TEZOS_USDTZ route planner: replace TBD bridge provider | [ ] | + +--- + +## 13. Proxmox / LAN / Operator (when you have secrets) + +| Task | Status | +|------|--------| +| Run run-all-operator-tasks-from-lan.sh (validation, backup, optional --deploy, --create-vms) | [ ] | +| Deploy TransactionMirror Chain 138 if mirror feature needed | [ ] | +| Deploy phased core (01_DeployCore, 02_DeployBridges) if redeploying | [ ] | +| VM creation per PROXMOX_VM_CREATION_RUNBOOK when needed | [ ] | +| NPMplus backup: schedule and verify | [ ] | + +--- + +## 14. Optional / Enhancements + +| Task | Status | +|------|--------| +| Paymaster deploy (DeployPaymaster.s.sol) when smart accounts needed | [ ] | +| dbis_core: resolve ~1186 TS errors (deferred) | [ ] | +| Resource/network/database optimization | [ ] | +| CCIPLogger deploy via Hardhat (TASK12) if monitoring required | [ ] | +| NPMplus HA: Keepalived or HAProxy; document failover | [ ] | +| UDM Pro VLAN migration; document in NETWORK_ARCHITECTURE | [ ] | + +--- + +## 15. ALL_IMPROVEMENTS_AND_GAPS_INDEX (1–139) + +- [ ] Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) (ranges 1–139; parallel by cohort where no deps). See [TODO_TASK_LIST_MASTER](TODO_TASK_LIST_MASTER.md) §4. + +--- + +## Validation and quick commands + +| Check | Command | +|-------|--------| +| Completable from anywhere | `./scripts/run-completable-tasks-from-anywhere.sh` [--dry-run] | +| Config validation | `./scripts/validation/validate-config-files.sh` | +| On-chain check (36 addresses) | `./scripts/verify/check-contracts-on-chain-138.sh [RPC]` | +| Blockscout verification | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | +| All validation | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` | +| Full verification | `bash scripts/verify/run-full-verification.sh` | +| Token list schema + hash (Blitzkrieg 2–3) | `node token-lists/scripts/validate-and-hash.js` | +| Deploy + verify Chain 138 (R15) | `bash scripts/deployment/deploy-verify-chain138.sh [--dry-run] [--deploy] [--verify-only]` | + +--- + +**Related:** [TODO_TASK_LIST_MASTER](TODO_TASK_LIST_MASTER.md) | [BLITZKRIEG_SOURCE_DOCUMENT_INDEX](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md) | [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) | [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) diff --git a/docs/00-meta/NETWORK_PLACEHOLDERS_DECISION.md b/docs/00-meta/NETWORK_PLACEHOLDERS_DECISION.md new file mode 100644 index 0000000..492791a --- /dev/null +++ b/docs/00-meta/NETWORK_PLACEHOLDERS_DECISION.md @@ -0,0 +1,16 @@ +# Network placeholders (blocks #2–#6) — decision and doc update + +**Purpose:** Decide whether blocks #2–#6 in NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER are "Reserved for future use" or assigned; document and point "where to update when done." +**See also:** [NOT_IMPLEMENTED_FULL_SCOPE](NOT_IMPLEMENTED_FULL_SCOPE.md) §5, [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md). + +--- + +## Decision + +- **Option A:** Reserve blocks #2–#6 — replace "Placeholders - To Be Configured" with **"Reserved for future use"** in [NETWORK_ARCHITECTURE](../02-architecture/NETWORK_ARCHITECTURE.md) and [NETWORK_CONFIGURATION_MASTER](../11-references/NETWORK_CONFIGURATION_MASTER.md). +- **Option B:** Assign blocks when decided — document concrete block assignments and update the same docs. + +## Where to update when done + +- In [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md), close or update the task that references network placeholders. +- In [NETWORK_ARCHITECTURE](../02-architecture/NETWORK_ARCHITECTURE.md) and [NETWORK_CONFIGURATION_MASTER](../11-references/NETWORK_CONFIGURATION_MASTER.md), replace placeholder text with either "Reserved" or the final block assignments. diff --git a/docs/00-meta/NEXT_STEPS_ALL.md b/docs/00-meta/NEXT_STEPS_ALL.md index 38602e9..efeb4ad 100644 --- a/docs/00-meta/NEXT_STEPS_ALL.md +++ b/docs/00-meta/NEXT_STEPS_ALL.md @@ -2,7 +2,7 @@ **Last Updated:** 2026-02-08 **Purpose:** Single ordered list of everything left to do (Dev/Codespaces + general operator). -**Run-order checklist:** [CONTINUE_AND_COMPLETE.md](CONTINUE_AND_COMPLETE.md) — commands in order when ready. +**Run-order checklist:** [CONTINUE_AND_COMPLETE.md](../archive/00-meta-pruned/CONTINUE_AND_COMPLETE.md) (archived) — commands in order when ready. **References:** [DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md) | [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md) **Completion evidence:** [DEV_CODESPACES_COMPLETION_20260207.md](../04-configuration/verification-evidence/DEV_CODESPACES_COMPLETION_20260207.md) **Secrets & remaining actions:** [REMAINING_ITEMS_DOTENV_AND_ACTIONS.md](../04-configuration/REMAINING_ITEMS_DOTENV_AND_ACTIONS.md) @@ -21,8 +21,8 @@ ## Already done (no action) - Fourth NPMplus LXC 10236 at 192.168.11.170; NPMplus + cloudflared installed; tunnel connector running (systemd). -- Dev VM 5700 at 192.168.11.60; users dev1–dev4, Gitea; tunnel + DNS configured. -- UDM Pro port forward 76.53.10.40 → 192.168.11.170 (80/81/443) and → 192.168.11.60 (22, 3000). +- Dev VM 5700 at 192.168.11.59; users dev1–dev4, Gitea; tunnel + DNS configured. +- UDM Pro port forward 76.53.10.40 → 192.168.11.170 (80/81/443) and → 192.168.11.59 (22, 3000). --- @@ -34,7 +34,7 @@ All six proxy hosts added (script + same credentials). Let's Encrypt (Certbot) r ## 2. Dev/Codespaces — SSH keys for dev1–dev4 — **DONE (2026-02-08)** -Keys added via `add-dev-user-ssh-keys.sh` from repo root. Test: `ssh dev1@192.168.11.60`. +Keys added via `add-dev-user-ssh-keys.sh` from repo root. Test: `ssh dev1@192.168.11.59`. --- @@ -61,7 +61,7 @@ Org **d-bis** and 18 repos created. **Pushed** to Gitea: proxmox (master), dbis_ ## 6. Dev/Codespaces — Verification — **DONE (2026-02-08)** - **HTTPS:** dev.d-bis.org, gitea.d-bis.org, codespaces.d-bis.org → 200. pve.* and 76.53.10.40 verify from LAN if needed. -- **SSH:** `ssh dev1@192.168.11.60` confirmed; projects visible under `/srv/projects/`. Cursor Remote-SSH → `/srv/projects/proxmox`. +- **SSH:** `ssh dev1@192.168.11.59` confirmed; projects visible under `/srv/projects/`. Cursor Remote-SSH → `/srv/projects/proxmox`. - **Proxmox:** Confirm noVNC/console for pve.ml110, pve.r630-01, pve.r630-02 from browser when on LAN. --- diff --git a/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md b/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md new file mode 100644 index 0000000..7692ef3 --- /dev/null +++ b/docs/00-meta/NEXT_STEPS_AND_REMAINING_TODOS.md @@ -0,0 +1,147 @@ +# Next Steps and Remaining TODOs — Consolidated List + +**Last Updated:** 2026-02-20 +**Purpose:** Single checklist of all next steps and remaining tasks. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). Items marked **Operator/LAN** require Proxmox access, deploy keys, or external parties; others can be done in-repo (code, config, docs). + +**👉 Single list (runbooks not yet run + remaining deployments + recommendations):** [TASKS_RUNBOOKS_REMAINING_AND_RECOMMENDATIONS.md](TASKS_RUNBOOKS_REMAINING_AND_RECOMMENDATIONS.md). + +**See also:** [RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md) (CCIP/mapper), [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md), [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md), [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md). + +**Single ordered list (runnable):** [OPTIONAL_DEPLOYMENTS_START_HERE §5](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md#5-next-steps--complete-in-order) — from-anywhere commands (1–4) then operator/LAN (5–10). **Operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md). + +--- + +## Completed in this pass (2026-02-20) + +| # | Item | +|---|------| +| — | **run-completable-tasks-from-anywhere.sh** run successfully (config validation, on-chain check 45/45, run-all-validation --skip-genesis, reconcile-env). TODOS_CONSOLIDATED.md added as single-file task list. | +| — | **OPERATOR_READY_CHECKLIST.md** added — one page with copy-paste commands for Gnosis/Celo/Wemix CCIP, LINK relay, Blockscout verify, E2E 502 fix, operator script, DODO PMM 138, Mainnet trustless, Wemix verify. All pending todos have runbooks + operator checklist; execution is operator-only when LAN/creds available. | +| — | **Doc consolidation and root cleanup:** NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; 00-meta Batch 4+5 → archive/00-meta-pruned; ALL_TASKS_COMPLETE → root-status-reports; 40+ root files → archive/root-cleanup-20260220; fix-wsl-ip.sh → scripts/. ARCHIVE_CANDIDATES "Last reviewed" set. REMAINING_WORK_DETAILED_STEPS, NEXT_STEPS_FOR_YOU, NEXT_STEPS_OPERATOR, TODOS_CONSOLIDATED updated with 2026-02-20 completion. | + +## Completed in this pass (2026-02-16) + +| # | Item | +|---|------| +| — | **run-completable-tasks-from-anywhere.sh** run successfully (config validation, on-chain check 46/49, run-all-validation --skip-genesis, reconcile-env). | +| — | **Bridge UIs / Snap → token-mapping:** Token-aggregation `GET /api/v1/bridge/routes` now returns `tokenMappingApi` (basePath, pairs, resolve); REST_API_REFERENCE documents token-mapping for bridge UIs; Snap has `get_token_mapping` RPC (fromChain, toChain, address for resolve). Bridge UIs can use same host + `/api/v1/token-mapping` for cross-chain address resolution. | +| — | Doc hygiene (MAPPER_GAPS, MAPPER_COVERAGE, Wemix → scan.wemix.com, addresses set) and consolidated TODOs doc created/linked. | +| — | **AddressMapper on Cronos:** Deployed at `0x6F521cd9FCF7884cD4E9486c7790e818638e09Dd`; `config/smart-contracts-master.json` chains["25"] updated. | +| — | **Optional deployments code:** Phase 4/7 skip when env missing (ORACLE_PRICE_FEED or RESERVE_KEEPER; DODO_VENDING_MACHINE_ADDRESS); default gas 2 gwei; DeployKeeper.s.sol and DeployDODOPMMIntegration.s.sol no-op with message when required env unset; .env.example and doc updated. | +| — | **Next steps (complete in order):** Run `./scripts/run-completable-tasks-from-anywhere.sh` and `run-all-validation.sh --skip-genesis` (included in completable); §5 "Next steps — complete in order" added to [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) (from-anywhere + operator commands). | +| — | **Next steps run:** Completable tasks ✅; dry-run ✅; check-contracts-on-chain-138 ✅ (46/49). Execute phases 6,8: Phase 6 failed (Replacement transaction underpriced). Wemix: scan.wemix.com/tokens fetched; WWEMIX at 0x7d72...; WEMIX_TOKEN_VERIFICATION.md updated with scan check. | +| — | **Stuck tx:** `cancel-pending-transactions.sh --force` added (sends one replacement at current nonce; `GAS_PRICE_138` for gas, default 500 gwei). Tried 100/200/500 gwei — still "Replacement transaction underpriced". OPTIONAL_DEPLOYMENTS_START_HERE updated: step 3 = flush from RPC host then deploy from LAN, or use fresh wallet. Phases 6 and 8 remain blocked until RPC pool cleared from RPC host or new deployer. | + +--- + +## High priority + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 1 | **Wemix (1111) token addresses:** Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); confirm WETH, USDT, USDC; re-verify with Tether/Circle/Wemix; if different official addresses, update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md). Run `bash scripts/validation/validate-config-files.sh`; remove "re-verify before production" when satisfied. | Operator | RECOMMENDED_COMPLETION_CHECKLIST §1 | +| 2 | **Gnosis, Celo, Wemix CCIP bridges:** Confirm CCIP supports 100, 42220, 1111. Per chain: set RPC, CCIP Router, LINK, WETH9/WETH10; run DeployWETHBridges; on 138 add destinations; on each new chain add 138; fund LINK; update env/docs. | **Operator/LAN** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) | + +--- + +## Medium priority + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 3 | **Bridge UIs / Snap use token-mapping** | ✅ Done | Token-aggregation returns `tokenMappingApi`; Snap has `get_token_mapping`; see REST_API_REFERENCE. | +| 4 | **LINK support on Mainnet relay:** Choose Option A (extend CCIPRelayBridge) or B (separate LINK receiver); implement, deploy, fund LINK; set `relaySupported: true` for LINK in token-mapping.json; update docs. | **Operator/LAN** | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) | +| 5 | **Run "from anywhere" checks:** Run `./scripts/run-completable-tasks-from-anywhere.sh` periodically (config, on-chain, validation, reconcile-env). | Anyone | NEXT_STEPS_FOR_YOU §2 | +| 6 | **Placeholders (code):** Canonical addresses in token-aggregation (env); AlltraAdapter fee (set via setBridgeFee); smart accounts kit; quote service Fabric chainId; .bak (see BAK_FILES_DEPRECATION). | Dev | REQUIRED_FIXES_UPDATES_GAPS | +| 7 | **API keys:** Sign up per [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md); add to `.env`. | Anyone | NEXT_STEPS_FOR_YOU §2 | + +--- + +## When you have LAN / Proxmox + secrets + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 8 | **Blockscout verification:** `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | **Operator/LAN** | CONTRACT_DEPLOYMENT_RUNBOOK | +| 9 | **Fix E2E 502s (if needed):** `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` | **Operator/LAN** | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES | +| 10 | **Operator tasks script:** `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` (backup, verify, deploy, create VMs) | **Operator/LAN** | STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS | + +--- + +## Low priority (planned deployments) + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 11 | **AddressMapper on other chains:** Cronos ✅ (deployed, config updated). For others: deploy via [DeployAddressMapperOtherChain.s.sol](../../smom-dbis-138/script/DeployAddressMapperOtherChain.s.sol); set `mapper` in smart-contracts-master.json. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §A | +| 12 | **DODO PMM on 138:** Deploy DODOPMMIntegration; set env; create cUSDT/cUSDC pools; document in LIQUIDITY_POOLS_MASTER_MAP. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §B; RECOMMENDED_COMPLETION_CHECKLIST §6 | +| 13 | **Mainnet trustless stack:** Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet) per runbook. | Planned | [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §C; RECOMMENDED_COMPLETION_CHECKLIST §7 | + +--- + +## External / third-party + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 14 | **Ledger:** Await response to Tally form; sign agreement and follow integration steps. | You | ADD_CHAIN138_TO_LEDGER_LIVE | +| 15 | **Trust Wallet:** Open PR to trustwallet/wallet-core with Chain 138 registry entry. | You | ADD_CHAIN138_TO_TRUST_WALLET | +| 16 | **Consensys:** Outreach for native Swaps/Bridge for Chain 138. | You | CONSENSYS_OUTREACH_PACKAGE | +| 17 | **CoinGecko/CMC:** Submit Chain 138 and tokens for MetaMask USD. | You | COINGECKO_SUBMISSION_GUIDE | + +--- + +## Tezos / Etherlink (when scoped) + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 18 | Verify Etherlink (42793) on CCIP supported networks; record selector/Router/fee or document "custom relay only." | Ops/Eng | TEZOS_CCIP_REMAINING_ITEMS | +| 19 | Verify Jumper and LiFi for 138, 651940, 42793, Tezos; update TEZOS_JUMPER_SUPPORT_MATRIX and alltra-lifi-settlement config. | Eng | TEZOS_CCIP_REMAINING_ITEMS | +| 20 | Run InitializeRegistry and DeployAllAdapters for Tezos/Etherlink; deploy Etherlink receiver; implement Tezos L1 and Etherlink relay services. | **Operator/LAN** | TEZOS_CCIP_REMAINING_ITEMS | + +--- + +## Doc hygiene (in-repo — completed where done) + +| # | Task | Status | +|---|------|--------| +| 21 | Add 42220, 1111 to MAPPER_COVERAGE token-mapping-multichain bullet | ✅ Done (already present in MAPPER_COVERAGE) | +| 22 | Wemix: use scan.wemix.com in MAPPER_GAPS; note addresses set, re-verify only | ✅ Done (updated in MAPPER_GAPS) | +| 23 | Token-aggregation README: document token-mapping API | ✅ Done (already in README § Token mapping) | + +--- + +## Master TODO (1–139) and security + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 24 | Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) as needed; run `bash scripts/verify/run-all-validation.sh [--skip-genesis]`. | Dev/Ops | TODO_TASK_LIST_MASTER | +| 25 | **Security:** smom audits VLT-024, ISO-024; bridge integrations BRG-VLT, BRG-ISO. | Security | TODO_TASK_LIST_MASTER §5 | +| 26 | **Paymaster (optional):** Deploy per SMART_ACCOUNTS_DEPLOYMENT_NOTE when sources ready. | Optional | TODO_TASK_LIST_MASTER §2 | +| 27 | **dbis_core:** ~1186 TS errors (deferred). | Dev | TODO_TASK_LIST_MASTER §8 | + +--- + +## Operator handoff (ready to run) + +Runbooks and scripts are in place. From a host with LAN and secrets: + +| Action | Command / doc | +|--------|----------------| +| **Wemix token verify** | Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); update JSON if needed; run `bash scripts/validation/validate-config-files.sh`. | +| **Gnosis/Celo/Wemix CCIP** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) — deploy bridges, add destinations, fund LINK. | +| **LINK relay** | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md). | +| **Blockscout verify** | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | +| **E2E 502 fix** | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` | +| **All operator tasks** | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` — see [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md). | + +--- + +## Summary + +- **Completed this pass:** run-completable-tasks; bridge UIs/Snap → token-mapping API; doc hygiene. +- **High:** 2 (Wemix verify — Operator; Gnosis/Celo/Wemix CCIP — Operator/LAN). +- **Medium:** LINK relay (Operator/LAN); run from-anywhere periodically; placeholders; API keys. +- **LAN/Operator:** 3 (Blockscout verify; E2E 502 fix; run-all-operator-tasks). +- **Low (planned):** 3 (AddressMapper others; DODO PMM 138; Mainnet trustless). +- **External (blocked on third party):** 4 (Ledger, Trust, Consensys, CoinGecko). +- **Tezos/Etherlink:** 3 (when scoped). +- **Doc hygiene:** 3 (all done in-repo). +- **Master/Security:** 4. + +**Single checklist (CCIP/mapper):** [docs/07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md). diff --git a/docs/00-meta/NEXT_STEPS_FOR_YOU.md b/docs/00-meta/NEXT_STEPS_FOR_YOU.md index 5b96cab..6a47c58 100644 --- a/docs/00-meta/NEXT_STEPS_FOR_YOU.md +++ b/docs/00-meta/NEXT_STEPS_FOR_YOU.md @@ -1,8 +1,16 @@ # Your next steps — one place -**Last Updated:** 2026-02-13 +**Last Updated:** 2026-02-20 **Purpose:** Single list of what **you** need to do next (no infra/automation). Everything else the repo can do has been completed or documented. +**Completed 2026-02-20:** Documentation consolidation and root cleanup (NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; 00-meta Batch 4+5 archived; root status/temp files → docs/archive/root-cleanup-20260220; fix-wsl-ip.sh → scripts/). `run-completable-tasks-from-anywhere.sh` run: config validation OK, on-chain 45/45, run-all-validation --skip-genesis OK, reconcile-env --print. + +**Completed 2026-02-12:** `run-completable-tasks-from-anywhere.sh` run successfully (config validation, on-chain check 36/36, validation, reconcile-env). app-ethereum README updated with BOLOS_SDK note. See [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) § Completed in this pass. + +**Completed 2026-02-13:** Token mapping (138↔Mainnet): `config/token-mapping.json`, relay config, [TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md), runbook for LINK support, CI validation. When adding tokens, update token-mapping.json and optionally [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md). + +**Completed 2026-02-16:** run-completable-tasks passed; config validation OK; on-chain check 46/49; forge test (smom-dbis-138) passed; token lists updated (cronos, avalanche, arbitrum, canonical-tokens); [COMPLETION_RUN_20260216.md](../04-configuration/verification-evidence/COMPLETION_RUN_20260216.md). + --- ## 1. Submit Ledger Live request — ✅ Done @@ -21,7 +29,7 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led |------|------------------| | **Run all “from anywhere” checks** | `./scripts/run-completable-tasks-from-anywhere.sh` — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, reconcile-env --print | | **On-chain address list (no RPC)** | `./scripts/verify/check-contracts-on-chain-138.sh --dry-run` — lists 36 addresses only | -| **Config validation** | `./scripts/validation/validate-config-files.sh` | +| **Config validation** | `./scripts/validation/validate-config-files.sh` or `... --dry-run` (print only) | | **Bridge deploy dry-run** | `./scripts/deploy-and-configure-weth9-bridge-chain138.sh --dry-run` (no keys/network) | | **Shellcheck (optional)** | `bash scripts/verify/run-shellcheck.sh --optional` — lint scripts; use without `--optional` to fix issues if shellcheck installed | | **CCIP checklist (dry)** | `bash scripts/ccip/ccip-deploy-checklist.sh` — validates env and prints deploy order (no deploy) | @@ -34,7 +42,27 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led --- -## 3. When you have LAN/VPN access (optional) +## 3. When you have LAN/VPN and secrets (SSH to Proxmox + .env) + +**Full list:** [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) — contract deploy, Blockscout verify, backup, VM/container creation, bridge ops, security, tests. + +**Fix E2E 502s (from LAN):** If public domains (dbis-admin, secure, dbis-api, RPC endpoints) return 502, run from a host on the same LAN as NPMplus and Proxmox: +- **Recommended (all-in-one):** `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` — makes RPC CTs writable, fixes 2101 JNA, installs Besu on 2500–2505, runs address-all-502s, then E2E. Use `--verbose` to see output; see [MAINTENANCE_SCRIPTS_REVIEW.md](MAINTENANCE_SCRIPTS_REVIEW.md). +- **Lighter option:** `./scripts/maintenance/address-all-remaining-502s.sh` — backends + NPMplus proxy (if `NPM_PASSWORD` in .env) + RPC diagnostics; add `--run-besu-fix --e2e` to fix Besu config and re-run E2E. +- Full runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md). + +**Single script (from repo root on LAN with smom-dbis-138/.env):** +- `./scripts/run-all-operator-tasks-from-lan.sh --dry-run` — print steps +- `./scripts/run-all-operator-tasks-from-lan.sh` — backup + Blockscout verify +- `./scripts/run-all-operator-tasks-from-lan.sh --deploy` — + deploy contracts (phased + TransactionMirror if needed) +- `./scripts/run-all-operator-tasks-from-lan.sh --create-vms` — + create DBIS Core 6 containers on Proxmox +- `./scripts/run-all-operator-tasks-from-lan.sh --deploy --create-vms` — all of the above + +**VM creation (capacity/HA):** [PROXMOX_VM_CREATION_RUNBOOK.md](../03-deployment/PROXMOX_VM_CREATION_RUNBOOK.md). + +--- + +## 4. When you have LAN only (optional, no deploy) - **Blockscout verification:** From a host that can reach Blockscout (e.g. LAN), run: ```bash @@ -44,19 +72,22 @@ These can be run from your current machine (dev, WSL, CI) without Proxmox or Led - **On-chain contract check:** Re-run when you add new contracts (or to confirm from LAN): ```bash - ./scripts/verify/check-contracts-on-chain-138.sh http://192.168.11.211:8545 + ./scripts/verify/check-contracts-on-chain-138.sh # uses RPC_URL_138 ``` Use `--dry-run` to list addresses only (no RPC): `./scripts/verify/check-contracts-on-chain-138.sh --dry-run` --- -## 4. Everything else +## 5. Everything else +- **Full list — remaining components, tasks, and all recommendations:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) — wallets, Ledger gaps, contracts/operator, MetaMask/CoinGecko, code placeholders, and recommendations to implement. +- **Recommendations operator checklist (R1–R24):** [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md) — verification, security, deployment, runbooks, testing, config; use when deploying or operating. +- **Breakdown with answers:** [REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md](REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md) — for each remaining item: what it is, prerequisites, who does it, exact steps to complete, and where to update when done. - **Contract / deployment next steps:** [CONTRACT_NEXT_STEPS_LIST](../11-references/CONTRACT_NEXT_STEPS_LIST.md) — operator items and optional tasks. - **Master next steps (phases, waves, TODOs):** [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md). - **Ledger issues and workarounds:** [LEDGER_CHAIN138_ISSUES_AND_WORKAROUNDS.md](../04-configuration/LEDGER_CHAIN138_ISSUES_AND_WORKAROUNDS.md). --- -**Summary:** Ledger form submitted ✅. **§2** lists steps you can complete now (no LAN). §3–4 are optional or when you have LAN/VPN or new contracts. +**Summary:** Ledger form submitted ✅. **§2** lists steps you can complete now (no LAN). **§3** is the full set when you have SSH to Proxmox and .env (deploy, verify, backup, create VMs). §4–5 are optional or when you have LAN only / everything else. diff --git a/docs/00-meta/NEXT_STEPS_INDEX.md b/docs/00-meta/NEXT_STEPS_INDEX.md new file mode 100644 index 0000000..f1e8bb9 --- /dev/null +++ b/docs/00-meta/NEXT_STEPS_INDEX.md @@ -0,0 +1,45 @@ +# Next Steps — Index + +**Last Updated:** 2026-02-20 (completable run + doc updates completed) +**Purpose:** Single entry point for "what to do next." Pick by audience and granularity. + +--- + +## By audience + +| Document | Audience | Description | +|----------|----------|-------------| +| **[NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md)** | You (individual) | Your personal checklist: Ledger form, run-from-anywhere commands, no LAN needed. | +| **[NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md)** | Operator (LAN/creds) | Copy-paste operator runbook: Proxmox/LAN, credentials, NPMplus, Blockscout, 502 fixes. | +| **[NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md)** | All | Master list of next steps (high-level). | +| **[NEXT_STEPS_ALL.md](NEXT_STEPS_ALL.md)** | All | Consolidated all-audience next steps. | + +--- + +## By granularity + +| Document | Granularity | Description | +|----------|-------------|-------------| +| **[REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md)** | Step-by-step | Instructions for each remaining task (Wave 0–3, cron, API keys). "Can be accomplished now." | +| **[NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md)** | Full checklist | Full consolidated checklist: Operator/LAN vs in-repo; completed items and runbook refs. | +| **[TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md)** | Task list | Single-file task list (high/medium/LAN/low/external/phases). Quick run: `run-completable-tasks-from-anywhere.sh`. | +| **[TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md)** | Master task list | Master task list. | +| **[REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md)** | Tasks + API | Remaining tasks plus Phoenix/OMNL/Explorer API inventory. | +| **[WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md)** | Wave 2/3 | Operator checklist for Wave 0, Wave 2, Wave 3, ongoing. | + +--- + +## Operational runbooks (single source) + +| Document | Description | +|----------|-------------| +| **[../03-deployment/OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md)** | All operational procedures (Besu, CCIP, Blockscout, maintenance, liquidity). | +| **[../RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md)** | Index of all runbooks across the repo. | + +--- + +## Related + +- **Dev/Codespaces (76.53.10.40):** [../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md) +- **Deployment status:** [../03-deployment/DEPLOYMENT_STATUS_CONSOLIDATED.md](../03-deployment/DEPLOYMENT_STATUS_CONSOLIDATED.md) | [../03-deployment/DEPLOYMENT_STATUS_MASTER.md](../03-deployment/DEPLOYMENT_STATUS_MASTER.md) +- **Blitzkrieg / execution spine:** [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) | [BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md) diff --git a/docs/00-meta/NEXT_STEPS_MASTER.md b/docs/00-meta/NEXT_STEPS_MASTER.md index 5ac08c0..e0efa03 100644 --- a/docs/00-meta/NEXT_STEPS_MASTER.md +++ b/docs/00-meta/NEXT_STEPS_MASTER.md @@ -1,7 +1,7 @@ # Next Steps — Master List -**Last Updated:** 2026-02-12 -**Document Version:** 1.2 +**Last Updated:** 2026-02-16 +**Document Version:** 1.3 **Status:** Active Documentation **Source:** Consolidated from REMAINING_TASKS.md, PHASES_AND_TASKS_MASTER.md, IMPLEMENTATION_CHECKLIST.md, REQUIRED_FIXES_UPDATES_GAPS.md @@ -11,7 +11,10 @@ This document is the **single source of truth** for all next steps and remaining tasks across the project. Use it for prioritization, sprint planning, and status reporting. +**Consolidated checklist (all next steps + remaining TODOs):** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — single list with Operator/LAN vs in-repo marked. **Single-file task list:** [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md). + **Your next actions:** [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md) — Ledger form ✅ submitted (2026-02-13); all remaining steps optional (Blockscout, on-chain check, etc.). +**Remaining components, tasks, and all recommendations:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) — single list of what’s left and what to implement. **Consolidated review:** [REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md](REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md). **Step-by-step for each task:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) — Wave 0–3, cron, API keys; "Can be accomplished now" and completion note (2026-02-05). **Single reference (all tasks + detailed steps):** [ALL_TASKS_DETAILED_STEPS.md](ALL_TASKS_DETAILED_STEPS.md) — index, blockers, and exact steps per task (2026-02-12). @@ -37,14 +40,14 @@ This document is the **single source of truth** for all next steps and remaining |-----------|-------| | **Host** | r630-01 (192.168.11.11) | | **Path** | `/opt/smom-dbis-138/services/relay` | -| **Chain 138 RPC** | VMID 2201 (192.168.11.221:8545) | +| **Chain 138 Public RPC** | `RPC_URL_138_PUBLIC` — VMID 2201 (192.168.11.221:8545) | | **Purpose** | Monitors MessageSent events, relays to Ethereum Mainnet | **References:** [07-ccip/CCIP_RELAY_DEPLOYMENT.md](../07-ccip/CCIP_RELAY_DEPLOYMENT.md), [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md#ccip-operations). ### 3. Chain 138 optional contracts (mirror) — ✅ Partial (2026-02-12) -AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed; if script fails with constructor-args decode, use `forge create` with `--with-gas-price 1000000000`. All Chain 138 Forge deploys require that gas price. On-chain check: 36 addresses — [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md). +AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed; if script fails with constructor-args decode, use `forge create` with `--with-gas-price 1000000000`. All Chain 138 Forge deploys require that gas price. On-chain check: run `./scripts/verify/check-contracts-on-chain-138.sh` (address list from config/smart-contracts-master.json when available). [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md). --- @@ -163,6 +166,7 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed; | Check config API uptime | Weekly | | Review explorer logs | Weekly | | Update token list as needed | As needed | +| **Fix E2E 502s (when domains 502)** | As needed — from LAN: `./scripts/maintenance/address-all-remaining-502s.sh`; runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md) | --- @@ -170,6 +174,8 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed; | Check | Command | Requires | |-------|---------|----------| +| **E2E routing (all domains)** | `./scripts/verify/verify-end-to-end-routing.sh` | Public DNS/HTTPS; use `E2E_ACCEPT_502_INTERNAL=1` to allow exit 0 when only 502s remain | +| **Address all 502s (LAN)** | `./scripts/maintenance/address-all-remaining-502s.sh` [--run-besu-fix] [--e2e] | LAN + SSH to Proxmox + NPM_PASSWORD for NPMplus update | | Prerequisites (smom-dbis-138) | `./scripts/validation/check-prerequisites.sh` (from smom-dbis-138-proxmox or repo root) | Local + config dirs | | Prerequisites (root) | `./scripts/check-prerequisites.sh` (if present) | Local tools | | Deployment validation | `./scripts/validate-ml110-deployment.sh` | Proxmox API | @@ -179,7 +185,17 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed; | Workspace tests | `pnpm test` | Node/pnpm | | WETH9 bridge deploy (dry-run) | `./scripts/deploy-and-configure-weth9-bridge-chain138.sh --dry-run` | None | -**Latest test run (2026-01-31):** pnpm test passed; pnpm test:basic 7/7; scripts/validation/check-prerequisites.sh 0 errors; deploy --dry-run passed. +**Latest test run (2026-02-16):** run-completable-tasks-from-anywhere.sh passed; config validation OK; on-chain check 46/49 OK (3 expected MISS); run-all-validation --skip-genesis passed; forge test (smom-dbis-138) passed. + +--- + +## Completions (2026-02-16) + +| Item | Status | Notes | +|------|--------|-------| +| Run completable tasks | ✅ Done | Config validation, on-chain check, run-all-validation, reconcile-env — all passed | +| forge test (smom-dbis-138) | ✅ Passed | All 24 test contracts passed | +| Token lists | ✅ Updated | dbis-138, cronos, avalanche, arbitrum, all-mainnet, canonical-tokens Cronos ISO-4217W | --- @@ -197,7 +213,8 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed; ## Master TODO Task List -**[TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md)** — Consolidated fixes, enhancements, gas steps, known issues, and recommendations. +**[TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md)** — Single-file checklist (high/medium/LAN/low/external/phases/validation). +**[TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md)** — Consolidated fixes, enhancements, gas steps, known issues, and recommendations (1–139). --- @@ -212,5 +229,5 @@ AddressMapper and MirrorManager deployed. TransactionMirror: deploy when needed; --- -**Last Updated:** 2026-02-05 +**Last Updated:** 2026-02-16 **Maintained By:** Infrastructure Team diff --git a/docs/00-meta/NEXT_STEPS_OPERATOR.md b/docs/00-meta/NEXT_STEPS_OPERATOR.md index d332e43..e2fe5ca 100644 --- a/docs/00-meta/NEXT_STEPS_OPERATOR.md +++ b/docs/00-meta/NEXT_STEPS_OPERATOR.md @@ -1,13 +1,35 @@ # Next Steps — Operator Runbook -**Last Updated:** 2026-02-07 +**Last Updated:** 2026-02-20 **Purpose:** Single runbook of copy-paste commands for all remaining operator/LAN/creds steps. Use after automated steps are done. **References:** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md), [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md), [INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md](../03-deployment/INFRA_DEPLOYMENT_LOCKED_AND_LOADED.md). **Single fixes checklist (required + optional):** [FIXES_PREPARED.md](../04-configuration/FIXES_PREPARED.md). **Full fixes (validators, block/tx, Sentries, RPCs, network, optional):** [FULL_FIXES_PREPARED.md](../04-configuration/FULL_FIXES_PREPARED.md). **All next steps (consolidated):** [NEXT_STEPS_ALL.md](NEXT_STEPS_ALL.md). **Dev/Codespaces (76.53.10.40):** [DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md](../04-configuration/DEV_CODESPACES_NEXT_STEPS_CHECKLIST.md). **Dev/Codespaces completion evidence:** [DEV_CODESPACES_COMPLETION_20260207.md](../04-configuration/verification-evidence/DEV_CODESPACES_COMPLETION_20260207.md). --- -## Completed in this session (2026-02-06) +## Completed in this session (2026-02-20) + +| Item | Result | +|------|--------| +| Completable tasks | `run-completable-tasks-from-anywhere.sh` — config validation OK, on-chain 45/45, run-all-validation --skip-genesis OK, reconcile-env --print. | +| Doc consolidation | NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; Batch 4+5 → 00-meta-pruned; root cleanup → archive/root-cleanup-20260220; ARCHIVE_CANDIDATES "Last reviewed" set. | + +## Completed in previous session (2026-02-19) + +| Item | Result | +|------|--------| +| Completable tasks | `run-completable-tasks-from-anywhere.sh` — config, 46 on-chain, validation passed. | +| Operator script | `run-all-operator-tasks-from-lan.sh` — W0-1 skipped (off-LAN); Blockscout verify attempted (Blockscout unreachable). | +| RPC 2101 verify | `verify-rpc-2101-approve-and-sync.sh` — ✅ Chain 138, 19 peers, 5 validators, blocks advancing. | +| 502 script | `address-all-remaining-502s.sh` — backends 10130/10150/10151 OK; Besu 2101 restarted (finish from LAN for NPMplus). | +| Optional Phase 9 | Smart accounts kit (informational) — ran; next: deploy EntryPoint/AccountFactory/Paymaster. | +| E2E verification | `verify-end-to-end-routing.sh` with E2E_ACCEPT_502_INTERNAL=1 — run (report in verification-evidence). | + +**Still from LAN:** NPMplus backup, Blockscout verification, full 502/NPMplus proxy update. See [COMPLETION_STATUS_20260215](../archive/00-meta-pruned/COMPLETION_STATUS_20260215.md). + +--- + +## Completed in previous session (2026-02-06) | Item | Result | |------|--------| @@ -127,12 +149,12 @@ Containers 2506, 2507, 2508 were **removed and destroyed** on all Proxmox hosts. | Step | Command | |------|---------| | Create fourth NPMplus LXC (10236 @ 192.168.11.170) | `bash scripts/npmplus/create-npmplus-fourth-container.sh` | -| Create dev VM (5700 @ 192.168.11.60) | `bash scripts/create-dev-vm-5700.sh` | +| Create dev VM (5700 @ 192.168.11.59) | `bash scripts/create-dev-vm-5700.sh` | | Setup dev VM users + Gitea | `ssh root@192.168.11.11 "pct exec 5700 -- bash -s" < scripts/setup-dev-vm-users-and-gitea.sh` | | Tunnel + DNS (set CLOUDFLARE_TUNNEL_ID_DEV_CODESPACES in .env first) | `bash scripts/cloudflare/configure-dev-codespaces-tunnel-and-dns.sh` | | Fourth NPMplus proxy hosts | `NPM_URL=https://192.168.11.170:81 NPM_PASSWORD='...' bash scripts/nginx-proxy-manager/update-npmplus-fourth-proxy-hosts.sh` | -UDM Pro: add port forward 76.53.10.40 → 192.168.11.170 (80/81/443), optional 22 → 192.168.11.60. See [UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md](../04-configuration/UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md). +UDM Pro: add port forward 76.53.10.40 → 192.168.11.170 (80/81/443), optional 22 → 192.168.11.59. See [UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md](../04-configuration/UDM_PRO_DEV_CODESPACES_PORT_FORWARD.md). --- @@ -171,6 +193,20 @@ See [EXPLORER_TROUBLESHOOTING.md](../04-configuration/EXPLORER_TROUBLESHOOTING.m --- +## E2E 502s (when public domains return 502) + +From **LAN** (SSH to Proxmox + reach NPMplus): + +| Goal | Command | +|------|---------| +| Fix all 502 backends + NPMplus proxy + RPC diagnostics | `./scripts/maintenance/address-all-remaining-502s.sh` | +| Also Besu config fix + E2E at end | `./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e` | +| Re-run E2E only | `./scripts/verify/verify-end-to-end-routing.sh` | + +**Runbook:** [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md). + +--- + ## Remaining (operator only) - **W0-2** — sendCrossChain real (when PRIVATE_KEY/LINK ready). @@ -214,6 +250,7 @@ See [EXPLORER_TROUBLESHOOTING.md](../04-configuration/EXPLORER_TROUBLESHOOTING.m | Dev VM create | `bash scripts/create-dev-vm-5700.sh` | | Dev/Codespaces tunnel+DNS | `bash scripts/cloudflare/configure-dev-codespaces-tunnel-and-dns.sh` (set CLOUDFLARE_TUNNEL_ID_DEV_CODESPACES in .env) | | Fourth NPMplus proxy hosts | `NPM_URL=https://192.168.11.170:81 NPM_PASSWORD='...' bash scripts/nginx-proxy-manager/update-npmplus-fourth-proxy-hosts.sh` | +| **Address all 502s (LAN)** | `./scripts/maintenance/address-all-remaining-502s.sh` (use `--run-besu-fix --e2e` for full flow) | | E2E routing (after NPMplus/DNS change) | `bash scripts/verify/verify-end-to-end-routing.sh` | | Explorer E2E from LAN (after frontend/Blockscout deploy) | `bash explorer-monorepo/scripts/e2e-test-explorer.sh` | | Blockscout migrations (version/config change) | On r630-02: `bash scripts/fix-blockscout-ssl-and-migrations.sh` — see [BLOCKSCOUT_FIX_RUNBOOK.md](../03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md) | diff --git a/docs/00-meta/NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md b/docs/00-meta/NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md new file mode 100644 index 0000000..e735998 --- /dev/null +++ b/docs/00-meta/NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md @@ -0,0 +1,119 @@ +# Not Changed by Design — Actionable Steps + +**Last Updated:** 2026-02-13 +**Purpose:** Break down every “not changed by design” item from the placeholder code-generation pass into concrete, assignable steps. + +**Source:** [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) (code generation pass summary). + +**Completed (2026-02-13):** §2 Smart accounts (env in .env.example + runbook); §4 TezosRelayService (Taquito skeleton, mock gated); §5 OMNIS backend (POST/PUT budgets, POST documents/upload, PATCH profile); authController token blacklisting (in-memory + TOKEN_BLACKLIST_ENABLED); deploy.sh TODO for migration/health; §6 CCIPLogger (decision: omit unless monitoring); §7 .bak (BAK_FILES_DEPRECATION); §8 dbis_core (Redis, Prometheus/risk comments, PagerDuty, deal-execution tests skipped); legal-documents vendor README; root .gitignore (venv, __pycache__, .phase1). + +--- + +## 1. AlltraAdapter (already configurable) + +| Step | Action | Owner | +|------|--------|--------| +| 1 | Confirm ALL Mainnet fee (e.g. from network docs or ops). | Ops / Eng | +| 2 | After deployment, call `setBridgeFee(uint256)` on AlltraAdapter with the agreed fee (e.g. in wei). | Ops | +| 3 | Document the chosen fee and update [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md) “AlltraAdapter — Bridge Fee” with the final value. | Eng | + +--- + +## 2. Smart accounts (env already read by script) — ✅ Done 2026-02-13 + +| Step | Action | Owner | +|------|--------|--------| +| 1 | Deploy EntryPoint, AccountFactory, and Paymaster (e.g. via DeploySmartAccountsKit.s.sol or reference implementation). | Eng | +| 2 | Set in `.env`: `ENTRY_POINT=0x...`, `SMART_ACCOUNT_FACTORY=0x...`, `PAYMASTER=0x...`. | Ops / Eng | +| 3 | Add the same vars to `smom-dbis-138/.env.example` with placeholder values and a one-line comment. | Eng | +| 4 | Add a short “Smart accounts” subsection to the deploy runbook (script name, required env, verification command). | Eng | + +--- + +## 3. EnhancedSwapRouter / DODOPMMProvider / Quote service + +| Step | Action | Owner | +|------|--------|--------| +| 1 | **EnhancedSwapRouter:** When Uniswap V3 / Balancer pools exist on chain, set quoter/poolId (or call existing setters); remove or document “return 0” fallback. | Eng | +| 2 | **DODOPMMProvider:** When DODO is integrated, implement oracle-driven `optimizePoolParameters` (or document the flow in code). | Eng | +| 3 | **Quote service:** When Fabric is live, set `FABRIC_CHAIN_ID` in env to the real chain ID; remove or document default 999. | Eng | + +--- + +## 4. TezosRelayService (real mint/transfer) — ✅ Skeleton done 2026-02-13 + +| Step | Action | Owner | +|------|--------|--------| +| 1 | In `smom-dbis-138/services/tezos-relay/src/TezosRelayService.js`, replace the “TODO: Perform actual Tezos mint/transfer” path with Taquito or Tezos RPC calls. | ✅ Skeleton added; set TEZOS_MINTER_ADDRESS, TEZOS_ORACLE_SECRET_KEY for real mint. | +| 2 | Implement: on bridge message, call Tezos contract or token minter to mint/transfer on Tezos; then call `confirmTransaction(requestId, tezosTxHash)` (or equivalent) with ORACLE_ROLE. | Eng (when going live) | +| 3 | Remove or gate the mock path for production; add a unit/integration test that uses testnet. | ✅ Mock gated by MOCK_TEZOS_RELAY. | +| 4 | Update [TEZOS_L1_RELAY_RUNBOOK](../../smom-dbis-138/docs/bridge/TEZOS_L1_RELAY_RUNBOOK.md) (or equivalent) with run instructions and env. | ✅ Eng | + +--- + +## 5. Backend API routes (OMNIS) — ✅ Done 2026-02-13 + +Frontend now calls these; backend must expose them. + +| Step | Action | Owner | +|------|--------|--------| +| 1 | Add `POST /api/budgets` and `PUT /api/budgets/:id` (create/update budget); persist to DB; return saved budget. | ✅ Eng | +| 2 | Add `POST /api/documents/upload` (multipart/form-data); store file (e.g. S3 or local); save metadata to DB; return `{ id, name, url }`. | ✅ Eng | +| 3 | Add `PATCH /api/profile` (body: displayName, email); validate; update user in DB; return updated user or 204. | ✅ Eng | +| 4 | Ensure auth middleware runs on these routes (e.g. require JWT); document in OMNIS API docs. | ✅ Eng | + +--- + +## 6. CCIPLogger — ✅ Decision done 2026-02-13 + +| Step | Action | Owner | +|------|--------|--------| +| 1 | Decide: implement a deploy/script step that deploys or configures CCIPLogger, or remove CCIPLogger from [CONTRACTS_TO_DEPLOY](../11-references/CONTRACTS_TO_DEPLOY.md). | ✅ Omit from deploy list unless monitoring needed; document in CONTRACTS_TO_DEPLOY. | +| 2 | If implementing: add script (e.g. in `smom-dbis-138/script/` or `scripts/`) that deploys or configures the contract; document in the same doc. | When needed: use Hardhat per TASK12. | + +--- + +## 7. .bak files (Forge scripts/tests) — ✅ Done 2026-02-13 + +| Step | Action | Owner | +|------|--------|--------| +| 1 | List all `*.sol.bak` and `*.t.sol.bak` under `smom-dbis-138` (see [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) §10). | ✅ Eng | +| 2 | For each: either fix the script/test and rename back to `.sol` / `.t.sol`, or add a one-line note in that doc that the file is deprecated and why. | ✅ [BAK_FILES_DEPRECATION](../../smom-dbis-138/docs/BAK_FILES_DEPRECATION.md) lists and deprecates. | +| 3 | If deprecating, leave the `.bak` in place or move to an `archive/` folder; do not delete without a decision. | ✅ Eng | + +--- + +## 8. dbis_core — Prometheus / Redis / cache / deal-execution tests — ✅ Done 2026-02-13 + +| Step | Action | Owner | +|------|--------|--------| +| 1 | **Prometheus/StatsD:** When the monitoring stack is deployed, add metrics push or scrape in `metrics.service.ts` (and any other services with “TODO: Integrate with Prometheus/StatsD”). | ✅ Comment added; implement when stack is up. | +| 2 | **Redis:** In `cache.service.ts`, implement Redis client init and pattern-based deletion (or a stub that skips when `REDIS_URL` is unset); document in dbis_core README or deployment doc. | ✅ ioredis when REDIS_URL; pattern invalidateDealCache; skips when unset. | +| 3 | **risk-monitor:** Implement or stub “real-time risk checks” when the risk pipeline is defined; document in the same file or RECOMMENDATIONS. | ✅ Stub + RECOMMENDATIONS.md ref. | +| 4 | **deal-execution integration tests:** Either implement DB persistence, metrics, risk, alerting, Redis, and cache invalidation in the test, or mark the test as skipped with a ticket reference (e.g. `it.skip('...', () => { ... })` and add a comment with the ticket ID). | ✅ it.skip with ticket DBIS-ARB-TEST. | + +--- + +## Quick reference + +| Item | Section | First step | +|------|---------|------------| +| AlltraAdapter fee | §1 | Confirm fee; call setBridgeFee after deploy | +| Smart accounts | §2 | ✅ Done — .env.example + runbook; deploy and set env when ready | +| EnhancedSwapRouter / DODO / Quote | §3 | Set quoter/poolId or FABRIC_CHAIN_ID when pools/Fabric exist | +| TezosRelayService | §4 | ✅ Skeleton done — Taquito path, mock gated; set TEZOS_MINTER_ADDRESS for real mint | +| OMNIS backend routes | §5 | ✅ Done — POST/PUT budgets, POST documents/upload, PATCH profile | +| CCIPLogger | §6 | ✅ Done — omit unless monitoring; TASK12 if needed | +| .bak files | §7 | ✅ Done — BAK_FILES_DEPRECATION | +| dbis_core Prometheus/Redis/tests | §8 | ✅ Done — Redis/PagerDuty/skips; add Prometheus when stack up | +| Token mapping (138↔Mainnet) | §10 | ✅ Done — config/token-mapping.json, relay, CI; when adding tokens update token-mapping.json | + +--- + +## 10. Token mapping (138↔Mainnet) — ✅ Done 2026-02-13 + +| Step | Action | Owner | +|------|--------|--------| +| 1 | Keep `config/token-mapping.json` as single source of truth for Chain 138↔Mainnet token addresses. | ✅ Done — file and loader in config/; relay uses it. | +| 2 | When adding a new token to Chain 138 (or a new bridged token): update `config/token-mapping.json` (key, chain138Address, mainnetAddress if known, relaySupported, notes) and optionally [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md) and its cross-chain table. | Eng / Ops | +| 3 | For 138→Mainnet LINK delivery: follow [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md); then set `relaySupported: true` for LINK in token-mapping.json. | Optional | diff --git a/docs/00-meta/NOT_IMPLEMENTED_FULL_SCOPE.md b/docs/00-meta/NOT_IMPLEMENTED_FULL_SCOPE.md new file mode 100644 index 0000000..90cc79e --- /dev/null +++ b/docs/00-meta/NOT_IMPLEMENTED_FULL_SCOPE.md @@ -0,0 +1,103 @@ +# Not Implemented — Full Scope Reference + +**Purpose:** Single entry point for "what is not implemented and what is the full scope." +**Related:** [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN](../VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md), Phases 2–6; design plan (Cursor plan: not_implemented_full_scope_design). + +--- + +## 1. CMC / CoinGecko submission + +**Design summary:** No code change. Process: prepare payload from report API or existing package → submit via CoinGecko/CMC forms or partner API when available. Single canonical runbook ties prerequisites, step-by-step for Chain 138 then 651940, CMC in parallel, and "where to update when done." + +| Deliverable | Path / description | +|-------------|--------------------| +| Runbook | [CMC_COINGECKO_SUBMISSION_RUNBOOK](../04-configuration/coingecko/CMC_COINGECKO_SUBMISSION_RUNBOOK.md) — prerequisites, export from report API, CoinGecko/CMC submission, when-done updates | +| Cross-references | [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) §9, [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md) CMC/CoinGecko → link to runbook | + +**Dependencies:** None. Can be done anytime. + +--- + +## 2. Private XAU-anchored pools (Phase 2) and Stabilizer + executePrivateSwap (Phase 3) + +**Design summary:** +- **Phase 2:** N pools (cUSDT↔XAU, cUSDC↔XAU, cEURT↔XAU); "private" = only Stabilizer/whitelisted keeper may execute swaps; liquidity provision optionally restricted. Option A: PrivatePoolRegistry records which pool IDs are private and restricts executePrivateSwap to those pools. +- **Phase 3:** Stabilizer contract implements Appendix A of [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN](../VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md): `checkDeviation()`, `executePrivateSwap()` with block delay, per-block cap, slippage, gas check; routes via PrivatePoolRegistry / DODOPMMIntegration. +- **Phase 6:** Flash containment in same Stabilizer: TWAP source, sustained N-block deviation, per-block volume cap, recovery <3 blocks. + +| Phase | Deliverable | Path / description | +|-------|-------------|--------------------| +| 2 | PrivatePoolRegistry.sol | `smom-dbis-138/contracts/` — register (tokenA, tokenB, poolAddress), `getPrivatePool(tokenIn, tokenOut)`, optional LP role | +| 2 | Deploy script + runbook | Script: create XAU-anchored pools via DODOPMMIntegration.createPool, register in PrivatePoolRegistry. Runbook: "Private stabilization pools (Phase 2)" with XAU_ADDRESS_138, cEURT_ADDRESS_138 | +| 3 | Stabilizer.sol | checkDeviation (peg manager + sustained N-block), executePrivateSwap (block delay, cap, slippage, gas), routing to PrivatePoolRegistry; STABILIZER_KEEPER_ROLE, ADMIN | +| 3 | Tests | Unit tests: checkDeviation below/above threshold, sustained vs single-block; executePrivateSwap reverts (delay, cap, slippage) | +| 3 | Runbook | "Stabilizer deployment and configuration" — thresholdBps, minBlocksBetweenExecution, maxStabilizationVolumePerBlock, maxSlippageBps, maxGasPriceForStabilizer; grant STABILIZER_KEEPER_ROLE | +| 6 | Flash containment | In Stabilizer: TWAP source, sustainedDeviationBlocks, per-block cap; document "flash drain recovery <3 blocks" in runbook | + +**Dependencies:** Phase 2 before Phase 3 (Stabilizer needs private pools). Phase 6 extends Phase 3 (same contract). + +--- + +## 3. Cross-chain arbitrage (Phase 4) + +**Design summary:** Off-chain bot recommended: poll price on Chain 138 and 651940 (report API or RPC + DEX), if |Price138 − Price651940| > ArbitrageThreshold then execute (bridge + swap via AlltraAdapter/AlltraCustomBridge). Optional on-chain: contract emitting CrossChainDeviation for bot to listen. Bridge buffer: BridgeReserve ≥ PeakBridgeOutflow × Latency (runbook + optional alert). + +| Deliverable | Path / description | +|-------------|--------------------| +| Design doc | [CROSS_CHAIN_ARBITRAGE_DESIGN](../07-ccip/CROSS_CHAIN_ARBITRAGE_DESIGN.md) — architecture, data flow, env (RPC_URL_138, RPC_URL_651940, AlltraAdapter, ArbitrageThreshold), failure modes, bridge buffer formula | +| Bot skeleton (optional) | TypeScript/Node in `smom-dbis-138/services/` or dbis_core — config, loop: fetch prices → deviation → if over threshold call AlltraAdapter + swap on destination | +| Runbook section | "Cross-chain parity and bridge buffer" in [OPERATIONS_RUNBOOK](../../smom-dbis-138/docs/OPERATIONS_RUNBOOK.md): BridgeReserve ≥ PeakBridgeOutflow × Latency; measure peak outflow and latency; alert when reserve below | + +**Dependencies:** AlltraAdapter/AlltraCustomBridge deployed; report API or price source on both chains. + +--- + +## 4. Full on-chain flash containment (Phase 6) + +**Design summary:** Implement inside Stabilizer (Phase 3 contract): (1) TWAP from DODO pool or external oracle; (2) sustained deviation via circular buffer (last N blocks all > thresholdBps); (3) per-block volume cap; (4) document "flash drain recovery <3 blocks" and optional cooldown after large deviation. + +| Deliverable | Path / description | +|-------------|--------------------| +| Implementation | Same as Phase 3 Stabilizer + extension: TWAP source, sustained-deviation buffer, per-block cap in [Stabilizer](../../smom-dbis-138/contracts/) (when implemented) | +| Runbook / Master Plan | [OPERATIONS_RUNBOOK](../../smom-dbis-138/docs/OPERATIONS_RUNBOOK.md), [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN](../VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md) §8/§16 — recovery target, Flash Loan Containment Checklist | + +**Dependencies:** Phase 3 Stabilizer implemented first. + +--- + +## 5. GAPS and other projects (Sankofa, the-order, dbis_core, network placeholders) + +**Design summary:** Per-area checklists and specs; no new code in this plan except docs. Replace TBDs with real IPs/ports when deployed; document SDK/legal/vendor options and "when to implement" for Redis/Prometheus/PagerDuty; reserve or assign network blocks #2–#6. + +| Area | Deliverables | +|------|--------------| +| **Sankofa / The Order** | Checklist: replace <TARGET_IP>/<TARGET_PORT>; update ALL_VMIDS_ENDPOINTS, RPC_ENDPOINTS_MASTER; NPMplus proxy for the-order.sankofa.nexus; "where to update when done" (PLACEHOLDERS_AND_TBD, REMAINING_COMPONENTS). See [SANKOFA_THE_ORDER_CHECKLIST](../04-configuration/SANKOFA_THE_ORDER_CHECKLIST.md) or SANKOFA_CUTOVER_PLAN. | +| **OMNIS — Sankofa Phoenix SDK** | Integration spec: required SDK interface (getAuthUrl, validateToken, getUserInfo), env vars, fallback. See [OMNIS_SANKOFA_PHOENIX_SDK_INTEGRATION_SPEC](../04-configuration/OMNIS_SANKOFA_PHOENIX_SDK_INTEGRATION_SPEC.md). Dependency note in PLACEHOLDERS_AND_TBD / PLACEHOLDERS_AND_COMPLETION_MASTER_LIST: "Blocked on Sankofa Phoenix SDK availability." | +| **the-order — legal-documents** | Vendor/implementation matrix (court-efiling, e-signature, document-security): Option, Prerequisites, Steps, "Where to update when done." See [LEGAL_DOCUMENTS_IMPLEMENTATION](LEGAL_DOCUMENTS_IMPLEMENTATION.md). Update GAPS_AND_RECOMMENDATIONS_CONSOLIDATED, PLACEHOLDERS_AND_COMPLETION_MASTER_LIST when done. | +| **dbis_core** | Runbook or comment "When to implement": Prometheus when monitoring stack is up; Redis when caching needed. See [DBIS_CORE_WHEN_TO_IMPLEMENT](DBIS_CORE_WHEN_TO_IMPLEMENT.md). No new code; doc/checklist only. | +| **Network placeholders** | Blocks #2–#6: decision "Reserved" or assign; doc update in NETWORK_ARCHITECTURE / NETWORK_CONFIGURATION_MASTER. See [NETWORK_PLACEHOLDERS_DECISION](NETWORK_PLACEHOLDERS_DECISION.md); "where to update when done" in REMAINING_COMPONENTS. | + +**Dependencies:** None for documentation; implementation depends on each project’s timeline. + +--- + +## 6. Dependency and execution order + +- **No dependencies (can do in parallel):** CMC/CoinGecko runbook; NOT_IMPLEMENTED_FULL_SCOPE (this doc); GAPS per-area checklists; Cross-chain arbitrage design + optional bot. +- **Phase 2 → Phase 3:** PrivatePoolRegistry + private pool deploy/runbook before Stabilizer. +- **Phase 3 → Phase 6:** Stabilizer implementation before flash containment extension. + +--- + +## 7. Summary table + +| Item | Primary deliverable | Type | +|------|---------------------|------| +| CMC/CoinGecko | CMC_COINGECKO_SUBMISSION_RUNBOOK.md | Doc (process) | +| Private XAU pools | PrivatePoolRegistry.sol + deploy/runbook | Contract + doc | +| Stabilizer + executePrivateSwap | Stabilizer.sol + tests + runbook | Contract + tests + doc | +| Flash containment | Stabilizer extension + runbook | Contract + doc | +| Cross-chain arbitrage | CROSS_CHAIN_ARBITRAGE_DESIGN.md + optional bot | Doc + optional code | +| GAPS / other | NOT_IMPLEMENTED_FULL_SCOPE.md (this doc) + per-area checklists/specs | Doc | + +All deliverables are scoped so implementation can proceed without ambiguity. diff --git a/docs/00-meta/OPERATOR_READY_CHECKLIST.md b/docs/00-meta/OPERATOR_READY_CHECKLIST.md new file mode 100644 index 0000000..ed054ba --- /dev/null +++ b/docs/00-meta/OPERATOR_READY_CHECKLIST.md @@ -0,0 +1,127 @@ +# Operator Ready Checklist — Copy-Paste Commands + +**Last Updated:** 2026-02-20 +**Purpose:** Single page with exact commands to complete every pending todo. Run from **repo root** on a host with **LAN** access (and `smom-dbis-138/.env` with `PRIVATE_KEY`, `NPM_PASSWORD` where noted). + +**From anywhere (no LAN):** `./scripts/run-completable-tasks-from-anywhere.sh` + +--- + +## 1. High: Gnosis, Celo, Wemix CCIP bridges + +**Ref:** [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) + +**Prereqs:** Confirm [CCIP supports](https://docs.chain.link/ccip/supported-networks) 100, 42220, 1111. Per chain: RPC, CCIP Router, LINK, WETH9/WETH10, deployer with native gas (xDAI, CELO, WEMIX). + +```bash +cd smom-dbis-138 +source .env + +# Per chain (set RPC_URL, CCIP_ROUTER_ADDRESS, LINK_TOKEN_ADDRESS, WETH9_ADDRESS, WETH10_ADDRESS, PRIVATE_KEY) +forge script script/deploy/bridge/DeployWETHBridges.s.sol:DeployWETHBridges --rpc-url "$RPC_URL" --broadcast -vvvv +``` + +Then add destinations (Chain 138 ↔ each chain) and fund with LINK — use: + +```bash +DRY_RUN=1 ./scripts/deployment/complete-config-ready-chains.sh # print commands +./scripts/deployment/complete-config-ready-chains.sh # run (requires bridge addresses in .env) +``` + +**Full steps:** See runbook § Step 1–4. + +--- + +## 2. Medium: LINK support on Mainnet relay + +**Ref:** [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) + +**Options:** A = extend CCIPRelayBridge to accept LINK; B = deploy separate LINK receiver. After implement + deploy + fund: + +```bash +# In config/token-mapping.json set relaySupported: true for LINK +# Update TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md and CCIP_BRIDGE_MAINNET_CONNECTION.md +# Restart relay service on r630-01: /opt/smom-dbis-138/services/relay +``` + +--- + +## 3. LAN: Blockscout verification + +```bash +source smom-dbis-138/.env 2>/dev/null +./scripts/verify/run-contract-verification-with-proxy.sh +``` + +Single contract retry: `./scripts/verify/run-contract-verification-with-proxy.sh --only ContractName` + +--- + +## 4. LAN: Fix E2E 502s + +```bash +./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e +# Or lighter: +./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e +``` + +**Runbook:** [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md) + +--- + +## 5. LAN: Run all operator tasks (backup + verify ± deploy ± create-vms) + +```bash +./scripts/run-all-operator-tasks-from-lan.sh --dry-run # print steps +./scripts/run-all-operator-tasks-from-lan.sh # backup + Blockscout verify +./scripts/run-all-operator-tasks-from-lan.sh --deploy # + contract deploy +./scripts/run-all-operator-tasks-from-lan.sh --create-vms # + create DBIS Core containers +./scripts/run-all-operator-tasks-from-lan.sh --deploy --create-vms +``` + +--- + +## 6. Low: DODO PMM on Chain 138 + +**Ref:** [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2B + +**Prereqs:** Set in `smom-dbis-138/.env`: `DODO_VENDING_MACHINE_ADDRESS`, `COMPLIANT_USDT_ADDRESS`, `COMPLIANT_USDC_ADDRESS`. + +```bash +./scripts/run-optional-deployments.sh --execute --phases 7 +# Or from smom-dbis-138: ./scripts/deployment/deploy-optional-future-all.sh (Phase 7 = DODO) +``` + +--- + +## 7. Low: Mainnet trustless stack (Lockbox138 + Mainnet) + +**Ref:** [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2C + +**Prereqs:** `ETHEREUM_MAINNET_RPC`, Mainnet ETH for deployer. + +```bash +cd smom-dbis-138 +source .env +forge script script/bridge/trustless/DeployTrustlessBridge.s.sol:DeployTrustlessBridge \ + --rpc-url "$ETHEREUM_MAINNET_RPC" --broadcast --via-ir --verify +# Then: Lockbox138 on 138; configure Lockbox138↔InboxETH; fund liquidity. See runbook §C. +``` + +--- + +## 8. Wemix token verification (High) + +Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); confirm WETH, USDT, USDC addresses. If different, update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md). Then: + +```bash +./scripts/validation/validate-config-files.sh +``` + +--- + +## References + +- [TODOS_CONSOLIDATED.md](TODOS_CONSOLIDATED.md) — full task list +- [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — detail and completed items +- [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) — full LAN steps diff --git a/docs/00-meta/PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md b/docs/00-meta/PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md new file mode 100644 index 0000000..bcfc4d1 --- /dev/null +++ b/docs/00-meta/PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md @@ -0,0 +1,153 @@ +# Placeholders and What Needs to Be Completed — Master List + +**Last Updated:** 2026-02-13 +**Purpose:** Single list of every placeholder and what must be completed (code, config, docs, ops). + +**Completion pass (2026-02-13):** OMNIS backend routes (POST/PUT budgets, POST documents/upload, PATCH profile) done; authController token blacklisting (in-memory + TOKEN_BLACKLIST_ENABLED); TezosRelayService Taquito skeleton + mock gated; Smart accounts .env.example + runbook; dbis_core Redis stub, Prometheus/risk comments, deal-execution tests skipped with ticket; CCIPLogger decision (omit unless monitoring); .bak listed and deprecated in BAK_FILES_DEPRECATION; deployment gaps (env table, TransactionMirror script, DEPLOYMENT_GAPS_COMPLETED); NPMplus HA and storage monitor already have ALERT_EMAIL/ALERT_WEBHOOK; deploy.sh TODO comments for migration/health; the-order legal-documents vendor integration README; root .gitignore (venv, __pycache__, .phase1). + +**Code generation pass (2026-02-12):** PagerDuty API implemented (dbis_core alert.service); liquidity amountDecimal fix + future-work comments (dbis_core liquidity-limits); Sankofa Phoenix helpers getAuthUrl/validateToken/getUserInfo (OMNIS); BudgetForm/DocumentUpload/ProfileEditForm API wiring (OMNIS); authController token blacklist + deploy.sh health/migration note (OMNIS); court-efiling/e-signature/document-security integration comments (the-order); script alert env docs (monitor-ha-status, storage-monitor); token-aggregation README required env; TEZOS_CROSS_CHAIN_FINALITY placeholder note. + +**Related:** [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) | [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md) | [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) | [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) | [NOT_IMPLEMENTED_FULL_SCOPE](NOT_IMPLEMENTED_FULL_SCOPE.md) (not implemented — design and full scope) + +--- + +## 1. Security and secrets + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| API keys in .env.example | `smom-dbis-138/services/token-aggregation/.env.example`, root `.env.example` | ✅ **Done** — use `your-coingecko-api-key`, `your-coinmarketcap-api-key`. Rotate any keys if they were ever committed. | +| PRIVATE_KEY, JWT_SECRET, NPM_PASSWORD, etc. | Root and project `.env.example` | Keep as `your-*` placeholders; never commit real values. Document in [MASTER_SECRETS_INVENTORY](../04-configuration/MASTER_SECRETS_INVENTORY.md), [API_KEYS_REQUIRED](../../reports/API_KEYS_REQUIRED.md) (if present). | +| OMNIS / dbis_core / the-order secrets | Their .env / config | Use `your-*` or empty in examples; document in MASTER_SECRETS_INVENTORY. | + +--- + +## 2. Configuration and DNS + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **the-order.sankofa.nexus** | [ALL_VMIDS_ENDPOINTS](../04-configuration/ALL_VMIDS_ENDPOINTS.md), [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md) | When The Order portal is deployed: add NPMplus proxy host and document IP:port in RPC_ENDPOINTS_MASTER and ALL_VMIDS_ENDPOINTS. | +| **Sankofa cutover plan** | [SANKOFA_CUTOVER_PLAN](../04-configuration/SANKOFA_CUTOVER_PLAN.md) | Replace ``, ``, and table TBDs with actual Sankofa service IPs/ports when deployed. | +| **sankofa.nexus / phoenix.sankofa.nexus** | [ALL_VMIDS_ENDPOINTS](../04-configuration/ALL_VMIDS_ENDPOINTS.md), [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md), [DNS_NPMPLUS_VM](../04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md) | **Doc fix done:** Correct targets: sankofa → 192.168.11.51:3000 (VMID 7801), phoenix → 192.168.11.50:4000 (VMID 7800). **Operator:** Ensure NPMplus proxy hosts use these, not 192.168.11.140. Only explorer.d-bis.org → .140. | +| **Public blocks #2–#6** | [NETWORK_ARCHITECTURE](../02-architecture/NETWORK_ARCHITECTURE.md), [NETWORK_CONFIGURATION_MASTER](../11-references/NETWORK_CONFIGURATION_MASTER.md) | Document when blocks are assigned or mark as “reserved”. | +| **PROXMOX_HOST / PROXMOX_TOKEN_SECRET** | smom-dbis-138-proxmox/README.md | Keep as `proxmox.example.com`, `your-token-secret`; document in deployment guide. | + +--- + +## 3. smom-dbis-138 — Code placeholders + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **AlltraAdapter fee** | `contracts/bridge/adapters/evm/AlltraAdapter.sol` | `getBridgeFee()`: use configurable value (e.g. `setBridgeFee`). Update with actual ALL Mainnet fee when known; document in [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md). | +| **Smart accounts kit** | `script/smart-accounts/DeploySmartAccountsKit.s.sol` | ✅ **Done:** .env.example has ENTRY_POINT, SMART_ACCOUNT_FACTORY, PAYMASTER; runbook has Smart accounts subsection. Script reads env; deploy EntryPoint/Factory externally and set env. | +| **EnhancedSwapRouter** | `contracts/bridge/trustless/EnhancedSwapRouter.sol` | Uniswap quoter / Balancer: document when pools exist; keep “return 0” placeholder until integrated. | +| **DODOPMMProvider** | `contracts/liquidity/providers/DODOPMMProvider.sol` | “For now, placeholder” — document oracle-driven flow; complete when DODO is integrated. | +| **Quote service Fabric** | `orchestration/bridge/quote-service.ts` | `FABRIC_CHAIN_ID` env (default 999). Set real chain ID when Fabric is integrated. | +| **register-all-mainnet avgBlockTime** | [TEZOS_CCIP_REMAINING_ITEMS](../07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md) | Verify actual block time and set in script. | +| **TezosRelayService** | `services/tezos-relay/src/TezosRelayService.js` | ✅ **Skeleton done:** Taquito/RPC path added; mock gated by MOCK_TEZOS_RELAY; runbook updated. Set TEZOS_MINTER_ADDRESS, TEZOS_ORACLE_SECRET_KEY for real mint. | +| **Canonical token addresses** | `services/token-aggregation/src/config/canonical-tokens.ts` | All from env; unset tokens omitted. Document required env vars (e.g. which `*_ADDRESS_138` / `*_ADDRESS_651940`) in token-aggregation README and .env.example. | +| **WETH bridges mainnet receiver** | `script/deploy/bridge/DeployWETHBridges.s.sol` | Set `MAINNET_WETH9_BRIDGE_ADDRESS` and `MAINNET_WETH10_BRIDGE_ADDRESS` in env when configuring cross-chain destinations. | +| **.bak files** | Various `*.sol.bak`, `*.t.sol.bak` | ✅ **Done:** Listed and deprecated in [BAK_FILES_DEPRECATION](../../smom-dbis-138/docs/BAK_FILES_DEPRECATION.md); REQUIRED_FIXES §9 links there. | + +--- + +## 4. dbis_core — Code placeholders + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **as4-settlement liquidity** | `src/core/settlement/as4-settlement/liquidity-limits.service.ts` | Implement “Check intraday/daily usage”, “Implement liquidity reservation”, “Implement liquidity release” or document as future work. | +| **arbitrage monitoring** | `src/core/defi/arbitrage/services/monitoring/metrics.service.ts` | ✅ **Done:** Comment added — add Prometheus when monitoring stack deployed. | +| **risk-monitor** | `src/core/defi/arbitrage/services/risk-monitor.service.ts` | ✅ **Done:** Stub note + RECOMMENDATIONS.md reference. | +| **cache.service** | `src/core/defi/arbitrage/services/cache/cache.service.ts` | ✅ **Done:** Redis init when REDIS_URL set (ioredis); pattern-based invalidateDealCache; skips when unset. | +| **alert.service** | `src/core/defi/arbitrage/services/alert.service.ts` | ✅ **Done:** PagerDuty API (events.pagerduty.com/v2/enqueue) implemented. | +| **deal-execution integration tests** | `__tests__/integration/deal-execution.integration.test.ts` | ✅ **Done:** DB/metrics/risk/cache TODOs marked it.skip with ticket DBIS-ARB-TEST. | +| **Emergency hotline / API URLs** | dbis_core nostro-vostro docs | ✅ **Done** — set to “To be configured”. Replace with real emergency contact and API base URLs when available. | + +--- + +## 5. OMNIS — Code placeholders + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **Sankofa Phoenix SDK** | `src/identity/sankofa-phoenix.ts`, `authProvider.tsx`, `authController.ts` | “TODO: Replace with actual Sankofa Phoenix SDK”. Integrate real SDK or document dependency and timeline. | +| **authController token blacklisting** | `backend/src/controllers/authController.ts` | “Implement token blacklisting if needed” — ✅ **Done:** In-memory blacklist when `TOKEN_BLACKLIST_ENABLED=true`; comments for production Redis/DB. | +| **BudgetForm / MilestoneForm / AccountForm** | `src/components/*.tsx` | ✅ **Done:** Backend exposes POST/PUT /api/budgets; frontend wired to VITE_API_URL. | +| **DocumentUpload** | `src/components/DocumentUpload.tsx` | ✅ **Done:** Backend POST /api/documents/upload (multipart); returns { id, name, url }; frontend wired. | +| **ProfileEditForm** | `src/components/ProfileEditForm.tsx` | ✅ **Done:** Backend PATCH /api/profile (displayName, email); auth required; frontend wired. | +| **CI/CD and deploy** | `.github/workflows/*.yml`, `scripts/deploy.sh` | “TODO: Replace with actual Sankofa Phoenix deployment” / “Add database migration” / “Add health check” — add real deployment and health steps. | + +--- + +## 6. the-order — Code placeholders + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **court-efiling** | `services/legal-documents/src/services/court-efiling.ts` | “TODO: Integrate with actual court e-filing system” and status/config queries — implement or document vendor. | +| **e-signature** | `services/legal-documents/src/services/e-signature.ts` | “TODO: Integrate with e-signature provider” and status/webhook — implement or document provider (e.g. DocuSign/Adobe Sign). | +| **document-security** | `services/legal-documents/src/services/document-security.ts` | “TODO: Fetch PDF, apply watermark/redactions, re-upload” — implement or document. | + +--- + +## 7. Scripts and ops + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **NPMplus HA alert** | `scripts/npmplus/monitor-ha-status.sh` | ✅ **Done:** ALERT_EMAIL (mail) and ALERT_WEBHOOK (curl JSON) implemented when set. | +| **Storage monitor** | `scripts/storage-monitor.sh` | ✅ **Done:** ALERT_EMAIL and ALERT_WEBHOOK implemented. | +| **CCIPLogger** | [CONTRACTS_TO_DEPLOY](../11-references/CONTRACTS_TO_DEPLOY.md) | ✅ **Done:** Decision documented — omit from deploy list unless monitoring needed; deploy via Hardhat per TASK12 if needed. | + +--- + +## 8. Token aggregation and external data + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **CoinGecko/CMC chain support** | token-aggregation adapters | ChainId 138 and 651940 not supported by CoinGecko/CMC; external price/volume empty for our chains. Submit chain/tokens to CoinGecko/CMC (see COINGECKO_SUBMISSION_GUIDE) or use alternative price source; document in report API. | +| **Canonical addresses env** | token-aggregation canonical-tokens.ts | ✅ **Done:** README lists required CUSDC_ADDRESS_138, CUSDT_ADDRESS_138; .env.example has full list. | + +--- + +## 9. Tezos / CCIP + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **Etherlink finality** | [TEZOS_CCIP_REMAINING_ITEMS](../07-ccip/TEZOS_CCIP_REMAINING_ITEMS.md) | ✅ **Doc:** TEZOS_CROSS_CHAIN_FINALITY placeholder note added. Set confirmation blocks in relay/DON when decided. | +| **Route planner TBD** | [TEZOS_USDTZ_IMPLEMENTATION_ROADMAP](../11-references/TEZOS_USDTZ_IMPLEMENTATION_ROADMAP.md) | Replace “TBD” bridge provider in route-routes and route-planner with real provider or `eth2tz[0]?.provider ?? 'TBD'`. | +| **Placeholder wallet / tx hashes** | Same doc | Do not use placeholder wallet or tx hashes in production; use real signer and `adapter.sendTransaction` results. | +| **Token mapping (138↔Mainnet)** | config/token-mapping.json, [TOKEN_MAPPING_AND_MAINNET_ADDRESSES](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md) | ✅ **Done:** Single source of truth in config/token-mapping.json; relay uses it; CI validates; runbook for LINK support. When adding tokens: update token-mapping.json and optionally CHAIN138_TOKEN_ADDRESSES. | + +--- + +## 10. Operational and runbook + +| Placeholder | Location | What to complete | +|-------------|----------|------------------| +| **NPMplus HA (Keepalived / secondary)** | [NPMPLUS_HA_SETUP_GUIDE](../04-configuration/NPMPLUS_HA_SETUP_GUIDE.md), [PHASES_AND_TASKS_MASTER](PHASES_AND_TASKS_MASTER.md) | Optional: implement Keepalived or HAProxy; document failover; update OPERATIONAL_RUNBOOKS with NPMplus HA failover steps. | +| **UDM Pro VLAN / VLAN-aware bridge** | [NEXT_STEPS_MASTER](NEXT_STEPS_MASTER.md), PHASES_AND_TASKS_MASTER | Optional: document when VLAN migration is planned; update NETWORK_ARCHITECTURE when done. | +| **Automated backups** | [TODO_TASK_LIST_MASTER](TODO_TASK_LIST_MASTER.md) | NPMplus backup (NPM_PASSWORD); ensure backup-npmplus.sh is scheduled and verified. | + +--- + +## 11. Summary by priority + +| Priority | Count (approx) | Focus | +|----------|----------------|--------| +| **High** | 2 | API keys (done); TezosRelayService real mint/transfer; Sankofa cutover when deployed. | +| **Medium** | 12+ | AlltraAdapter fee; Smart accounts deploy + env; canonical token env docs; dbis_core Redis/PagerDuty/as4; OMNIS Sankofa Phoenix; the-order legal-documents; NPMplus HA alert; storage monitor. | +| **Low** | 15+ | EnhancedSwapRouter/DODO/Fabric; network blocks #2–#6; .bak files; route planner TBD; Etherlink finality; optional NPMplus HA/VLAN. | +| **Done** | — | API keys placeholders; emergency hotline “To be configured”; AlltraAdapter configurable fee (PLACEHOLDERS_AND_TBD); Smart accounts .env.example + runbook; Quote service FABRIC_CHAIN_ID; EnhancedSwapRouter/DODO documented; TezosRelayService skeleton; OMNIS budgets/documents/profile routes; authController token blacklisting; dbis_core Redis/Prometheus/risk/alert/tests; CCIPLogger decision; .bak deprecated; NPMplus HA and storage monitor alerts; deployment gaps (env table, TransactionMirror script, DEPLOYMENT_GAPS_COMPLETED); token mapping (config/token-mapping.json, TOKEN_MAPPING_AND_MAINNET_ADDRESSES, relay, CI, runbook LINK). | + +--- + +## 12. Not changed by design — actionable steps + +See **[NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md)** for a step-by-step breakdown: AlltraAdapter fee, Smart accounts deploy + env, EnhancedSwapRouter/DODO/Quote, TezosRelayService, OMNIS backend routes, CCIPLogger, .bak files, dbis_core Prometheus/Redis/tests. + +--- + +## 13. Where to update when completed + +- **This list:** Mark item as ✅ and add “Done” note. +- **Single index (Blitzkrieg):** [BLITZKRIEG_SOURCE_DOCUMENT_INDEX](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md) — full table of source docs and when to update each. +- **Source docs:** [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md), [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md), [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md). +- **Remaining tasks:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) § 1.6 and Part 2. +- **Deployment gaps:** [DEPLOYMENT_GAPS_COMPLETED](../03-deployment/DEPLOYMENT_GAPS_COMPLETED.md) — env per script, TransactionMirror fallback, smart accounts. diff --git a/docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md b/docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md new file mode 100644 index 0000000..24f10de --- /dev/null +++ b/docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md @@ -0,0 +1,85 @@ +# Recommendations and operator checklist (R1–R24) + +**Purpose:** Single checklist for all recommendations from [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) Part 2. Use when deploying, verifying, or operating. + +**Related:** [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md) | [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) | [MASTER_SECRETS_INVENTORY](../04-configuration/MASTER_SECRETS_INVENTORY.md) + +--- + +## Verification and source of truth (R1–R3) + +| # | Action | When | +|---|--------|------| +| R1 | Verify every deployed contract on Blockscout (Forge Verification Proxy or BLOCKSCOUT_VERIFICATION_GUIDE) | After each deployment when Blockscout is reachable | +| R2 | Keep CONTRACT_ADDRESSES_REFERENCE and SMART_CONTRACTS_INVENTORY_ALL_CHAINS updated; reconcile duplicate .env entries | When new contracts are deployed or deprecated | +| R3 | Run `./scripts/verify/check-contracts-on-chain-138.sh [RPC]`; fix any MISSING/EMPTY | Periodically or after deploy | + +## Security and secrets (R4–R7) + +| # | Action | When | +|---|--------|------| +| R4 | **Do not use** CCIPWETH9Bridge at `0x89dd...`; use only `0x971c...` and set `CCIPWETH9_BRIDGE_CHAIN138` in env | Always; see runbook § Deprecated bridge | +| R5 | Never commit .env or private keys; use MASTER_SECRETS_INVENTORY; rotate any exposed keys | Always | +| R6 | API keys in .env.example — Done (placeholders) | — | +| R7 | Restrict deployer key and RPC admin access (RPC_URL_138) to operators who need them | Access review | + +## Deployment (R8–R11) + +| # | Action | When | +|---|--------|------| +| R8 | Set RPC_URL_138 (Core); run from LAN/VPN if 192.168.11.x not reachable | Before deploy | +| R9 | Use GAS_PRICE=1000000000 (or current min) on Chain 138; see CONTRACT_DEPLOYMENT_RUNBOOK | Every forge script/create on 138 | +| R10 | Phased core: 01_DeployCore first, set env, then 02_DeployBridges; alltra-lifi: MerchantSettlementRegistry before WithdrawalEscrow | Deploy order | +| R11 | If tx stuck, manage nonce; see DEPLOYMENT_STRATEGY_EVALUATION | Troubleshooting | + +## Documentation and runbooks (R12–R13) + +| # | Action | When | +|---|--------|------| +| R12 | Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE, BLOCKSCOUT_FIX_RUNBOOK in sync with scripts and Blockscout URL | After script or URL changes | +| R13 | When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc; link from SMART_CONTRACTS_INVENTORY_ALL_CHAINS | Per-chain deploy | + +## Automation and CI/CD (R14–R16) + +| # | Action | When | +|---|--------|------| +| R14 | Run run-contract-verification-with-proxy.sh after deployments when Blockscout reachable from CI | CI after deploy | +| R15 | Consider single script: check env → deploy → verify → update config (COMPREHENSIVE_RECOMMENDATIONS § Infrastructure) | Automation | +| R16 | Use .env.development / .env.staging / .env.production or JSON configs per chain | Config hygiene | + +## Monitoring and operations (R17–R18) + +| # | Action | When | +|---|--------|------| +| R17 | Monitor critical bridge/oracle events (TransferInitiated, TransferCompleted, price updates); see COMPREHENSIVE_RECOMMENDATIONS § Monitoring | Ongoing | +| R18 | Ensure Blockscout (VMID 5000) is up and /api reachable; see EXPLORER_API_ACCESS, BLOCKSCOUT_FIX_RUNBOOK | Health checks | + +## Testing and quality (R19–R20) + +| # | Action | When | +|---|--------|------| +| R19 | Run `forge test` in smom-dbis-138 and alltra-lifi-settlement before deploying; run integration tests where available | Pre-deploy | +| R20 | NatSpec on public contract functions (verification and tooling) | Code quality | + +## Configuration and DNS (R21–R22) + +| # | Action | When | +|---|--------|------| +| R21 | When The Order is deployed: NPMplus proxy host; document in RPC_ENDPOINTS_MASTER and ALL_VMIDS_ENDPOINTS; replace SANKOFA_CUTOVER_PLAN TBDs | Sankofa/The Order go-live | +| R22 | Document or configure blocks #2–#6 in NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER (or mark reserved); see NETWORK_PLACEHOLDERS_DECISION | When decided | + +## Quick wins (R23) + +| # | Action | When | +|---|--------|------| +| R23 | Scripts: add progress indicators; add --dry-run where missing; extend config validation (IMPLEMENTATION_CHECKLIST) | Script updates | + +## Token mapping (R24) + +| # | Action | When | +|---|--------|------| +| R24 | Keep config/token-mapping.json as single source of truth for 138↔Mainnet; when adding tokens update token-mapping.json and optionally CHAIN138_TOKEN_ADDRESSES; see TOKEN_MAPPING_AND_MAINNET_ADDRESSES | Adding tokens | + +--- + +**Key commands:** See [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) Part 3. diff --git a/docs/00-meta/REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md b/docs/00-meta/REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md new file mode 100644 index 0000000..dfae3e0 --- /dev/null +++ b/docs/00-meta/REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md @@ -0,0 +1,216 @@ +# Remaining Components, Tasks, and Recommendations — Master List + +**Last Updated:** 2026-02-13 +**Purpose:** Single list of all remaining components/tasks to complete and all recommendations/suggestions to implement across the repo. + +**Completed (2026-02-13):** OMNIS backend routes; dbis_core Redis/Prometheus/risk/PagerDuty/deal-execution tests; CCIPLogger decision; .bak (BAK_FILES_DEPRECATION); NPMplus HA and storage monitor alerts; deployment gaps; Smart accounts .env.example + runbook; TezosRelayService skeleton. + +**Related:** [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md) | [MASTER_DOCUMENTATION_INDEX.md](MASTER_DOCUMENTATION_INDEX.md) | [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) | [CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md](../11-references/CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md) | [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) | [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md) (R1–R24) + +--- + +## Completed in this pass (2026-02-12, 2026-02-13) + +| # | Item | Status | +|---|------|--------| +| 7 | **app-ethereum README:** Document that local build requires BOLOS_SDK; use Docker or CI | ✅ Done — note added in ~/projects/app-ethereum/README.md § Compilation | +| 26 | **Run “from anywhere” checks** | ✅ Done — `run-completable-tasks-from-anywhere.sh` run: config validation OK, on-chain check 36/36 OK, validation OK, reconcile-env printed | +| 27 | **Config validation** | ✅ Done — part of run above | +| R6 | **API keys in .env.example** | ✅ Already placeholders — root and token-aggregation use `your-coingecko-api-key` / `your-coinmarketcap-api-key` | +| R23 (partial) | **Quick wins — add --dry-run** | ✅ Done — `run-completable-tasks-from-anywhere.sh` now supports `[--dry-run]` (prints four steps only; exit 0). Full run re-executed successfully. | +| One-liner | **Re-run completable script** | ✅ Done — `./scripts/run-completable-tasks-from-anywhere.sh` and `... --dry-run` both exit 0. | +| 2026-02-13 | OMNIS backend (budgets, documents/upload, profile) | ✅ Done | +| 2026-02-13 | dbis_core (Redis, Prometheus/risk, PagerDuty, deal-execution skipped) | ✅ Done | +| 2026-02-13 | CCIPLogger decision, .bak BAK_FILES_DEPRECATION, NPMplus/storage alerts | ✅ Done | +| 2026-02-13 | Deployment gaps, Smart accounts env+runbook, TezosRelayService skeleton | ✅ Done | +| 2026-02-13 | **Master Smart Contracts JSON** — config/smart-contracts-master.json; relay + transaction-mirror + state-anchoring load from it; check-contracts-on-chain-138.sh uses JSON when available; .env.example points to master | ✅ Done | +| 2026-02-13 | **Token mapping (138↔Mainnet)** — config/token-mapping.json, token-mapping-loader.cjs, relay config, TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md, RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md, CI validation, CHAIN138_TOKEN_ADDRESSES cross-chain section, CONTRACT_ADDRESSES_REFERENCE link | ✅ Done | + +**Task 19 (Multicall vs Oracle):** Already documented in [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) — operator to verify on explorer and document result. + +**Still remaining:** Ledger/Trust external steps; Blockscout verification (LAN); code placeholders per GAPS; Consensys/CoinGecko outreach; optional Ledger items when they confirm. + +**👉 For exact steps and answers to complete each remaining item:** [REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md](REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md) — prerequisites, who does it, concrete steps, and where to update when done. + +--- + +## Part 1 — Remaining components and tasks + +### 1.1 Wallets (Chain 138) + +| # | Component / task | Owner / when | Reference | +|---|------------------|--------------|-----------| +| 1 | **Ledger:** Await Ledger’s response to Tally form; sign agreement and follow their integration steps | You / when Ledger replies | [ADD_CHAIN138_TO_LEDGER_LIVE](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md) | +| 2 | **Ledger:** If Ledger asks for PR/code review — push materials from ~/projects/LedgerLive and share with Ledger | You / when Ledger asks | [CHAIN138_WALLET_REPOSITORIES](../04-configuration/CHAIN138_WALLET_REPOSITORIES.md) | +| 3 | **Ledger:** Execute Step 8 manual test plan (sync, receive, balance, broadcast, operations) once Chain 138 is in Ledger Live | You / after Ledger adds 138 | [LedgerLive/step-08-manual-tests](~/projects/LedgerLive/step-08-manual-tests/test-plan.md) | +| 4 | **Trust Wallet:** Open PR to [trustwallet/wallet-core](https://github.com/trustwallet/wallet-core) with registry entry from ~/projects/TrustWallet-Integration; run codegen and derivation tests | You / when ready | [ADD_CHAIN138_TO_TRUST_WALLET](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md) | +| 5 | **Trust Wallet (optional):** Submit Chain 138 native token logos via [assets.trustwallet.com](https://assets.trustwallet.com) | You / if needed | ADD_CHAIN138_TO_TRUST_WALLET § Optional | +| 6 | **Chain 138 Snap:** Run full E2E (Playwright + MetaMask Flask) when needed; unit tests already pass | Dev / optional | [chain138-snap/TESTING_INSTRUCTIONS](../../metamask-integration/chain138-snap/TESTING_INSTRUCTIONS.md) | +| 7 | **app-ethereum:** Document in README that local build requires `BOLOS_SDK` for contributors | ✅ **Done** (2026-02-12) | [CHAIN138_WALLET_PROJECTS_COMPLETION_REVIEW](../04-configuration/CHAIN138_WALLET_PROJECTS_COMPLETION_REVIEW.md) | + +### 1.2 Ledger integration — to add when Ledger confirms (LedgerLive repo) + +| # | Component / task | Action | Reference | +|---|------------------|--------|-----------| +| 8 | **Tokens (CAL)** | After Ledger adds chain: follow [Tokens integration](https://developers.ledger.com/docs/ledger-live/accounts/integration/tokens/before-you-start); provide Chain 138 token addresses from LedgerLive/docs/CHAIN138_TOKEN_ADDRESSES.md | [LedgerLive GAPS](~/projects/LedgerLive/GAPS_AND_MISSING_INTEGRATIONS.md) § 1 | +| 9 | **Swap (optional)** | Only if Ledger/partner supports swap on 138; see [Swap integration](https://developers.ledger.com/docs/ledger-live/accounts/integration/swap/before-you-start) | GAPS § 2 | +| 10 | **Staking (optional)** | Only if Chain 138 has staking and Ledger supports it | GAPS § 3 | +| 11 | **Clear Signing plugin (optional)** | For Chain 138–specific contract calls (CCIP, bridge) so device shows human-readable descriptions | GAPS § 4 | +| 12 | **i18n (LLD/LLM)** | Add error translation keys when adding currency; copy Ethereum family keys, add Chain 138–specific | GAPS § 5 | +| 13 | **live-common supported currencies** | After cloning ledger-live, find where supported currencies are set and add `defi_oracle_meta_mainnet` | GAPS § 6 | +| 14 | **wallet-api** | Check if Ethereum family already supports multiple chainIds; add 138 to allowed values if needed | GAPS § 7 | +| 15 | **App-ethereum icon** | If Ledger requests network icon, follow [Device App Kit deliverables (Icons)](https://developers.ledger.com/docs/device-app/submission-process/deliverables/icons) | GAPS § 9 | +| 16 | **E2E and integration tests** | After integration, add or run E2E/integration tests in ledger-live monorepo for Chain 138 | GAPS § 10 | +| 17 | **Confirm with Ledger** | Step 6 config shape (e.g. `status: "active"`); Step 7 extend vs new family; Step 4 pubKey vs publicKey | GAPS Summary | + +### 1.3 Contracts and operator + +| # | Component / task | Action | Reference | +|---|------------------|--------|-----------| +| 18 | **Blockscout source verification** | Run from host that can reach Blockscout: `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | [CONTRACT_NEXT_STEPS](../11-references/CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md) § Operator | +| 19 | **Verify Multicall vs Oracle Aggregator** | Check explorer.d-bis.org for `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506`; document which contract is at this slot | CONTRACT_NEXT_STEPS § Operator | +| 20 | **Periodic on-chain check** | Re-run `./scripts/verify/check-contracts-on-chain-138.sh [RPC]` when new contracts are deployed | CONTRACT_NEXT_STEPS § 3.1 | +| 21 | **Optional: trustless bridge** | Deploy from `script/bridge/trustless/` if using trustless bridge stack | CONTRACT_NEXT_STEPS § Pending | +| 22 | **Optional: mainnet/multichain** | Deploy to other chains; document addresses per chain | CONTRACT_NEXT_STEPS § Pending | +| 23 | **Optional: PaymentChannelManager / GenericStateChannelManager** | When channel features needed on Mainnet or Chain 138 | CONTRACT_NEXT_STEPS § Pending | + +### 1.4 MetaMask / Consensys and listings + +| # | Component / task | Action | Reference | +|---|------------------|--------|-----------| +| 24 | **Consensys outreach** | Continue business development for native Swaps/Bridge support for Chain 138 using [CONSENSYS_OUTREACH_PACKAGE](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md) | [METAMASK_CHAIN138_FEATURE_PARITY](../04-configuration/metamask/METAMASK_CHAIN138_FEATURE_PARITY_ANALYSIS.md) | +| 25 | **CoinGecko / native MetaMask USD** | Submit Chain 138 and tokens to CoinGecko (and optionally CMC) so MetaMask shows USD for Chain 138 tokens | Feature parity § 5; [COINGECKO_SUBMISSION_GUIDE](../04-configuration/coingecko/COINGECKO_SUBMISSION_GUIDE.md) | + +### 1.5 Steps you can complete now (no LAN/VPN) + +| # | Task | Command / action | Reference | +|---|------|------------------|-----------| +| 26 | Run “from anywhere” checks | `./scripts/run-completable-tasks-from-anywhere.sh` | ✅ **Done** (2026-02-12) — all 4 steps passed | +| 27 | Config validation | `./scripts/validation/validate-config-files.sh` | ✅ **Done** (part of #26) | +| 28 | Tests | `cd smom-dbis-138 && forge test`; `cd alltra-lifi-settlement && forge test && npm run test:e2e -- --forceExit` | NEXT_STEPS_FOR_YOU § 2 | +| 29 | Placeholders (code)** | Canonical addresses in token-aggregation; AlltraAdapter fee; smart accounts kit; quote service Fabric chainId; .bak deprecation | [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) | +| 30 | API keys | Sign up at URLs in [reports/API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md); add keys to `.env` | NEXT_STEPS_FOR_YOU § 2 | + +**Steps from Proxmox / LAN with secrets:** When you have SSH to Proxmox (or LAN) and dotenv (PRIVATE_KEY, NPM_PASSWORD, RPC): deploy/verify contracts, backup, create VMs. Full list: [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md). Script: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. VM creation runbook: [PROXMOX_VM_CREATION_RUNBOOK](../03-deployment/PROXMOX_VM_CREATION_RUNBOOK.md). + +### 1.6 Code placeholders and TODOs (by project) + +See **Part 2** and [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) for full tables. Summary: + +- **smom-dbis-138:** AlltraAdapter fee, smart accounts kit (✅ env + runbook done), EnhancedSwapRouter, DODOPMMProvider, quote service Fabric chainId, TezosRelayService (✅ skeleton done; set TEZOS_MINTER_ADDRESS for real mint). +- **dbis_core:** as4-settlement liquidity limits (future-work comments), arbitrage monitoring/Prometheus (✅ comment; add when stack up), risk-monitor (✅ stub), cache.service (✅ Redis when REDIS_URL), alert.service (✅ PagerDuty), deal-execution integration tests (✅ skipped with ticket). +- **OMNIS:** Sankofa Phoenix SDK, authController token blacklisting, BudgetForm/MilestoneForm/AccountForm API (✅ done), DocumentUpload (✅ done), ProfileEditForm (✅ done), CI/CD and deploy. +- **the-order (legal-documents):** court-efiling, e-signature, document-security. +- **Other:** NPMplus HA alert (✅ done), storage monitor notifications (✅ done), CCIPLogger (✅ decision: omit unless monitoring). + +--- + +## Part 2 — Recommendations and suggestions to implement + +### 2.1 Verification and source of truth (contracts) + +| # | Recommendation | Action | +|---|----------------|--------| +| R1 | **Verify every deployed contract on Blockscout** | Use [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) and Forge Verification Proxy so source is public and matches bytecode. | +| R2 | **Single source of truth** | Keep [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) and [SMART_CONTRACTS_INVENTORY_ALL_CHAINS](../11-references/SMART_CONTRACTS_INVENTORY_ALL_CHAINS.md) updated when new contracts are deployed or deprecated; reconcile duplicate .env entries. | +| R3 | **On-chain confirmation** | Periodically run on-chain checklist or `check-contracts-on-chain-138.sh`; fix any MISSING/EMPTY. | + +### 2.2 Security and secrets + +| # | Recommendation | Action | +|---|----------------|--------| +| R4 | **Deprecated bridge** | Do not use CCIPWETH9Bridge at `0x89dd...`; use only `0x971c...` and set `CCIPWETH9_BRIDGE_CHAIN138` in env. | +| R5 | **Secrets** | Never commit `.env` or private keys; use [MASTER_SECRETS_INVENTORY](../04-configuration/MASTER_SECRETS_INVENTORY.md); rotate any exposed keys. | +| R6 | **API keys in .env.example** | ✅ **Done** — root and token-aggregation use `your-coingecko-api-key` / `your-coinmarketcap-api-key`. Rotate any keys if they were ever committed. | +| R7 | **Access** | Restrict deployer key and RPC admin access (RPC_URL_138 = Chain 138 Core) to operators who need them. | + +### 2.3 Deployment + +| # | Recommendation | Action | +|---|----------------|--------| +| R8 | **RPC for deploy (Chain 138)** | Set `RPC_URL_138` (Core, e.g. `http://192.168.11.211:8545` or `https://rpc-core.d-bis.org`); run from LAN/VPN if 192.168.11.x not reachable. | +| R9 | **Gas** | Use `GAS_PRICE=1000000000` (or current network minimum) if min-gas-price errors; see [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md). | +| R10 | **Order** | Phased core: run 01_DeployCore first, set env, then 02_DeployBridges. alltra-lifi-settlement: deploy MerchantSettlementRegistry before WithdrawalEscrow. | +| R11 | **Nonce** | If tx stuck, manage nonce explicitly; see [DEPLOYMENT_STRATEGY_EVALUATION](../06-besu/DEPLOYMENT_STRATEGY_EVALUATION.md). | + +### 2.4 Documentation and runbooks + +| # | Recommendation | Action | +|---|----------------|--------| +| R12 | **Runbooks in sync** | Keep [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md), [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md), [BLOCKSCOUT_FIX_RUNBOOK](../03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md) in sync with scripts and Blockscout URL. | +| R13 | **Per-chain addresses** | When deploying to mainnet or other chains, document addresses in CONTRACT_ADDRESSES_REFERENCE or chain-specific doc and link from SMART_CONTRACTS_INVENTORY_ALL_CHAINS. | + +### 2.5 Automation and CI/CD + +| # | Recommendation | Action | +|---|----------------|--------| +| R14 | **Verification in pipeline** | Run `run-contract-verification-with-proxy.sh` (or Blockscout verification) after deployments when Blockscout is reachable from CI. | +| R15 | **Deployment automation** | Consider a single script that checks env, deploys, verifies, and updates config (see [COMPREHENSIVE_RECOMMENDATIONS](../06-besu/COMPREHENSIVE_RECOMMENDATIONS.md) § Infrastructure). | +| R16 | **Config by environment** | Use `.env.development` / `.env.staging` / `.env.production` or JSON configs per chain to avoid mixing addresses. | + +### 2.6 Monitoring and operations + +| # | Recommendation | Action | +|---|----------------|--------| +| R17 | **Event monitoring** | Monitor critical bridge/oracle events (e.g. TransferInitiated, TransferCompleted, price updates); see COMPREHENSIVE_RECOMMENDATIONS § Monitoring. | +| R18 | **Explorer health** | Ensure Blockscout (VMID 5000) is up and `/api` is reachable; see [EXPLORER_API_ACCESS](../../explorer-monorepo/docs/EXPLORER_API_ACCESS.md) and BLOCKSCOUT_FIX_RUNBOOK. | + +### 2.7 Testing and quality + +| # | Recommendation | Action | +|---|----------------|--------| +| R19 | **Test before deploy** | Run `forge test` in smom-dbis-138 and alltra-lifi-settlement before deploying; run integration tests where available. | +| R20 | **NatSpec** | Add NatSpec to public contract functions for better verification and tooling (COMPREHENSIVE_RECOMMENDATIONS § Code Quality). | + +### 2.8 Configuration and DNS + +| # | Recommendation | Action | +|---|----------------|--------| +| R21 | **Sankofa / The Order** | When The Order portal is deployed, add NPMplus proxy host and document in RPC_ENDPOINTS_MASTER and ALL_VMIDS_ENDPOINTS; replace SANKOFA_CUTOVER_PLAN TBDs with actual IPs/ports. | +| R22 | **Network placeholders** | Document or configure blocks #2–#6 in NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER when assigned. | + +### 2.9 Quick wins (code) + +| # | Recommendation | Action | +|---|----------------|--------| +| R23 | **Scripts** | Add progress indicators; add `--dry-run` to scripts that lack it; extend config validation (see [IMPLEMENTATION_CHECKLIST](../10-best-practices/IMPLEMENTATION_CHECKLIST.md)). | + +### 2.10 Token mapping (138↔Mainnet) + +| # | Recommendation | Action | +|---|----------------|--------| +| R24 | **Token mapping source of truth** | Keep [config/token-mapping.json](../../config/token-mapping.json) as single source of truth for Chain 138↔Mainnet token addresses. When adding a new token, update token-mapping.json and optionally [CHAIN138_TOKEN_ADDRESSES](../11-references/CHAIN138_TOKEN_ADDRESSES.md). See [TOKEN_MAPPING_AND_MAINNET_ADDRESSES](../07-ccip/TOKEN_MAPPING_AND_MAINNET_ADDRESSES.md). | + +--- + +## Part 3 — Quick reference (key commands) + +| Task | Command | +|------|---------| +| **Completable from anywhere (all 4 steps)** | `./scripts/run-completable-tasks-from-anywhere.sh` [`--dry-run`] — **Exit 0 = success** (Unix: 0 = OK, non-zero = failure). `--dry-run` prints commands only. | +| On-chain check (Chain 138) | `./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL]` | +| Blockscout verification | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | +| Run completable tasks (no LAN) | `./scripts/run-completable-tasks-from-anywhere.sh` | +| MetaMask integration test | `cd ~/projects/metamask-integration && bash scripts/test-metamask-integration.sh` | +| Chain 138 Snap unit tests | `cd proxmox/metamask-integration/chain138-snap && pnpm run test` | +| Ledger manual checklist | `bash ~/projects/LedgerLive/step-08-manual-tests/run-checklist.sh` | + +--- + +## Part 4 — References (source docs) + +| Doc | Content | +|-----|---------| +| [BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN](BLITZKRIEG_SUPER_PRO_MAX_MASTER_PLAN.md) | Single-path execution spine (Steps 0–19); §2 three-column flow, §3 trail, §5 recommendations | +| [BLITZKRIEG_SOURCE_DOCUMENT_INDEX](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md) | **Where to update when completed** — full table of source docs and when to update each | +| [NEXT_STEPS_FOR_YOU](NEXT_STEPS_FOR_YOU.md) | What you need to do next (no infra) | +| [CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE](../11-references/CONTRACT_NEXT_STEPS_AND_RECOMMENDATIONS_COMPLETE.md) | Contract operator actions, recommendations (Part 3), commands | +| [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) | Security, config, code placeholders, TODOs by project | +| [LedgerLive GAPS_AND_MISSING_INTEGRATIONS](~/projects/LedgerLive/GAPS_AND_MISSING_INTEGRATIONS.md) | Ledger tokens, swap, staking, Clear Signing, i18n, E2E | +| [CHAIN138_WALLET_PROJECTS_COMPLETION_REVIEW](../04-configuration/CHAIN138_WALLET_PROJECTS_COMPLETION_REVIEW.md) | Wallet projects test status and recommendations | +| [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) | **Single list: all placeholders + what to complete** | +| [REQUIRED_FIXES_UPDATES_GAPS](../REQUIRED_FIXES_UPDATES_GAPS.md) | Placeholders and required fixes | +| [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md) | Placeholder list | +| [CONTRACT_NEXT_STEPS_LIST](../11-references/CONTRACT_NEXT_STEPS_LIST.md) | Single checklist (all items) | +| [RECOMMENDATIONS_AND_SUGGESTIONS](../10-best-practices/RECOMMENDATIONS_AND_SUGGESTIONS.md) | Documentation, testing, automation | +| [REMAINING_WORK_BREAKDOWN_AND_ANSWERS](REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md) | **Per-item breakdown:** prerequisites, owner, steps to complete, where to update | diff --git a/docs/00-meta/REMAINING_ITEMS_FULL_PARALLEL_LIST.md b/docs/00-meta/REMAINING_ITEMS_FULL_PARALLEL_LIST.md index 527c643..77e8ba4 100644 --- a/docs/00-meta/REMAINING_ITEMS_FULL_PARALLEL_LIST.md +++ b/docs/00-meta/REMAINING_ITEMS_FULL_PARALLEL_LIST.md @@ -172,4 +172,4 @@ **Total remaining (actionable):** Wave 0: 3 · Wave 1: 44 · Wave 2: 8 · Wave 3: 2 · Ongoing: 5. -**Last parallel run (2026-02-05):** Run log batch 11 — CI validation, config validation, security dry-runs (W1-1, W1-2), phase2 config, CCIP checklist, phase4 show-steps, config backup, shellcheck --optional, Wave 0 dry-run. See [FULL_PARALLEL_RUN_LOG.md](FULL_PARALLEL_RUN_LOG.md). +**Last parallel run (2026-02-05):** Run log batch 11 — CI validation, config validation, security dry-runs (W1-1, W1-2), phase2 config, CCIP checklist, phase4 show-steps, config backup, shellcheck --optional, Wave 0 dry-run. See [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived). diff --git a/docs/00-meta/REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md b/docs/00-meta/REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md index 2b78326..7373754 100644 --- a/docs/00-meta/REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md +++ b/docs/00-meta/REMAINING_TASKS_NEXT_STEPS_PHASES_REVIEW.md @@ -83,9 +83,9 @@ Within each wave there are **no ordering requirements** between items; run them | Category | Examples | |----------|----------| -| **Gas/Deploy** | Paymaster deploy (optional); see [SMART_ACCOUNTS_DEPLOYMENT_NOTE](../metamask-integration/docs/SMART_ACCOUNTS_DEPLOYMENT_NOTE.md). | +| **Gas/Deploy** | Paymaster deploy (optional); see [SMART_ACCOUNTS_DEPLOYMENT_NOTE](../../metamask-integration/docs/SMART_ACCOUNTS_DEPLOYMENT_NOTE.md). | | **Token/MetaMask** | Token-aggregation hardening; CoinGecko submission; Chain 138 Snap (market data, swap, bridge); Consensys outreach. | -| **API keys** | Li.Fi, Jumper, 1inch (see [API_KEYS_REQUIRED](../reports/API_KEYS_REQUIRED.md)). | +| **API keys** | Li.Fi, Jumper, 1inch (see [API_KEYS_REQUIRED](../../reports/API_KEYS_REQUIRED.md)). | | **Explorer** | Dark mode, network selector, sync indicator. | | **Placeholders** | Canonical addresses env-only; AlltraAdapter fee; Smart accounts kit; quote service Fabric chainId 999; .bak deprecation. | diff --git a/docs/00-meta/REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md b/docs/00-meta/REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md new file mode 100644 index 0000000..fdb9fd9 --- /dev/null +++ b/docs/00-meta/REMAINING_WORK_BREAKDOWN_AND_ANSWERS.md @@ -0,0 +1,320 @@ +# Remaining Work — Breakdown and Answers to Get Each Item Completed + +**Last Updated:** 2026-02-13 +**Purpose:** For every remaining task, this doc answers: *What exactly is it?* *What do I need before starting?* *Who does it?* *What are the exact steps to complete it?* *Where do I update when done?* + +**Source lists:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md), [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md), [NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md), [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md). + +**Code/deploy completed in repo (no LAN):** OMNIS deploy.sh — AUTO_MIGRATE, post-deploy health check (HEALTH_CHECK_URL/BACKEND_URL); OMNIS CI — migration step and health check with OMNIS_HEALTH_URL; TezosRelayService — real mint env documented (MOCK_TEZOS_RELAY=false, TEZOS_MINTER_ADDRESS, etc.). Actual contract deploys, Blockscout verification, funding relay, and VM creation require LAN and secrets; run per §2 and [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md). + +--- + +## How to use this doc + +- **External / waiting:** You cannot finish these without a third party (Ledger, Trust, CoinGecko, Consensys, or deployment of another system). The “answer” is: do the one action that unblocks (form, PR, outreach) then wait; when they respond, follow the linked runbook. +- **Operator / LAN:** You need SSH to Proxmox (or LAN to 192.168.11.x) and `.env` with PRIVATE_KEY, RPC, etc. Run the given commands from the linked doc or script. +- **Code / dev:** Engineering work in a specific repo/file; often blocked on product decision (e.g. which e-signature vendor) or external (e.g. Sankofa SDK). +- **Config / docs:** Update a doc or config file when a decision is made or a value is known; no code change. + +--- + +## 1. External / waiting (third party must act first) + +### 1.1 Ledger Live — Chain 138 integration + +| Question | Answer | +|----------|--------| +| **What is it?** | Chain 138 (Defi Oracle Meta Mainnet) added to Ledger Live’s supported networks so users see balances and send/receive on 138 in the app. | +| **Prerequisites** | Form already submitted (Tally). Nothing else you can do until Ledger replies. | +| **Who** | You (point of contact). After Ledger responds, you or dev follow their 8-step process. | +| **Steps to complete** | 1. **Now:** Wait for Ledger’s reply to the Tally form. 2. **When they reply:** Sign any agreement they send; follow their “Adding your blockchain to Ledger Wallet” steps (currency registration, device app, explorer, etc.). 3. **If they ask for PR/code:** Push materials from `~/projects/LedgerLive`, share link. 4. **After chain is live in Ledger Live:** Run Step 8 manual test plan (sync, receive, balance, broadcast) from `~/projects/LedgerLive/step-08-manual-tests/test-plan.md`. | +| **Where to update when done** | [ADD_CHAIN138_TO_LEDGER_LIVE](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md) — mark “Submitted” and add “Live in Ledger Live as of [date]”. [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) §1.1 tasks 1–3 → mark Done. When Ledger confirms, add tokens (CAL), optional swap/staking/i18n per [LedgerLive GAPS](~/projects/LedgerLive/GAPS_AND_MISSING_INTEGRATIONS.md). | + +**Ref:** [ADD_CHAIN138_TO_LEDGER_LIVE](../04-configuration/ADD_CHAIN138_TO_LEDGER_LIVE.md), [CHAIN138_WALLET_REPOSITORIES](../04-configuration/CHAIN138_WALLET_REPOSITORIES.md). + +--- + +### 1.2 Trust Wallet — Official chain list (Wallet Core PR) + +| Question | Answer | +|----------|--------| +| **What is it?** | Chain 138 in Trust Wallet’s built-in chain list (so users don’t have to add custom network manually). Users can already add 138 via Chainlist today. | +| **Prerequisites** | Registry entry prepared in `~/projects/TrustWallet-Integration` (e.g. `registry-entry-chain138.json`). | +| **Who** | You or dev. | +| **Steps to complete** | 1. Clone [trustwallet/wallet-core](https://github.com/trustwallet/wallet-core). 2. Add chain 138 to `registry.json` (use entry from TrustWallet-Integration; coinId = 10000138, chainId 138, derivation m/44'/60'/0'/0/0, explorer https://explorer.d-bis.org). 3. Run codegen and derivation tests per Trust docs. 4. Open PR to wallet-core. 5. (Optional) Submit Chain 138 native token logos via assets.trustwallet.com. | +| **Where to update when done** | [ADD_CHAIN138_TO_TRUST_WALLET](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md) — mark “Official support: PR merged”. [REMAINING_COMPONENTS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) §1.1 tasks 4–5 → Done. | + +**Ref:** [ADD_CHAIN138_TO_TRUST_WALLET](../04-configuration/ADD_CHAIN138_TO_TRUST_WALLET.md), [Trust new EVM chain](https://developer.trustwallet.com/developer/wallet-core/newblockchain/newevmchain). + +--- + +### 1.3 CoinGecko (and CMC) — Chain 138 and token listings + +| Question | Answer | +|----------|--------| +| **What is it?** | Chain 138 and tokens (e.g. cUSDT, cUSDC) listed on CoinGecko so MetaMask can show USD prices and so the chain/tokens get visibility. | +| **Prerequisites** | Token addresses, name/symbol/decimals, explorer links (you have these). Token logos 512×512 PNG; optional: website, social links. | +| **Who** | You or ops. Manual submission via CoinGecko’s form/process. | +| **Steps to complete** | 1. Read [COINGECKO_SUBMISSION_GUIDE](../04-configuration/coingecko/COINGECKO_SUBMISSION_GUIDE.md) and token-specific docs (COINGECKO_SUBMISSION_CUSDT.md, COINGECKO_SUBMISSION_CUSDC.md). 2. Prepare logos and any optional links. 3. Submit chain/token via CoinGecko’s listing request process (see guide). 4. Optionally submit to CMC using same data. Note: CoinGecko/CMC may not support chainId 138 immediately; external price in token-aggregation report will stay empty until they add support or you use another price source. | +| **Where to update when done** | [REMAINING_COMPONENTS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) §1.4 task 25; [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §8 Token aggregation — add “Submitted to CoinGecko/CMC on [date]” or “Listed on [date]”. | + +**Ref:** [COINGECKO_SUBMISSION_GUIDE](../04-configuration/coingecko/COINGECKO_SUBMISSION_GUIDE.md), [METAMASK_CHAIN138_FEATURE_PARITY](../04-configuration/metamask/METAMASK_CHAIN138_FEATURE_PARITY_ANALYSIS.md) §5. + +--- + +### 1.4 Consensys outreach — Swaps/Bridge for Chain 138 + +| Question | Answer | +|----------|--------| +| **What is it?** | Business/BD to get native MetaMask Swaps and Bridge support for Chain 138. | +| **Prerequisites** | [CONSENSYS_OUTREACH_PACKAGE](../../metamask-integration/docs/CONSENSYS_OUTREACH_PACKAGE.md) (materials to share). | +| **Who** | You or BD. | +| **Steps to complete** | Use CONSENSYS_OUTREACH_PACKAGE; contact Consensys per [METAMASK_CHAIN138_FEATURE_PARITY](../04-configuration/metamask/METAMASK_CHAIN138_FEATURE_PARITY_ANALYSIS.md). No technical steps until they agree to support 138. | +| **Where to update when done** | [REMAINING_COMPONENTS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) §1.4 task 24 — mark “Outreach sent” or “Support confirmed”. | + +--- + +### 1.5 Sankofa cutover / The Order portal + +| Question | Answer | +|----------|--------| +| **What is it?** | Sankofa and The Order services deployed; DNS and NPMplus point to real IPs/ports; replace TBDs in docs. | +| **Prerequisites** | Sankofa and The Order deployed; IPs and ports known (e.g. sankofa 192.168.11.51:3000 VMID 7801, phoenix 192.168.11.50:4000 VMID 7800 — already in docs). | +| **Who** | Ops when services are live. | +| **Steps to complete** | 1. Deploy Sankofa/The Order per your deployment process. 2. In [SANKOFA_CUTOVER_PLAN](../04-configuration/SANKOFA_CUTOVER_PLAN.md): replace ``, ``, table TBDs with actual IPs/ports. 3. In NPMplus: ensure proxy hosts for sankofa.nexus and phoenix.sankofa.nexus point to 192.168.11.51:3000 and 192.168.11.50:4000 (not .140). 4. When The Order portal is deployed: add NPMplus proxy for the-order.sankofa.nexus; document in [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md) and [ALL_VMIDS_ENDPOINTS](../04-configuration/ALL_VMIDS_ENDPOINTS.md). | +| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §2; [GAPS](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) §2.1–2.2; [REMAINING](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) R21. | + +--- + +## 2. Operator / LAN (run commands with secrets and network access) + +### 2.1 Blockscout source verification + +| Question | Answer | +|----------|--------| +| **What is it?** | All deployed contracts on Chain 138 verified on Blockscout so source is public and matches bytecode. | +| **Prerequisites** | Host that can reach Blockscout (explorer.d-bis.org or LAN); `smom-dbis-138/.env` loaded. | +| **Who** | Ops or dev from LAN. | +| **Steps to complete** | From repo root: `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh`. If one fails: `.../run-contract-verification-with-proxy.sh --only ContractName`. See [BLOCKSCOUT_VERIFICATION_GUIDE](../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md) and [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md). | +| **Where to update when done** | [CONTRACT_INVENTORY_AND_VERIFICATION](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md) — set “Verified” for each; [CONTRACT_NEXT_STEPS_LIST](../11-references/CONTRACT_NEXT_STEPS_LIST.md) — check “Blockscout verification”. | + +**Ref:** [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) §2. + +--- + +### 2.2 Multicall vs Oracle at 0x99b3511a2d315a497c8112c1fdd8d508d4b1e506 + +| Question | Answer | +|----------|--------| +| **What is it?** | That address holds either Multicall or Oracle Aggregator; docs mention both. Need a single source of truth. | +| **Prerequisites** | Access to explorer (e.g. https://explorer.d-bis.org/address/0x99b3511a2d315a497c8112c1fdd8d508d4b1e506). | +| **Who** | Operator or dev. | +| **Steps to complete** | 1. Open the explorer link; check contract name/source. 2. Document in [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) (and CONTRACT_INVENTORY if needed): “At 0x99b35... the contract is [Multicall | Oracle Aggregator].” Remove or qualify the other. | +| **Where to update when done** | CONTRACT_ADDRESSES_REFERENCE § Pre-Deployed / Newly Deployed; CONTRACT_INVENTORY_AND_VERIFICATION; [REMAINING](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) task 19. | + +--- + +### 2.3 AlltraAdapter — set bridge fee after deploy + +| Question | Answer | +|----------|--------| +| **What is it?** | AlltraAdapter has configurable `bridgeFee` (default 0.001 ALL). You must set the real fee once ALL Mainnet fee is known. | +| **Prerequisites** | AlltraAdapter deployed; ALL Mainnet fee known (from network docs or ops). | +| **Who** | Ops after deploy. | +| **Steps to complete** | 1. Confirm fee (e.g. in wei) with network docs or ops. 2. Call `setBridgeFee(uint256)` on AlltraAdapter: `cast send $ALLTRA_ADAPTER_CHAIN138 "setBridgeFee(uint256)" --rpc-url $RPC_URL_138 --private-key $PRIVATE_KEY --with-gas-price 1000000000`. 3. Set `ALLTRA_BRIDGE_FEE` in `smom-dbis-138/.env` for scripts. 4. Document final value in [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md) “AlltraAdapter — Bridge Fee”. | +| **Where to update when done** | PLACEHOLDERS_AND_TBD; [NOT_CHANGED_BY_DESIGN](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md) §1. | + +**Ref:** [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md) § AlltraAdapter. + +--- + +### 2.4 Smart accounts — deploy and set env + +| Question | Answer | +|----------|--------| +| **What is it?** | ERC-4337 EntryPoint, AccountFactory, Paymaster deployed; addresses in .env so DeploySmartAccountsKit (or apps) can use them. | +| **Prerequisites** | Decision to use smart accounts; deployer key and RPC. | +| **Who** | Ops/Eng. | +| **Steps to complete** | 1. Deploy EntryPoint, AccountFactory, Paymaster (e.g. via reference implementation or DeploySmartAccountsKit.s.sol if it deploys them). 2. Set in `smom-dbis-138/.env`: `ENTRY_POINT=0x...`, `SMART_ACCOUNT_FACTORY=0x...`, `PAYMASTER=0x...`. 3. .env.example and runbook already have placeholders and subsection; no doc change unless you add a “Deployed at” line. | +| **Where to update when done** | CONTRACT_ADDRESSES_REFERENCE if you want these in the main table; [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §3 Smart accounts → Done. | + +--- + +### 2.5 Periodic on-chain check + +| Question | Answer | +|----------|--------| +| **What is it?** | Re-run the 36-address on-chain check when you deploy new contracts or want to confirm all addresses. | +| **Prerequisites** | `RPC_URL_138` set; RPC reachable (from LAN or public). | +| **Who** | Ops or dev. | +| **Steps to complete** | `./scripts/verify/check-contracts-on-chain-138.sh` (or pass RPC as argument). Use `--dry-run` to only list addresses. | +| **Where to update when done** | If any MISSING/EMPTY: fix deployment or config (smart-contracts-master.json / contract-addresses.conf), then re-run. No separate “done” doc. | + +--- + +### 2.6 Fund mainnet relay bridge (WETH9) + +| Question | Answer | +|----------|--------| +| **What is it?** | CCIPRelayBridge on Mainnet must hold WETH so it can pay recipients when relaying 138→Mainnet. | +| **Prerequisites** | Mainnet RPC and deployer (or relayer) with WETH. | +| **Who** | Ops. | +| **Steps to complete** | `./scripts/bridge/fund-mainnet-relay-bridge.sh` or `.../fund-mainnet-relay-bridge.sh `. Or manually: `cast send 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 "transfer(address,uint256)" 0xF9A32F37099c582D28b4dE7Fca6eaC1e5259f939 --rpc-url $ETHEREUM_MAINNET_RPC --private-key $PRIVATE_KEY --legacy`. | +| **Where to update when done** | No doc update; operational. See [CCIP_BRIDGE_MAINNET_CONNECTION](../07-ccip/CCIP_BRIDGE_MAINNET_CONNECTION.md). | + +--- + +## 3. Code / dev (engineering in repo or external SDK) + +### 3.1 TezosRelayService — real mint/transfer (no mock) + +| Question | Answer | +|----------|--------| +| **What is it?** | Replace mock Tezos mint/transfer with real Taquito/Tezos RPC calls so bridge messages result in real Tezos mints/transfers. | +| **Prerequisites** | Tezos minter contract (or equivalent) and oracle secret key; Tezos RPC. | +| **Who** | Eng. | +| **Steps to complete** | 1. Set `TEZOS_MINTER_ADDRESS`, `TEZOS_ORACLE_SECRET_KEY` in env; set `MOCK_TEZOS_RELAY=false`. 2. In `smom-dbis-138/services/tezos-relay/src/TezosRelayService.js`: implement the “real” path: on bridge message, call Tezos contract to mint/transfer, then call `confirmTransaction(requestId, tezosTxHash)` (or equivalent) with ORACLE_ROLE. 3. Add unit/integration test on testnet. 4. Update [TEZOS_L1_RELAY_RUNBOOK](../../smom-dbis-138/docs/bridge/TEZOS_L1_RELAY_RUNBOOK.md) with run instructions and env. | +| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §3 TezosRelayService → Done; [NOT_CHANGED_BY_DESIGN](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md) §4. | + +--- + +### 3.2 OMNIS — Sankofa Phoenix SDK + +| Question | Answer | +|----------|--------| +| **What is it?** | Replace “TODO: Replace with actual Sankofa Phoenix SDK” with real SDK integration so auth and identity use Sankofa/Phoenix. | +| **Prerequisites** | Sankofa Phoenix SDK (or equivalent) available; integration spec. | +| **Who** | Eng (OMNIS). | +| **Steps to complete** | Integrate SDK in `src/identity/sankofa-phoenix.ts`, `authProvider.tsx`, `authController.ts` per Sankofa docs; or document dependency and timeline in OMNIS docs. | +| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §5; [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md) OMNIS section. | + +--- + +### 3.3 OMNIS — CI/CD and deploy (migration, health) + +| Question | Answer | +|----------|--------| +| **What is it?** | Real deployment pipeline and health checks (replace TODOs in deploy.sh / workflows). | +| **Prerequisites** | Deployment target (e.g. VM/container); DB migrations if any. | +| **Who** | Eng. | +| **Steps to complete** | Add database migration step and health check to `scripts/deploy.sh` and/or `.github/workflows`; wire to Sankofa Phoenix deployment when applicable. | +| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §5. | + +--- + +### 3.4 the-order — court e-filing, e-signature, document-security + +| Question | Answer | +|----------|--------| +| **What is it?** | Replace TODOs in legal-documents services with real integrations or documented vendor/roadmap. | +| **Prerequisites** | Vendor choice (e.g. DocuSign/Adobe Sign for e-signature; court e-filing system; document watermarking/redaction). | +| **Who** | Eng (the-order). | +| **Steps to complete** | For each: (1) court-efiling: integrate with actual court e-filing system or document API/status. (2) e-signature: integrate provider (DocuSign/Adobe Sign) and status/webhook. (3) document-security: implement fetch PDF → watermark/redact → re-upload or document. See [GAPS_AND_RECOMMENDATIONS_CONSOLIDATED](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) and [PLACEHOLDER_IMPLEMENTATIONS](../11-references/PLACEHOLDER_IMPLEMENTATIONS.md). | +| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §6; PLACEHOLDERS_AND_TBD. | + +--- + +### 3.5 dbis_core — as4-settlement liquidity limits + +| Question | Answer | +|----------|--------| +| **What is it?** | Implement or clearly document “Check intraday/daily usage”, “Implement liquidity reservation”, “Implement liquidity release” in liquidity-limits.service. | +| **Prerequisites** | Product/ops definition of liquidity rules. | +| **Who** | Eng (dbis_core). | +| **Steps to complete** | Implement the three pieces in `src/core/settlement/as4-settlement/liquidity-limits.service.ts` or add “future work” comments and ticket ref. | +| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §4. | + +--- + +### 3.6 EnhancedSwapRouter / DODOPMMProvider / Quote Fabric + +| Question | Answer | +|----------|--------| +| **What is it?** | When Uniswap/Balancer/DODO/Fabric exist: set quoter/poolId/FABRIC_CHAIN_ID and remove or document “return 0” / placeholder. | +| **Prerequisites** | Uniswap V3 / Balancer pools on chain; or DODO integrated; or Fabric live with chain ID. | +| **Who** | Eng. | +| **Steps to complete** | EnhancedSwapRouter: set `uniswapQuoter` and Balancer pool IDs via admin when pools exist. DODOPMMProvider: implement or document oracle-driven `optimizePoolParameters` when DODO integrated. Quote service: set `FABRIC_CHAIN_ID` in env to real chain ID when Fabric is live. | +| **Where to update when done** | [NOT_CHANGED_BY_DESIGN](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md) §3; [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md). | + +--- + +## 4. Config / docs only (no code, no external) + +### 4.1 Network blocks #2–#6 + +| Question | Answer | +|----------|--------| +| **What is it?** | Placeholders “To be configured” for public blocks #2–#6 in architecture/config docs. | +| **Prerequisites** | Decision: which blocks are assigned or reserved. | +| **Who** | Ops or doc owner. | +| **Steps to complete** | In [NETWORK_ARCHITECTURE](../02-architecture/NETWORK_ARCHITECTURE.md) and [NETWORK_CONFIGURATION_MASTER](../11-references/NETWORK_CONFIGURATION_MASTER.md): replace placeholders with “Reserved” or actual block assignments. | +| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §2; [GAPS](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) §2.3; R22 in REMAINING_COMPONENTS. | + +--- + +### 4.2 NPMplus proxy hosts — Sankofa/Phoenix vs explorer + +| Question | Answer | +|----------|--------| +| **What is it?** | Ensure only explorer.d-bis.org points to 192.168.11.140; sankofa.nexus and phoenix.sankofa.nexus point to .51:3000 and .50:4000. | +| **Prerequisites** | NPMplus access (LAN + NPM_PASSWORD). | +| **Who** | Ops. | +| **Steps to complete** | In NPMplus UI (or API): check proxy hosts for sankofa.nexus, phoenix.sankofa.nexus; set targets to 192.168.11.51:3000 and 192.168.11.50:4000. Only explorer.d-bis.org → 192.168.11.140. | +| **Where to update when done** | [GAPS](../GAPS_AND_RECOMMENDATIONS_CONSOLIDATED.md) §2.2; [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §2. | + +--- + +### 4.3 Automated backups (NPMplus) + +| Question | Answer | +|----------|--------| +| **What is it?** | NPMplus backup script scheduled and restore verified. | +| **Prerequisites** | LAN + NPM_PASSWORD; backup script exists (`scripts/verify/backup-npmplus.sh`). | +| **Who** | Ops. | +| **Steps to complete** | Run `./scripts/maintenance/schedule-npmplus-backup-cron.sh --install` (or equivalent); periodically run backup and test restore. | +| **Where to update when done** | [PLACEHOLDERS](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) §10; TODO_TASK_LIST_MASTER if referenced there. | + +--- + +## 5. Optional / when needed + +- **Trustless bridge:** Deploy from `script/bridge/trustless/` when you adopt that stack; document addresses. Ref: CONTRACT_NEXT_STEPS § Pending, [OPERATOR_OPTIONAL_CHECKLIST](../11-references/OPERATOR_OPTIONAL_CHECKLIST.md) §2. +- **Mainnet/multichain deploys:** Deploy to other chains with chain-specific scripts; document in CONTRACT_ADDRESSES_REFERENCE and SMART_CONTRACTS_INVENTORY_ALL_CHAINS. Ref: R13, CONTRACT_NEXT_STEPS. +- **PaymentChannelManager / GenericStateChannelManager:** Deploy when channel features are needed; use `--with-gas-price 1000000000` on 138. Ref: CONTRACT_NEXT_STEPS_LIST. +- **LINK on mainnet relay bridge:** Follow [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md); then set `relaySupported: true` for LINK in config/token-mapping.json. +- **Chain 138 Snap E2E:** Run full E2E (Playwright + MetaMask Flask) when needed; unit tests already pass. Ref: [chain138-snap/TESTING_INSTRUCTIONS](../../metamask-integration/chain138-snap/TESTING_INSTRUCTIONS.md). +- **Ledger tokens/CAL, swap, i18n, etc.:** After Ledger adds chain 138, follow [LedgerLive GAPS](~/projects/LedgerLive/GAPS_AND_MISSING_INTEGRATIONS.md) for tokens, optional swap/staking, i18n, E2E. + +--- + +## 6. One-line “answers” summary + +| Item | One-line answer | +|------|-----------------| +| Ledger 138 | Wait for Ledger reply → sign agreement → follow 8-step process; if they ask for PR, push LedgerLive materials. | +| Trust official | Open PR to trustwallet/wallet-core with registry entry (coinId 10000138, chainId 138); run codegen/tests. | +| CoinGecko/CMC | Submit chain + tokens via CoinGecko (and CMC) process; use COINGECKO_SUBMISSION_GUIDE and token docs. | +| Consensys | Use CONSENSYS_OUTREACH_PACKAGE; contact Consensys for Swaps/Bridge support for 138. | +| Sankofa cutover | When deployed: replace TBDs in SANKOFA_CUTOVER_PLAN; set NPMplus proxies to .51/.50; add the-order when live. | +| Blockscout verify | From LAN: `source smom-dbis-138/.env; ./scripts/verify/run-contract-verification-with-proxy.sh`. | +| Multicall vs Oracle | Check explorer for 0x99b35...; document which contract it is in CONTRACT_ADDRESSES_REFERENCE. | +| AlltraAdapter fee | After deploy: call `setBridgeFee(fee_wei)`; set ALLTRA_BRIDGE_FEE in .env; document in PLACEHOLDERS_AND_TBD. | +| Smart accounts | Deploy EntryPoint/Factory/Paymaster; set ENTRY_POINT, SMART_ACCOUNT_FACTORY, PAYMASTER in .env. | +| TezosRelay real mint | Set TEZOS_MINTER_ADDRESS, TEZOS_ORACLE_SECRET_KEY; implement real Taquito path; gate mock. | +| OMNIS Sankofa SDK | Integrate real Sankofa Phoenix SDK or document dependency/timeline. | +| OMNIS CI/CD | Add migration + health check to deploy.sh and workflows. | +| the-order legal | Choose vendors; implement court-efiling, e-signature, document-security or document roadmap. | +| dbis_core as4 liquidity | Implement or document liquidity reservation/release and intraday/daily checks. | +| EnhancedSwap/DODO/Fabric | When pools/Fabric exist: set quoter/poolId/FABRIC_CHAIN_ID; document or remove placeholders. | +| Blocks #2–#6 | In NETWORK_ARCHITECTURE and NETWORK_CONFIGURATION_MASTER: set “Reserved” or real block list. | +| NPMplus Sankofa targets | In NPMplus: sankofa → .51:3000, phoenix → .50:4000; only explorer → .140. | +| NPMplus backup | Schedule backup cron; verify restore. | + +--- + +## 7. Where to update when any item is completed + +- **This doc:** Add “Done [date]” next to the item and optional one-line note. +- **Master task lists:** [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md) (mark task # or R# Done), [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) (mark row Done), [NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS](NOT_CHANGED_BY_DESIGN_ACTIONABLE_STEPS.md) (mark step Done). +- **Source docs:** [BLITZKRIEG_SOURCE_DOCUMENT_INDEX](BLITZKRIEG_SOURCE_DOCUMENT_INDEX.md) — which doc to touch for that completion type. +- **Contract/address changes:** [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [config/smart-contracts-master.json](../../config/smart-contracts-master.json). diff --git a/docs/00-meta/REMAINING_WORK_DETAILED_STEPS.md b/docs/00-meta/REMAINING_WORK_DETAILED_STEPS.md index 87d05af..8fa15b2 100644 --- a/docs/00-meta/REMAINING_WORK_DETAILED_STEPS.md +++ b/docs/00-meta/REMAINING_WORK_DETAILED_STEPS.md @@ -1,6 +1,6 @@ # Remaining Work — Detailed Steps for Each Task -**Last Updated:** 2026-02-06 +**Last Updated:** 2026-02-20 **Purpose:** Single list of all remaining work with step-by-step instructions. **Sources:** [E2E_COMPLETION_TASKS_DETAILED_LIST.md](E2E_COMPLETION_TASKS_DETAILED_LIST.md), [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md), [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md). @@ -38,6 +38,8 @@ These can be done from your current environment (e.g. dev machine, WSL, CI) with **Completed (2026-02-05):** W1-11 (32 files archived to docs/archive/00-meta-status/), W1-12 (decision tree links, 04-config README, QUICK_REFERENCE_CARDS), W1-9/10/13 (NETWORK_ARCHITECTURE runbook cross-links), W1-20 (shellcheck --optional run), W1-21 (ENV_STANDARDIZATION + validate-config-files ref), W1-22–W1-24 (CoinGecko/Snap/Explorer refs in QUICK_REFERENCE_CARDS), W1-26/API keys (report + .env.example pointer), W1-14 (dbis_core: sample TS fix in cbdc-fx.service.ts; doc for prisma generate + implicit any), W1-15–W1-17 (PLACEHOLDERS canonical env note), CCIP checklist + all validation commands run. +**Completed (2026-02-20):** Doc consolidation continued — NEXT_STEPS_INDEX, DOCUMENTATION_CONSOLIDATION_PLAN; Batch 4+5 → 00-meta-pruned; ALL_TASKS_COMPLETE → root-status-reports; project root cleanup → archive/root-cleanup-20260220; fix-wsl-ip.sh → scripts/. Completable-from-anywhere run: config validation OK, on-chain check 45/45, run-all-validation --skip-genesis OK, reconcile-env --print. ARCHIVE_CANDIDATES "Last reviewed" set. + --- ## Wave 0 — Gates (Do First When Credentials Allow) @@ -372,7 +374,7 @@ These can be done from your current environment (e.g. dev machine, WSL, CI) with - **W1-3, W1-4:** smom security audits; bridge integrations — smom backlog. - **W1-14:** dbis_core TypeScript fixes — backlog; parallelize by module. - **W1-15 – W1-17:** smom placeholders; IRU; Fabric 999; .bak deprecation — see PLACEHOLDERS_AND_* docs. -- **Improvements index 1–139:** Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) by cohort; many overlap with W1/W2/W3 above. +- **Improvements index 1–139:** Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) by cohort; many overlap with W1/W2/W3 above. --- diff --git a/docs/00-meta/REMAINING_WORK_DETAILED_TASKS.md b/docs/00-meta/REMAINING_WORK_DETAILED_TASKS.md index 409725d..43e7f28 100644 --- a/docs/00-meta/REMAINING_WORK_DETAILED_TASKS.md +++ b/docs/00-meta/REMAINING_WORK_DETAILED_TASKS.md @@ -239,4 +239,4 @@ Use [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) and r | Wave 3 | 2 (W3-1, W3-2) | | Ongoing | 5 (scheduled) | -**References:** [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) · [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) · [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) · [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) · [FULL_PARALLEL_RUN_LOG.md](FULL_PARALLEL_RUN_LOG.md) +**References:** [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) · [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) · [REMAINING_ITEMS_FULL_PARALLEL_LIST.md](REMAINING_ITEMS_FULL_PARALLEL_LIST.md) · [MISSING_CONTAINERS_LIST.md](../03-deployment/MISSING_CONTAINERS_LIST.md) · [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) diff --git a/docs/00-meta/SAFE_PACKAGES_MIGRATION_PLAN.md b/docs/00-meta/SAFE_PACKAGES_MIGRATION_PLAN.md new file mode 100644 index 0000000..faf94bd --- /dev/null +++ b/docs/00-meta/SAFE_PACKAGES_MIGRATION_PLAN.md @@ -0,0 +1,60 @@ +# Safe (Gnosis) Packages Migration Plan + +**Last Updated:** 2026-02-16 +**Status:** Complete — migrated to `@safe-global/protocol-kit` v1 (ethers v5) + +--- + +## Current State + +**Package:** `smom-dbis-138/frontend-dapp` (bridge-dapp) + +| Package | Status | Replacement | +|---------|--------|-------------| +| `@safe-global/safe-core-sdk` | Deprecated | `@safe-global/protocol-kit` | +| `@safe-global/safe-ethers-lib` | Deprecated (bundled in protocol-kit) | `@safe-global/protocol-kit` | +| `@safe-global/safe-service-client` | Deprecated | `@safe-global/api-kit` | +| `@safe-global/api-kit` | In use | Already v4 — keep | + +## Migration Path + +### Step 1: Protocol Kit (replaces safe-core-sdk + safe-ethers-lib) + +1. **Docs:** https://docs.safe.global/sdk/protocol-kit/guides/migrate-to-v1 +2. **Install:** `pnpm add @safe-global/protocol-kit` +3. **Remove:** `@safe-global/safe-core-sdk`, `@safe-global/safe-ethers-lib` +4. **Code changes:** + - Replace `SafeFactory`, `SafeAccountConfig` imports from safe-core-sdk with protocol-kit equivalents + - Replace ethers adapters — protocol-kit uses ethers v6; bridge-dapp currently uses ethers v5 — may need adapter layer or upgrade ethers +5. **Vite config:** Update `vite.config.ts` exclude/include lists (remove old, add protocol-kit if needed) + +### Step 2: API Kit (replaces safe-service-client) + +1. **Docs:** https://docs.safe.global/sdk/api-kit/guides/migrate-to-v1 +2. **Already have:** `@safe-global/api-kit@^4.0.1` +3. **Remove:** `@safe-global/safe-service-client` +4. **Code changes:** Replace SafeServiceClient usage with ApiKit equivalents (see migration guide) + +### Step 3: Verification + +- Run `pnpm run build` in smom-dbis-138/frontend-dapp +- Test multisig / Safe deployment flows in admin panel +- Ensure WalletDeploymentEnhanced and any Safe-related components work + +## Affected Files + +- `smom-dbis-138/frontend-dapp/package.json` +- `smom-dbis-138/frontend-dapp/vite.config.ts` +- `smom-dbis-138/frontend-dapp/src/components/admin/WalletDeploymentEnhanced.tsx` (SafeFactory import commented out) +- Any component using SafeServiceClient or Safe SDK + +## Blockers / Notes + +- **ethers v5 vs v6:** bridge-dapp uses ethers v5; protocol-kit prefers ethers v6. Check protocol-kit compatibility or use adapter. +- **supertest migrated:** token-aggregation report tests now use native fetch + http server (no deprecated supertest). + +## References + +- [Safe Protocol Kit Migration](https://docs.safe.global/sdk/protocol-kit/guides/migrate-to-v1) +- [Safe API Kit Migration](https://docs.safe.global/sdk/api-kit/guides/migrate-to-v1) +- [Safe SDK Reference](https://docs.safe.global/safe-core-aa-sdk/protocol-kit/reference/v1) diff --git a/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md b/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md new file mode 100644 index 0000000..92019ff --- /dev/null +++ b/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md @@ -0,0 +1,129 @@ +# Steps You Can Do From Proxmox / LAN With Secrets + +**Last Updated:** 2026-02-14 +**Purpose:** When you have SSH to the Proxmox host (or any host on the same LAN as 192.168.11.x) and access to `.env` files (PRIVATE_KEY, NPM_PASSWORD, RPC URLs, etc.), you can run many more tasks than the "from anywhere" set. This document lists all of them. + +**From anywhere (no LAN/creds):** See [run-completable-tasks-from-anywhere.sh](../../scripts/run-completable-tasks-from-anywhere.sh) — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, reconcile-env. + +**Single script (LAN + secrets):** [run-all-operator-tasks-from-lan.sh](../../scripts/run-all-operator-tasks-from-lan.sh) — optional phases: backup, contract verify, contract deploy, VM/container creation. Use `--dry-run` to print steps. + +--- + +## 1. Contract deployment (Chain 138) + +Requires: `smom-dbis-138/.env` with `PRIVATE_KEY`, `RPC_URL_138` (Chain 138 Core, e.g. `http://192.168.11.211:8545`). All Forge deploys must use `--with-gas-price 1000000000` (or `GAS_PRICE=1000000000`). + +| Step | Command / action | Notes | +|------|------------------|--------| +| Deploy core (Multicall, Oracle, MultiSig) | `cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh` | If already deployed, script overwrites; check CONTRACT_ADDRESSES_REFERENCE. | +| Deploy CCIPReceiver + Voting | Set `CCIP_ROUTER_ADDRESS`, `ORACLE_AGGREGATOR_ADDRESS` in .env; run deploy script or phased script | See [CONTRACT_DEPLOYMENT_RUNBOOK](../03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md). | +| Deploy phased (01–06) | `cd smom-dbis-138 && ./scripts/deployment/deploy-all-phases.sh` | Skips phases when env vars already set; use `--all` to run all. | +| Deploy TransactionMirror | `./scripts/deployment/deploy-transaction-mirror-chain138.sh` | Use if forge script fails (constructor-args decode); add `TRANSACTION_MIRROR_ADDRESS` to .env after. | +| Update config | After any deploy: update `config/smart-contracts-master.json` (and optionally `config/contract-addresses.conf` for verify scripts), [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) | Then re-run on-chain check. | + +--- + +## 2. Contract verification (Blockscout) + +Requires: Host that can reach Blockscout (explorer.d-bis.org or LAN IP). Load `smom-dbis-138/.env` for contract list. The forge-verification-proxy accepts both JSON and form-encoded bodies (fix applied 2026-02). + +| Step | Command / action | Notes | +|------|------------------|--------| +| Verify all (proxy) | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | Submits source to Blockscout via proxy (starts proxy automatically). | +| Verify one contract | `./scripts/verify/run-contract-verification-with-proxy.sh --only ContractName` | Retry single contract. | +| On-chain check | `./scripts/verify/check-contracts-on-chain-138.sh` (uses `RPC_URL_138`) or `.../check-contracts-on-chain-138.sh $RPC_URL_138` | Confirms 36 addresses exist; no Blockscout needed. | + +--- + +## 3. Fix E2E 502s (backends + NPMplus + RPC) + +Requires: LAN (SSH to Proxmox, reach NPMplus). When public domains (dbis-admin, secure, dbis-api, rpc-http-prv, rpc-alltra*, rpc-hybx*) return 502, use this flow first. + +| Step | Command / action | Notes | +|------|------------------|--------| +| **Address all 502s** | `./scripts/maintenance/address-all-remaining-502s.sh` | Backends + NPMplus proxy update (if NPM_PASSWORD set) + RPC diagnostics. | +| With Besu fix + E2E | `./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e` | Also runs fix-all-besu-nodes.sh and verify-end-to-end-routing.sh. | +| E2E only | `./scripts/verify/verify-end-to-end-routing.sh` | Re-check after fixes. Use `E2E_ACCEPT_502_INTERNAL=1` to allow exit 0 when only 502s remain. | + +**Runbook:** [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](../00-meta/502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md) — backend map, per-step fix, NPMplus refresh, RPC diagnostics. + +--- + +## 4. Backups and NPMplus + +Requires: LAN access to NPMplus (192.168.11.x) and `NPM_PASSWORD` in env (or script prompt). + +| Step | Command / action | Notes | +|------|------------------|--------| +| NPMplus backup | `./scripts/verify/backup-npmplus.sh` | Backs up NPMplus container config. | +| NPMplus RPC proxy fix | `./scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` | Updates proxy hosts via API. | +| Schedule backup cron | `./scripts/maintenance/schedule-npmplus-backup-cron.sh --install` | Cron for periodic backup. | + +--- + +## 5. Proxmox VM/container creation (capacity and HA) + +Requires: SSH to Proxmox host (e.g. `root@192.168.11.10` or r630-01/r630-02). See [PROXMOX_VM_CREATION_RUNBOOK](../03-deployment/PROXMOX_VM_CREATION_RUNBOOK.md) for capacity and availability best practices. + +| Step | Command / action | Notes | +|------|------------------|--------| +| DBIS Core containers (6) | `./dbis_core/scripts/deployment/create-dbis-core-containers.sh` | Creates 10100, 10101, 10120, 10150, 10151, 10130 on PROXMOX_HOST. | +| Create missing RPC containers | `./scripts/create-missing-containers-2506-2508.sh` (if VMIDs 2506–2508 needed) | Per VMID allocation. | +| Chain 138 containers | `./scripts/create-chain138-containers.sh` (if defined) | Besu/RPC/explorer as per docs. | +| Spread VMs across nodes | Prefer r630-01 / r630-02 for new VMs to balance load; ml110 already has 34 containers | See PROXMOX_COMPLETE_RECOMMENDATIONS. | + +--- + +## 6. Bridge and cross-chain (LAN + PRIVATE_KEY + LINK) + +| Step | Command / action | Notes | +|------|------------------|--------| +| sendCrossChain (real) | `./scripts/bridge/run-send-cross-chain.sh [recipient]` | Omit `--dry-run`; requires LINK in deployer wallet. | +| Fund mainnet relay | `./scripts/bridge/fund-mainnet-relay-bridge.sh` | When configuring mainnet bridge. | +| Grant relayer role | `./scripts/bridge/grant-relayer-role-mainnet.sh` | When configuring roles. | + +--- + +## 7. Security and maintenance (from LAN) + +| Step | Command / action | Notes | +|------|------------------|--------| +| SSH key auth | `./scripts/security/setup-ssh-key-auth.sh [--dry-run|--apply]` | Centralize key-based SSH. | +| Firewall 8006 | `./scripts/security/firewall-proxmox-8006.sh [--dry-run|--apply] [CIDR]` | Restrict Proxmox API. | +| Daily/weekly cron | `./scripts/maintenance/schedule-daily-weekly-cron.sh --install` | Health and cleanup. | + +--- + +## 8. Tests (with RPC / env) + +From repo root, with `smom-dbis-138/.env` and RPC reachable: + +| Step | Command / action | Notes | +|------|------------------|--------| +| Forge tests (Chain 138) | `cd smom-dbis-138 && forge test` | Unit tests. | +| alltra-lifi-settlement | `cd alltra-lifi-settlement && forge test && npm run test:e2e -- --forceExit` | Settlement tests. | + +--- + +## 9. Config and docs (after deploys) + +| Step | Action | Notes | +|------|--------|--------| +| Reconcile .env | `./scripts/verify/reconcile-env-canonical.sh --print` | Emit canonical lines; merge into smom-dbis-138/.env. | +| Update CONTRACT_ADDRESSES_REFERENCE and master JSON | Add any new addresses to `config/smart-contracts-master.json` and [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md) | Keep CONTRACT_INVENTORY in sync. | +| Verify on explorer | Open https://explorer.d-bis.org/address/ for new contracts | Confirm bytecode and verification. | + +--- + +## Quick reference: run-all-operator-tasks-from-lan.sh + +```bash +# From repo root, on a host on LAN with secrets available +source smom-dbis-138/.env 2>/dev/null +./scripts/run-all-operator-tasks-from-lan.sh --dry-run # print all steps +./scripts/run-all-operator-tasks-from-lan.sh # run backup + verify (default) +./scripts/run-all-operator-tasks-from-lan.sh --deploy # also run contract deploy (if not yet deployed) +./scripts/run-all-operator-tasks-from-lan.sh --create-vms # also create DBIS Core / missing containers +``` + +See script help for `--skip-backup`, `--skip-verify`, and phase ordering. diff --git a/docs/00-meta/TASKS_RUNBOOKS_REMAINING_AND_RECOMMENDATIONS.md b/docs/00-meta/TASKS_RUNBOOKS_REMAINING_AND_RECOMMENDATIONS.md new file mode 100644 index 0000000..07e094f --- /dev/null +++ b/docs/00-meta/TASKS_RUNBOOKS_REMAINING_AND_RECOMMENDATIONS.md @@ -0,0 +1,142 @@ +# Tasks, Runbooks, Remaining Deployments, and Recommendations + +**Purpose:** Single list of (1) runbooks/tasks not yet run, (2) completed items, (3) remaining deployments, and (4) recommendations and suggestions. +**Last updated:** 2026-02-20 + +**Related:** [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) | [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) | [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) | [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md) | [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md) + +--- + +## 1. Runbooks / tasks not yet run (operator or when-ready) + +These have runbooks or scripts ready; execution is operator/LAN or when blockers clear. + +| # | Task | Runbook / command | Owner / blocker | +|---|------|-------------------|-----------------| +| 1 | **Wemix token verification** | Open [scan.wemix.com/tokens](https://scan.wemix.com/tokens); update `config/token-mapping-multichain.json` and [WEMIX_TOKEN_VERIFICATION.md](../07-ccip/WEMIX_TOKEN_VERIFICATION.md) if needed; run `./scripts/validation/validate-config-files.sh` | Operator | +| 2 | **Gnosis, Celo, Wemix CCIP bridges** | [CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md](../07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md) — deploy WETH bridges, add destinations, fund LINK | Operator/LAN | +| 3 | **LINK support on Mainnet relay** | [RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md](../07-ccip/RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK.md) — Option A or B, implement, deploy, set `relaySupported: true` for LINK | Operator/LAN | +| 4 | **Blockscout verification** | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | Operator/LAN | +| 5 | **Fix E2E 502s** | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `./scripts/maintenance/address-all-remaining-502s.sh`; runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md) | Operator/LAN | +| 6 | **Run all operator tasks** | `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` — backup, verify, optional deploy/VMs; [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md) | Operator/LAN | +| 7 | **DODO PMM on Chain 138** (create pools if not done) | Set `DODO_VENDING_MACHINE_ADDRESS`, `COMPLIANT_*` in smom-dbis-138/.env; `./scripts/deployment/run-pmm-and-pools.sh` or `scripts/setup-dodo-pools.sh`; [CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK](../../smom-dbis-138/docs/deployment/CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK.md) | Operator | +| 8 | **PMM / DODO on L2s (G1)** | Set per-chain RPC + DVM + USDT/USDC; `./smom-dbis-138/scripts/deployment/deploy-pmm-all-l2s.sh`; [OPERATOR_NEXT_STEPS_RUNBOOK](../../smom-dbis-138/docs/deployment/OPERATOR_NEXT_STEPS_RUNBOOK.md) G1 | Operator | +| 9 | **Trustless Inbox + LP on L2s (G2)** | `./smom-dbis-138/scripts/deployment/deploy-trustless-l2s.sh` | Operator | +| 10 | **Lockbox on L2s (G3)** | `TRUSTLESS_DEPLOY_LOCKBOX=1 ./smom-dbis-138/scripts/deployment/deploy-trustless-l2s.sh` | Operator | +| 11 | **Fund mainnet Liquidity Pool (G4)** | `./smom-dbis-138/scripts/deployment/fund-mainnet-lp.sh`; [LIQUIDITY_POOL_CONTROLS_RUNBOOK](../03-deployment/LIQUIDITY_POOL_CONTROLS_RUNBOOK.md) | Operator | +| 12 | **Mainnet trustless stack** | Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet); [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) §7 | Operator | +| 13 | **cUSDT/cUSDC to other chains + Uniswap/Balancer/Curve** | [CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK](../../smom-dbis-138/docs/deployment/CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK.md); scripts: `deploy-cusdt-cusdc-all-chains.sh`, `create-uniswap-v3-pool-cusdt-cusdc.sh` | Operator | +| 14 | **CCIPLogger on Mainnet, BSC, Polygon, Gnosis** | `forge script script/DeployCCIPLogger.s.sol --rpc-url --broadcast` per chain | Operator | +| 15 | **AddressMapper on other chains** (optional) | DeployAddressMapperOtherChain.s.sol per chain; update `config/smart-contracts-master.json` | Optional | +| 16 | **Paymaster (optional)** | `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast` when sources ready | Optional | + +--- + +## 2. Blocked or when-stuck-tx-cleared + +| # | Task | Blocker | When unblocked | +|---|------|---------|-----------------| +| 17 | **Chain 138 deployments (Phase 6/8, trustless, vault, etc.)** | Stuck tx / "Replacement transaction underpriced" | Flush mempool from RPC host or use fresh wallet; then `./smom-dbis-138/scripts/deployment/run-all-deployments-parallel.sh chain138` | +| 18 | **eMoney TokenFactory138, bridge, vault, reserve** | Same stuck tx on 138 | [cancel-pending-transactions.sh](../../scripts/cancel-pending-transactions.sh) or resolve from RPC node; [TODO_TASKS_STATUS](../../smom-dbis-138/docs/deployment/TODO_TASKS_STATUS.md) | +| 19 | **Cronos: ISO-4217W, Compliant Fiat, CCIPLogger** | Nonce / insufficient CRO | `./smom-dbis-138/scripts/deployment/fix-nonce-and-retry.sh cronos "script/...";` fund CRO | + +--- + +## 3. Completed (summary) + +- **From-anywhere:** `run-completable-tasks-from-anywhere.sh` (config validation, on-chain check, validation, reconcile-env). +- **Token-mapping API:** Bridge UIs/Snap use token-mapping; token-aggregation exposes API; doc hygiene (MAPPER_GAPS, Wemix scan). +- **AddressMapper on Cronos:** Deployed; config updated. +- **Runbooks and indexes:** OPERATIONAL_RUNBOOKS, RUNBOOKS_MASTER_INDEX, CUSDT multichain runbook, LIQUIDITY_POOL_CONTROLS, operator checklist. +- **Chain 138:** Core contracts, CCIP, Oracle, Mock DVM + DODOPMMIntegration (pools can be created); CCIPTxReporter deployed. +- **Canonical tokens (L2):** cUSDT/cUSDC supported in token-aggregation for chains 1, 56, 137, 10, 42161, 8453, 43114, 25, 100 when env set. + +--- + +## 4. Remaining deployments (by area) + +| Area | What remains | Runbook / ref | +|------|-------------------------------|----------------| +| **CCIP** | Gnosis, Celo, Wemix WETH9/WETH10 bridges; add destinations; fund LINK | CONFIG_READY_CHAINS_COMPLETION_RUNBOOK | +| **Relay** | LINK support on Mainnet (extend or new receiver); fund; token-mapping `relaySupported: true` | RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK | +| **Trustless** | Mainnet: InboxETH, BondManager, LiquidityPoolETH; optional Lockbox/Inbox on L2s | OPERATOR_READY_CHECKLIST §7; deploy-trustless-l2s.sh | +| **PMM** | Chain 138: create cUSDT/cUSDC pools if not done; L2s: deploy DODOPMMIntegration per chain | CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK; deploy-pmm-all-l2s.sh | +| **Liquidity** | Fund mainnet LiquidityPoolETH (ETH/WETH) | fund-mainnet-lp.sh | +| **cUSDT/cUSDC multichain** | Deploy tokens to BSC, Polygon, Base, etc.; create Uniswap/Balancer/Curve pools | CUSDT_CUSDC_MULTICHAIN_LIQUIDITY_RUNBOOK; deploy-cusdt-cusdc-all-chains.sh | +| **Optional** | AddressMapper other chains; CCIPLogger other chains; Paymaster; vault/reserve/Keeper per chain | OPERATOR_OPTIONAL_CHECKLIST; OPTIONAL_DEPLOYMENTS_START_HERE | + +--- + +## 5. External / third-party (not runnable in-repo) + +| # | Task | Action | Ref | +|---|------|--------|-----| +| 20 | **Ledger** | Await response to Tally form; sign and follow integration steps | ADD_CHAIN138_TO_LEDGER_LIVE | +| 21 | **Trust Wallet** | Open PR to trustwallet/wallet-core with Chain 138 registry entry | ADD_CHAIN138_TO_TRUST_WALLET | +| 22 | **Consensys** | Outreach for native Swaps/Bridge for Chain 138 | CONSENSYS_OUTREACH_PACKAGE | +| 23 | **CoinGecko/CMC** | Submit Chain 138 and tokens for MetaMask USD | COINGECKO_SUBMISSION_GUIDE; CMC_COINGECKO_SUBMISSION_RUNBOOK | + +--- + +## 6. Tezos / Etherlink (when scoped) + +| # | Task | Ref | +|---|------|-----| +| 24 | Verify Etherlink (42793) on CCIP; record selector/Router or "custom relay only" | TEZOS_CCIP_REMAINING_ITEMS | +| 25 | Verify Jumper and LiFi for 138, 651940, 42793; update config/matrix | TEZOS_CCIP_REMAINING_ITEMS | +| 26 | InitializeRegistry, DeployAllAdapters, Etherlink receiver, relay services | TEZOS_CCIP_RUNBOOKS_INDEX | + +--- + +## 7. Recommendations and suggestions (R1–R24 and more) + +**Source:** [RECOMMENDATIONS_OPERATOR_CHECKLIST.md](RECOMMENDATIONS_OPERATOR_CHECKLIST.md) (R1–R24) and [REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md](REMAINING_COMPONENTS_TASKS_AND_RECOMMENDATIONS.md). + +| # | Recommendation | When | +|---|-----------------|------| +| R1 | Verify every deployed contract on Blockscout (proxy or BLOCKSCOUT_VERIFICATION_GUIDE) | After each deployment when Blockscout reachable | +| R2 | Keep CONTRACT_ADDRESSES_REFERENCE and SMART_CONTRACTS_INVENTORY updated; reconcile .env | When new contracts deployed or deprecated | +| R3 | Run `./scripts/verify/check-contracts-on-chain-138.sh [RPC]`; fix any MISSING/EMPTY | Periodically or after deploy | +| R4 | Do not use deprecated CCIPWETH9Bridge; use only current and set CCIPWETH9_BRIDGE_CHAIN138 | Always | +| R5 | Never commit .env or private keys; use MASTER_SECRETS_INVENTORY; rotate if exposed | Always | +| R8 | Set RPC_URL_138 (Core); run from LAN/VPN if 192.168.11.x not reachable | Before deploy | +| R9 | Use GAS_PRICE=1000000000 (or current min) on Chain 138 | Every forge script on 138 | +| R10 | Deploy order: 01_DeployCore first, set env, then 02_DeployBridges; alltra: MerchantSettlementRegistry before WithdrawalEscrow | Deploy order | +| R12 | Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE, BLOCKSCOUT_FIX_RUNBOOK in sync with scripts/URL | After script or URL changes | +| R14 | Run run-contract-verification-with-proxy.sh after deployments when Blockscout reachable | CI after deploy | +| R17 | Monitor bridge/oracle events (TransferInitiated, TransferCompleted, price updates) | Ongoing | +| R18 | Ensure Blockscout (VMID 5000) up and /api reachable | Health checks | +| R19 | Run `forge test` in smom-dbis-138 and alltra-lifi-settlement before deploying | Pre-deploy | +| R21 | When The Order deployed: NPMplus proxy host; document in RPC_ENDPOINTS_MASTER, ALL_VMIDS_ENDPOINTS; replace SANKOFA_CUTOVER_PLAN TBDs | Sankofa/The Order go-live | +| R24 | Keep config/token-mapping.json single source of truth for 138↔Mainnet; update when adding tokens | Adding tokens | + +**Additional suggestions:** + +- Run `./scripts/run-completable-tasks-from-anywhere.sh` periodically (no LAN). +- Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) as needed; run `bash scripts/verify/run-all-validation.sh [--skip-genesis]`. +- Security: smom audits VLT-024, ISO-024; bridge integrations BRG-VLT, BRG-ISO (TODO_TASK_LIST_MASTER §5). +- dbis_core: ~1186 TS errors (deferred). +- Scripts: add progress indicators; add `--dry-run` where missing (R23). + +--- + +## 8. Quick command reference + +| Goal | Command | +|------|---------| +| From anywhere (no LAN) | `./scripts/run-completable-tasks-from-anywhere.sh` | +| Operator backup + verify | `./scripts/run-all-operator-tasks-from-lan.sh` | +| Operator + deploy | `./scripts/run-all-operator-tasks-from-lan.sh --deploy` | +| Blockscout verify | `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | +| E2E 502 fix | `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` | +| Config validation | `./scripts/validation/validate-config-files.sh` | +| On-chain check 138 | `./scripts/verify/check-contracts-on-chain-138.sh` | +| Full validation | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` | +| Deploy cUSDT/cUSDC all chains | `./smom-dbis-138/scripts/deployment/deploy-cusdt-cusdc-all-chains.sh` | +| PMM on L2s | `./smom-dbis-138/scripts/deployment/deploy-pmm-all-l2s.sh` | +| Fund mainnet LP | `./smom-dbis-138/scripts/deployment/fund-mainnet-lp.sh` | + +--- + +**Single-page operator copy-paste:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md). +**All runbooks:** [RUNBOOKS_MASTER_INDEX.md](../RUNBOOKS_MASTER_INDEX.md). diff --git a/docs/00-meta/TODOS_CONSOLIDATED.md b/docs/00-meta/TODOS_CONSOLIDATED.md new file mode 100644 index 0000000..063ff72 --- /dev/null +++ b/docs/00-meta/TODOS_CONSOLIDATED.md @@ -0,0 +1,133 @@ +# TODOs — Consolidated Task List + +**Last Updated:** 2026-02-20 +**Purpose:** Single checklist of all next steps and remaining tasks. Source of truth for the full list: [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md). + +**Quick run:** From anywhere (no LAN): `./scripts/run-completable-tasks-from-anywhere.sh`. From LAN with secrets: `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]`. + +**Last completable run (2026-02-20):** Config validation OK; on-chain 45/45; run-all-validation --skip-genesis OK; reconcile-env --print. Doc consolidation and root cleanup completed (see NEXT_STEPS_FOR_YOU, ARCHIVE_CANDIDATES). + +**Operator copy-paste commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) — one page with exact commands for every pending todo. + +--- + +## High priority + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 1 | **Wemix (1111) token addresses:** Confirm WETH, USDT, USDC on [scan.wemix.com/tokens](https://scan.wemix.com/tokens); if different official addresses, update `config/token-mapping-multichain.json` and WEMIX_TOKEN_VERIFICATION.md; run `validate-config-files.sh`. | Operator | RECOMMENDED_COMPLETION_CHECKLIST §1 | +| 2 | **Gnosis, Celo, Wemix CCIP bridges:** Per chain: set RPC, CCIP Router, LINK, WETH9/WETH10; run DeployWETHBridges; on 138 add destinations; on each new chain add 138; fund LINK; update env/docs. | Operator/LAN | CONFIG_READY_CHAINS_COMPLETION_RUNBOOK | + +--- + +## Medium priority + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 3 | **LINK support on Mainnet relay:** Option A or B per runbook; implement, deploy, fund LINK; set `relaySupported: true` for LINK in token-mapping.json; update docs. | Operator/LAN | RELAY_BRIDGE_ADD_LINK_SUPPORT_RUNBOOK | +| 4 | **Run "from anywhere" checks periodically:** `./scripts/run-completable-tasks-from-anywhere.sh` | Anyone | NEXT_STEPS_FOR_YOU §2 | +| 5 | **Placeholders (code):** Canonical addresses in token-aggregation (env); AlltraAdapter fee (setBridgeFee); smart accounts kit; quote service Fabric chainId; .bak (BAK_FILES_DEPRECATION). | Dev | REQUIRED_FIXES_UPDATES_GAPS | +| 6 | **API keys:** Sign up per reports/API_KEYS_REQUIRED.md; add to `.env`. | Anyone | NEXT_STEPS_FOR_YOU §2 | + +--- + +## When you have LAN / Proxmox + secrets + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 7 | **Blockscout verification:** `source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh` | Operator/LAN | CONTRACT_DEPLOYMENT_RUNBOOK | +| 8 | **Fix E2E 502s (if needed):** `./scripts/maintenance/run-all-maintenance-via-proxmox-ssh.sh --e2e` or `address-all-remaining-502s.sh` | Operator/LAN | 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES | +| 9 | **Operator tasks script:** `./scripts/run-all-operator-tasks-from-lan.sh [--deploy] [--create-vms]` | Operator/LAN | STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS | +| 10 | **sendCrossChain (real):** `bash scripts/bridge/run-send-cross-chain.sh 0.01` (when PRIVATE_KEY and LINK ready) | Operator/LAN | NEXT_STEPS_OPERATOR W0-2 | +| 11 | **NPMplus backup:** `bash scripts/verify/backup-npmplus.sh` | Operator/LAN | NEXT_STEPS_OPERATOR W0-3 | + +--- + +## Low priority (planned deployments) + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 12 | **AddressMapper on other chains:** Deploy via DeployAddressMapperOtherChain; set `mapper` in smart-contracts-master.json. (Cronos done.) | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §A | +| 13 | **DODO PMM on 138:** Deploy DODOPMMIntegration; set env; create cUSDT/cUSDC pools; document in LIQUIDITY_POOLS_MASTER_MAP. | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §B | +| 14 | **Mainnet trustless stack:** Deploy Lockbox138 (138) + InboxETH, BondManager, LiquidityPoolETH (Mainnet) per runbook; fund liquidity. | Planned | OPTIONAL_DEPLOYMENTS_START_HERE §C | + +--- + +## External / third-party + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 15 | **Ledger:** Await response to Tally form; sign agreement and follow integration steps. | You | ADD_CHAIN138_TO_LEDGER_LIVE | +| 16 | **Trust Wallet:** Open PR to trustwallet/wallet-core with Chain 138 registry entry. | You | ADD_CHAIN138_TO_TRUST_WALLET | +| 17 | **Consensys:** Outreach for native Swaps/Bridge for Chain 138. | You | CONSENSYS_OUTREACH_PACKAGE | +| 18 | **CoinGecko/CMC:** Submit Chain 138 and tokens for MetaMask USD. | You | COINGECKO_SUBMISSION_GUIDE | + +--- + +## Tezos / Etherlink (when scoped) + +| # | Task | Owner | Ref | +|---|------|--------|-----| +| 19 | Verify Etherlink (42793) on CCIP; record selector/Router/fee or "custom relay only." | Ops/Eng | TEZOS_CCIP_REMAINING_ITEMS | +| 20 | Verify Jumper and LiFi for 138, 651940, 42793, Tezos; update support matrix. | Eng | TEZOS_CCIP_REMAINING_ITEMS | +| 21 | InitializeRegistry, DeployAllAdapters; Etherlink receiver; Tezos L1 and Etherlink relay services. | Operator/LAN | TEZOS_CCIP_REMAINING_ITEMS | + +--- + +## Deployment / infrastructure phases + +| Phase | Tasks | Status | +|-------|--------|--------| +| Phase 1 — VLAN | UDM Pro VLAN; VLAN-aware bridge; migrate services to VLANs | ⏳ Pending | +| Phase 2 — Observability | Monitoring stack; Grafana via Cloudflare Access; alerts | ⏳ Pending | +| Phase 3 — CCIP fleet | CCIP Ops/Admin; commit/execute/RMN nodes; NAT pools | ⏳ Pending | +| Phase 4 — Sovereign tenants | Sovereign VLANs; tenant isolation; access control | ⏳ Pending | +| Missing containers | 2506, 2507, 2508 (Besu RPC) — see MISSING_CONTAINERS_LIST.md | High | + +--- + +## Security & codebase + +| # | Task | Ref | +|---|------|-----| +| 22 | **Security audits:** smom VLT-024, ISO-024; bridge BRG-VLT, BRG-ISO. | TODO_TASK_LIST_MASTER §5 | +| 23 | **dbis_core:** ~1186 TS errors (deferred). | TODO_TASK_LIST_MASTER §8 | +| 24 | **Paymaster (optional):** Deploy when sources ready. | SMART_ACCOUNTS_DEPLOYMENT_NOTE | + +--- + +## Maintenance (ongoing) + +| Task | Frequency | +|------|-----------| +| Monitor explorer sync / RPC health (e.g. VMID 2201) | Daily | +| Check config API uptime | Weekly | +| Review explorer logs | Weekly | +| Update token list | As needed | +| Fix E2E 502s when domains 502 | As needed — from LAN: `address-all-remaining-502s.sh` | + +Cron: `schedule-daily-weekly-cron.sh --install`; NPMplus backup: `schedule-npmplus-backup-cron.sh --install`. + +--- + +## Validation commands + +| Check | Command | +|-------|---------| +| Completable from anywhere | `./scripts/run-completable-tasks-from-anywhere.sh` | +| All validation (CI) | `bash scripts/verify/run-all-validation.sh [--skip-genesis]` | +| Config files | `bash scripts/validation/validate-config-files.sh` | +| On-chain (Chain 138) | `./scripts/verify/check-contracts-on-chain-138.sh` | +| E2E routing | `./scripts/verify/verify-end-to-end-routing.sh` | + +--- + +## References + +- [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md) — copy-paste commands for all operator/LAN tasks +- [NEXT_STEPS_AND_REMAINING_TODOS.md](NEXT_STEPS_AND_REMAINING_TODOS.md) — full detail and completed items +- [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md) — master list and phases +- [NEXT_STEPS_FOR_YOU.md](NEXT_STEPS_FOR_YOU.md) — your next actions +- [NEXT_STEPS_OPERATOR.md](NEXT_STEPS_OPERATOR.md) — operator runbook +- [TODO_TASK_LIST_MASTER.md](TODO_TASK_LIST_MASTER.md) — fixes, gas, verification, 1–139 index +- [RECOMMENDED_COMPLETION_CHECKLIST.md](../07-ccip/RECOMMENDED_COMPLETION_CHECKLIST.md) — CCIP/mapper checklist diff --git a/docs/00-meta/TODO_TASK_LIST_MASTER.md b/docs/00-meta/TODO_TASK_LIST_MASTER.md index 560c0ef..a021b38 100644 --- a/docs/00-meta/TODO_TASK_LIST_MASTER.md +++ b/docs/00-meta/TODO_TASK_LIST_MASTER.md @@ -1,12 +1,14 @@ # Master TODO Task List -**Last Updated:** 2026-02-05 +**Last Updated:** 2026-02-13 **Purpose:** Consolidated list of all fixes, enhancements, improvements, optimizations, recommendations, and missed steps. **Full index (1–139):** [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) +**Fully expanded checklist (everything conceivable):** **[MASTER_TODO_EXPANDED.md](MASTER_TODO_EXPANDED.md)** — Blitzkrieg Steps 0–19, R1–R23, tasks 1–30, Ledger 8–17, DEX/TransactionMirror, Tezos/CCIP, CONTRACT_NEXT_STEPS, GAPS, Supreme Command, Absolute Air Superiority, ALL_REQUIREMENTS, and validation commands. + **Execution mode: Full maximum parallel.** Run all remaining items in parallel by wave. See **[FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md)** for the ordered wave list (Wave 0 → Wave 1 → Wave 2 → Wave 3). Within each wave, execute every item concurrently; no artificial sequencing. Validation commands at bottom. -**Status:** [FULL_PARALLEL_RUN_LOG.md](FULL_PARALLEL_RUN_LOG.md) | [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) (step-by-step; 2026-02-05 completion) | **[REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md)** (2026-02-10: consolidated remaining tasks + API features inventory). +**Status:** [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) | [WAVE1_COMPLETION_SUMMARY.md](WAVE1_COMPLETION_SUMMARY.md) | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) (step-by-step; 2026-02-05 completion) | **[REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md)** (2026-02-10: consolidated remaining tasks + API features inventory). **2026-02-05:** Master documentation updated (MASTER_INDEX v5.8, docs/README, MASTER_PLAN, NEXT_STEPS_MASTER); "Can be accomplished now" list completed; 32 files archived to docs/archive/00-meta-status/. @@ -38,7 +40,7 @@ - [x] Use `GAS_PRICE=1000000000` when deploying (bridge script defaults to this) - [x] **Bridge dry-run verified:** `GAS_PRICE=1000000000 ./scripts/bridge/run-send-cross-chain.sh [recipient] --dry-run` - [x] **Real transfer:** Omit `--dry-run` to execute sendCrossChain; documented in [scripts/README.md](../../scripts/README.md) §8. Ensure LINK approved for fee token if needed. -- [ ] **Paymaster (optional):** `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast` — requires contract sources; see [SMART_ACCOUNTS_DEPLOYMENT_NOTE.md](../metamask-integration/docs/SMART_ACCOUNTS_DEPLOYMENT_NOTE.md) +- [ ] **Paymaster (optional):** `forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url $RPC_URL_138 --broadcast` — requires contract sources; see [SMART_ACCOUNTS_DEPLOYMENT_NOTE.md](../../metamask-integration/docs/SMART_ACCOUNTS_DEPLOYMENT_NOTE.md) --- @@ -50,9 +52,10 @@ - [x] verify-udm-pro: internal failure → warn - [x] verify-all-systems: flexible patterns; bash --norc - [x] Re-run: `bash scripts/verify/run-full-verification.sh` (2026-02-03) -- [x] **validate-genesis.sh (smom-dbis-138):** Fixed 2026-02-05 — runs standalone; QBFT supported. See [FULL_PARALLEL_RUN_LOG.md](FULL_PARALLEL_RUN_LOG.md) Wave 1 fifth batch. +- [x] **validate-genesis.sh (smom-dbis-138):** Fixed 2026-02-05 — runs standalone; QBFT supported. See [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) Wave 1 fifth batch. - [x] **validate-config-files.sh:** Pass (ip-addresses.conf, .env.example). Optional env warnings only. - [x] **E2E routing:** verify-end-to-end-routing.sh run; 25 DNS pass, 14 HTTPS pass, 6 RPC 405 until NPMplus fix from LAN. +- [x] **502 fix flow:** When E2E 502s persist (dbis-admin, secure, dbis-api, rpc-http-prv, rpc-alltra/hybx), from LAN run `./scripts/maintenance/address-all-remaining-502s.sh` (optionally `--run-besu-fix --e2e`). Runbook: [502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md](502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md). - [x] **Full verification includes config:** run-full-verification.sh Step 0 runs validate-config-files.sh (6 steps total). - [x] **Maintenance script:** daily-weekly-checks.sh [daily|weekly|all] — tested; RPC check OK. - [x] **shellcheck (optional):** `bash scripts/verify/run-shellcheck.sh` or `run-shellcheck-docker.sh`; use `--optional` to exit 0 when shellcheck not installed. @@ -79,7 +82,7 @@ | 131–134 | Orchestration portal | 4 | | 135–139 | Maintenance | 5 | -- [ ] **1–139** — Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) (parallel by cohort where no deps). Docs 68–74 index: [QUICK_REFERENCE_CARDS.md](../12-quick-reference/QUICK_REFERENCE_CARDS.md) §3.1. **CI validation:** `bash scripts/verify/run-all-validation.sh [--skip-genesis]` (dependencies + config + optional genesis). Config only: `scripts/validation/validate-config-files.sh` (set VALIDATE_REQUIRED_FILES for CI/pre-deploy). **Last full parallel run (2026-02-05):** run-all-validation, validate-config-files, security dry-runs, phase2 --config-only, CCIP checklist, phase4 --show-steps, config backup, Wave 0 --dry-run — see [FULL_PARALLEL_RUN_LOG.md](FULL_PARALLEL_RUN_LOG.md) batch 11. +- [ ] **1–139** — Work through [ALL_IMPROVEMENTS_AND_GAPS_INDEX.md](../ALL_IMPROVEMENTS_AND_GAPS_INDEX.md) (parallel by cohort where no deps). Docs 68–74 index: [QUICK_REFERENCE_CARDS.md](../12-quick-reference/QUICK_REFERENCE_CARDS.md) §3.1. **CI validation:** `bash scripts/verify/run-all-validation.sh [--skip-genesis]` (dependencies + config + optional genesis). Config only: `scripts/validation/validate-config-files.sh` (set VALIDATE_REQUIRED_FILES for CI/pre-deploy). **Last full parallel run (2026-02-05):** run-all-validation, validate-config-files, security dry-runs, phase2 --config-only, CCIP checklist, phase4 --show-steps, config backup, Wave 0 --dry-run — see [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) batch 11. --- @@ -116,7 +119,7 @@ --- -## 9. Documentation +## 9. Documentation (see also MASTER_TODO_EXPANDED §12) - [x] Update NEXT_STEPS_MASTER with 2026-02-03 completions (2026-02-05) - [x] Sync VM_RESTART known-issue #1 (Corrupted rootfs) — Resolved 2026-02-04; VM_RESTART doc updated @@ -124,7 +127,31 @@ --- -## 10. Optional / Enhancements +## 10. Blitzkrieg, DEX, Supreme Command (full list in MASTER_TODO_EXPANDED) + +- [ ] **Blitzkrieg trail:** Steps 0–19 (env freeze, canonical registry, token lists, GRU M1, CCIP, W-Tokens, wallet ingestion, Blockscout, bridge hardening, CI/CD, monitoring, security, dry-run done; optional Tezos/DODO) +- [ ] **Recommendations R1–R23:** Verification, single source of truth, on-chain check, secrets, RPC/gas/order, runbooks, automation, monitoring, tests, Sankofa/network placeholders +- [ ] **DEX / cross-chain:** TransactionMirror (Mainnet verify, Chain 138 deploy if needed); DODO (DODOPMMIntegration + Provider); EnhancedSwapRouter when pools exist; full trustless stack; Jumper/FABRIC_CHAIN_ID +- [ ] **Tezos/CCIP:** External verification (CCIP/Jumper/LiFi); InitializeRegistry/DeployAllAdapters; Etherlink receivers; relay; DON; monitoring; testing +- [ ] **Supreme Command:** Deployment matrix, risk scoreboard, RAG dashboard, reconciliation, prod vs testnet, war-room +- [ ] **Absolute Air Superiority:** Sentinel, canonical anchoring, circuit breaker, stress test, time-to-containment, formal verification, sovereign continuity + +**Detail and every sub-task:** [MASTER_TODO_EXPANDED.md](MASTER_TODO_EXPANDED.md). + +--- + +## 10b. Chain 138 deployment (smom-dbis-138) + +- [x] **Verify script:** Optional checks (CCIPTxReporter, genesis.json) → warnings; log_* fallbacks; unset-var safe (2026-02-16). +- [x] **@emoney/interfaces:** Relative imports in ReserveTokenIntegration.sol and DeployReserveSystem.s.sol for Hardhat/CCIPLogger. +- [x] **.env.example:** CHAIN138_CCIP_REPORTER and DODO_VENDING_MACHINE_ADDRESS documented. +- [x] **Optional (completed where possible):** CCIPLogger deployed (mainnet); CCIPTxReporter contract added and deployed (Chain 138); LINK funding script run (transfers need deployer LINK); PMM still requires DODO_VENDING_MACHINE_ADDRESS from operator. + +**Warnings and optional tasks:** [smom-dbis-138/docs/deployment/WARNINGS_AND_OPTIONAL_TASKS.md](../../smom-dbis-138/docs/deployment/WARNINGS_AND_OPTIONAL_TASKS.md). + +--- + +## 11. Optional / Enhancements - [x] **Token-aggregation:** Admin routes use strict rate limit; [COINGECKO_SUBMISSION.md](../../smom-dbis-138/services/token-aggregation/docs/COINGECKO_SUBMISSION.md) for CoinGecko listing steps. - [x] **API key placeholders:** All vars from [API_KEYS_REQUIRED.md](../../reports/API_KEYS_REQUIRED.md) added to root `.env.example`, `dbis_core/.env.example`, `the-order/services/legal-documents/.env.example` (see [API_KEYS_DOTENV_STATUS.md](API_KEYS_DOTENV_STATUS.md)). Obtaining keys remains operator task. @@ -132,7 +159,7 @@ --- -## 10. Maintenance (135–139) +## 12. Maintenance (135–139) - [x] **Runbook and script:** [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) § Maintenance; `scripts/maintenance/daily-weekly-checks.sh [daily|weekly|all]` for 135–137. Schedule via cron (e.g. daily 08:00). - [x] **Script tested:** daily-weekly-checks.sh daily (explorer SKIP off-LAN, RPC OK). @@ -157,7 +184,8 @@ | All systems | `bash scripts/verify-all-systems.sh` | | Config files | `bash scripts/validation/validate-config-files.sh` | | Genesis (smom-dbis-138) | `bash smom-dbis-138/scripts/validation/validate-genesis.sh` | -| Besu peers | `bash scripts/besu-verify-peers.sh http://192.168.11.211:8545` | +| Chain 138 full deploy verify | `bash smom-dbis-138/scripts/deployment/verify-chain138-full-deployment.sh` | +| Besu peers | `bash scripts/besu-verify-peers.sh ${RPC_URL_138:-http://192.168.11.211:8545}` | | Shellcheck (optional) | `bash scripts/verify/run-shellcheck.sh [--optional]` or `bash scripts/verify/run-shellcheck-docker.sh` | | Wave 0 from LAN | `bash scripts/run-wave0-from-lan.sh [--dry-run] [--skip-backup] [--skip-rpc-fix]` | | NPMplus backup cron | `bash scripts/maintenance/schedule-npmplus-backup-cron.sh [--install|--show]` | @@ -165,4 +193,4 @@ --- -**Related:** [REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md) (remaining tasks + Phoenix/OMNL/Explorer API inventory), [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md), [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md), [IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md), [REMAINING_TASKS.md](../REMAINING_TASKS.md), [reports/status/VM_RESTART_AND_VERIFICATION_20260203.md](../../reports/status/VM_RESTART_AND_VERIFICATION_20260203.md). +**Related:** [MASTER_TODO_EXPANDED.md](MASTER_TODO_EXPANDED.md) (fully expanded checklist) | [REMAINING_TASKS_AND_API_FEATURES.md](REMAINING_TASKS_AND_API_FEATURES.md) (remaining tasks + Phoenix/OMNL/Explorer API inventory) | [NEXT_STEPS_MASTER.md](NEXT_STEPS_MASTER.md) | [PARALLEL_TASK_STRUCTURE.md](PARALLEL_TASK_STRUCTURE.md) | [IMPLEMENTATION_CHECKLIST.md](../10-best-practices/IMPLEMENTATION_CHECKLIST.md) | [REMAINING_TASKS.md](../REMAINING_TASKS.md) | [reports/status/VM_RESTART_AND_VERIFICATION_20260203.md](../../reports/status/VM_RESTART_AND_VERIFICATION_20260203.md). diff --git a/docs/00-meta/UNBLOCK_MAINNET_RPC_403.md b/docs/00-meta/UNBLOCK_MAINNET_RPC_403.md new file mode 100644 index 0000000..9a37ece --- /dev/null +++ b/docs/00-meta/UNBLOCK_MAINNET_RPC_403.md @@ -0,0 +1,44 @@ +# Unblock Mainnet RPC 403 (Private Key Restriction) + +**Issue:** `ETHEREUM_MAINNET_RPC` returns **403** with body: *"private key only is enabled in Project ID settings"*. Forge/cast cannot send transactions with your deployer key. + +**Cause:** Some RPC providers (e.g. Infura, Alchemy) can restrict a project so that **only their SDK/wallet can use the API key**; raw `eth_sendTransaction` or private-key signing from scripts is rejected. + +--- + +## One-step fix + +Set `ETHEREUM_MAINNET_RPC` in `smom-dbis-138/.env` (and root `.env` if used) to a Mainnet URL that **allows raw private key** (or `eth_sendTransaction` from your IP). Then re-run the deploy. + +### Option A — Same provider, disable restriction + +- **Infura:** Dashboard → Project → Settings → ensure **"Restrict to SDK / wallet only"** (or similar) is **off** for the project used in the URL. +- **Alchemy:** Dashboard → App → Settings → check **API key restrictions**; allow the methods your scripts need (e.g. full access or no "private key only" restriction). + +Then keep using the same URL, e.g. +`ETHEREUM_MAINNET_RPC=https://mainnet.infura.io/v3/YOUR_PROJECT_ID` + +### Option B — Use a different RPC (no key restriction) + +Examples (no API key or key without private-key restriction): + +- `ETHEREUM_MAINNET_RPC=https://eth.llamarpc.com` +- `ETHEREUM_MAINNET_RPC=https://rpc.ankr.com/eth` +- `ETHEREUM_MAINNET_RPC=https://ethereum.publicnode.com` **(in use:** set in smom-dbis-138/.env and used for Trustless Mainnet deploy) +- Or any other public/mainnet RPC that accepts `eth_sendTransaction` or signing with your key. + +**Security:** Prefer a project-specific URL (Option A) over a shared public RPC when possible. + +--- + +## After unblocking + +1. **Trustless Mainnet deploy:** + `cd smom-dbis-138 && source .env && forge script script/bridge/trustless/DeployTrustlessBridge.s.sol:DeployTrustlessBridge --rpc-url "$ETHEREUM_MAINNET_RPC" --broadcast --via-ir` + +2. **Trustless liquidity (phase6-provide-liquidity.sh):** + Ensure `LIQUIDITY_POOL`, `RESERVE_SYSTEM`, `ETHEREUM_MAINNET_RPC`, `LIQUIDITY_AMOUNT`, `RESERVE_AMOUNT` are set, then run the script. + +--- + +**Refs:** [OPTIONAL_DEPLOYMENTS_START_HERE](../07-ccip/OPTIONAL_DEPLOYMENTS_START_HERE.md) §2C | [COMPLETION_STATUS_20260215](../archive/00-meta-pruned/COMPLETION_STATUS_20260215.md) diff --git a/docs/00-meta/WAVE1_COMPLETION_SUMMARY.md b/docs/00-meta/WAVE1_COMPLETION_SUMMARY.md index 56ba572..8a88e4c 100644 --- a/docs/00-meta/WAVE1_COMPLETION_SUMMARY.md +++ b/docs/00-meta/WAVE1_COMPLETION_SUMMARY.md @@ -1,7 +1,7 @@ # Wave 1 — Completion Summary **Last Updated:** 2026-02-05 -**Purpose:** Status of every Wave 1 task from the full parallel run. Used with [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) and [FULL_PARALLEL_RUN_LOG.md](FULL_PARALLEL_RUN_LOG.md). +**Purpose:** Status of every Wave 1 task from the full parallel run. Used with [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) and [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived). **Legend:** ✅ Done (this run or prior) | ⏳ Operator (SSH/creds/LAN) | 📄 Documented (config/design exists; no code change) | ➖ Deferred diff --git a/docs/00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md b/docs/00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md index 8fdd64e..48d7673 100644 --- a/docs/00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md +++ b/docs/00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md @@ -60,5 +60,5 @@ ## References - [FULL_PARALLEL_EXECUTION_ORDER.md](FULL_PARALLEL_EXECUTION_ORDER.md) — Full wave definitions -- [FULL_PARALLEL_RUN_LOG.md](FULL_PARALLEL_RUN_LOG.md) — What was run and results +- [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) — What was run and results - [OPERATIONAL_RUNBOOKS.md](../03-deployment/OPERATIONAL_RUNBOOKS.md) — Procedures and maintenance diff --git a/docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md b/docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md index be99cbd..c9608e3 100644 --- a/docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md +++ b/docs/02-architecture/PHYSICAL_HARDWARE_INVENTORY.md @@ -1,25 +1,25 @@ # Physical Hardware Inventory -**Last Updated:** 2026-01-31 -**Document Version:** 1.0 +**Last Updated:** 2026-02-13 +**Document Version:** 1.1 **Status:** Active Documentation --- ## Overview -This document is the placeholder for the physical hardware inventory (hosts, IPs, credentials, specifications). For current network configuration and IP assignments, see **[NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md)**. +This document is the placeholder for the physical hardware inventory (hosts, IPs, credentials, specifications). For **complete hardware config including all NIC models**, see **[PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md](PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md)**. For network configuration and IP assignments, see **[NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md)**. ### Key Hosts (Summary) -| Host | IP | Role | -|------|-----|------| -| ml110 | 192.168.11.10 | Proxmox, Besu nodes | -| r630-01 | 192.168.11.11 | Infrastructure, RPC | -| r630-02 | 192.168.11.12 | Firefly, NPMplus secondary | -| UDM Pro (edge) | 76.53.10.34 | Edge router | +| Host | IP | Role | NICs | +|------|-----|------|------| +| ml110 | 192.168.11.10 | Proxmox, Besu nodes | 2× Broadcom BCM5717 1GbE | +| r630-01 | 192.168.11.11 | Infrastructure, RPC | 4× Broadcom BCM5720 1GbE | +| r630-02 | 192.168.11.12 | Firefly, NPMplus secondary | 4× Broadcom BCM57800 1/10GbE | +| UDM Pro (edge) | 76.53.10.34 | Edge router | — | -**See:** [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md), [NETWORK_ARCHITECTURE.md](NETWORK_ARCHITECTURE.md), [VMID_ALLOCATION_FINAL.md](VMID_ALLOCATION_FINAL.md). +**See:** [PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md](PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md), [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md), [NETWORK_ARCHITECTURE.md](NETWORK_ARCHITECTURE.md), [VMID_ALLOCATION_FINAL.md](VMID_ALLOCATION_FINAL.md). --- diff --git a/docs/02-architecture/PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md b/docs/02-architecture/PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md new file mode 100644 index 0000000..bcc2061 --- /dev/null +++ b/docs/02-architecture/PROXMOX_HOSTS_COMPLETE_HARDWARE_CONFIG.md @@ -0,0 +1,128 @@ +# Proxmox Hosts — Complete Hardware Configuration + +**Last Updated:** 2026-02-13 +**Document Version:** 1.0 +**Status:** Active Documentation +**Source:** Live query from hosts via `lspci`, `ethtool`, `ip link` + +--- + +## Overview + +Complete hardware specifications for the three Proxmox VE hosts, including CPU, memory, storage, and **all NIC models** with interface mapping and link status. + +--- + +## ml110 (192.168.11.10) + +| Component | Specification | +|-----------|---------------| +| **Manufacturer** | HP | +| **Model** | ProLiant ML110 Gen9 | +| **Proxmox** | 9.1.0, kernel 6.17.4-1-pve | +| **CPU** | Intel Xeon E5-2603 v3 @ 1.60 GHz | +| **Cores** | 6 (1 socket × 6 cores) | +| **RAM** | 125 GiB | +| **Storage** | 2× ST1000DM003-1ER162 (931.5 GB 7.2k HDD each) | +| **Storage layout** | LVM-thin (data, local-lvm) + local dir | +| **Network** | vmbr0 bridge | + +### NICs (ml110) + +| Interface | PCI device | Model | Speed | Link | MAC | Notes | +|-----------|------------|-------|-------|------|-----|-------| +| **nic0** | 02:00.0 | Broadcom NetXtreme BCM5717 Gigabit Ethernet PCIe [14e4:1665] | 1000 Mb/s | yes | `1c:98:ec:52:43:c8` | UP, in vmbr0 | +| **nic1** | 02:00.1 | Broadcom NetXtreme BCM5717 Gigabit Ethernet PCIe [14e4:1665] | — | no | `1c:98:ec:52:43:c9` | DOWN | +| **vmbr0** | — | bridge | — | — | `1c:98:ec:52:43:c8` | Bridge (uses nic0) | + +**NIC summary:** 2× Broadcom BCM5717 1GbE; nic0 active, nic1 standby/unused. + +--- + +## r630-01 (192.168.11.11) + +| Component | Specification | +|-----------|---------------| +| **Manufacturer** | Dell Inc. | +| **Model** | PowerEdge R630 | +| **Proxmox** | 9.1.0, kernel 6.17.4-1-pve | +| **CPU** | Intel Xeon E5-2630 v3 @ 2.40 GHz | +| **Cores** | 32 (2 sockets × 8 cores) | +| **RAM** | 503 GiB | +| **Storage** | 2× HUC109060CSS600 (559 GB enterprise SSD boot) + 6× Crucial CT250MX500SSD1 (233 GB SATA SSD) + DVD-ROM | +| **Storage layout** | LVM-thin (data, local-lvm, thin1) + local dir | +| **Network** | vmbr0 bridge | + +### NICs (r630-01) + +| Interface | PCI device | Model | Speed | Link | MAC | Notes | +|-----------|------------|-------|-------|------|-----|-------| +| **nic0** | 01:00.0 | Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe [14e4:165f] | 1000 Mb/s | yes | `20:47:47:7e:37:6c` | UP, in vmbr0 | +| **nic1** | 01:00.1 | Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe [14e4:165f] | — | no | `20:47:47:7e:37:6d` | DOWN | +| **nic2** | 02:00.0 | Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe [14e4:165f] | — | no | `20:47:47:7e:37:6e` | DOWN | +| **nic3** | 02:00.1 | Broadcom NetXtreme BCM5720 Gigabit Ethernet PCIe [14e4:165f] | — | no | `20:47:47:7e:37:6f` | DOWN | +| **vmbr0** | — | bridge | — | — | `20:47:47:7e:37:6c` | Bridge (uses nic0) | + +**NIC summary:** 4× Broadcom BCM5720 1GbE (2× dual-port cards); nic0 active, nic1–nic3 unused. + +--- + +## r630-02 (192.168.11.12) + +| Component | Specification | +|-----------|---------------| +| **Manufacturer** | Dell Inc. | +| **Model** | PowerEdge R630 | +| **Proxmox** | 9.1.0, kernel 6.17.4-1-pve | +| **CPU** | Intel Xeon E5-2660 v4 @ 2.00 GHz | +| **Cores** | 56 (2 sockets × 14 cores) | +| **RAM** | 251 GiB | +| **Storage** | 8× Crucial CT250MX500SSD1 (233 GB SATA SSD each) | +| **Storage layout** | LVM-thin (thin1-r630-02, thin2–thin6) + local dir | +| **Network** | vmbr0 bridge (VLAN-aware) | + +### NICs (r630-02) + +| Interface | PCI device | Model | Speed | Link | MAC | Notes | +|-----------|------------|-------|-------|------|-----|-------| +| **nic0** | 01:00.0 | Broadcom NetXtreme II BCM57800 1/10 Gigabit Ethernet [14e4:168a] | — | no | `c8:1f:66:d2:c5:97` | DOWN | +| **nic1** | 01:00.1 | Broadcom NetXtreme II BCM57800 1/10 Gigabit Ethernet [14e4:168a] | — | no | `c8:1f:66:d2:c5:99` | DOWN | +| **nic2** | 01:00.2 | Broadcom NetXtreme II BCM57800 1/10 Gigabit Ethernet [14e4:168a] | 1000 Mb/s | yes | `c8:1f:66:d2:c5:9b` | UP, in vmbr0 | +| **nic3** | 01:00.3 | Broadcom NetXtreme II BCM57800 1/10 Gigabit Ethernet [14e4:168a] | — | no | `c8:1f:66:d2:c5:9d` | DOWN | +| **vmbr0** | — | bridge | — | — | `c8:1f:66:d2:c5:9b` | Bridge (uses nic2) | + +**NIC summary:** 4× Broadcom BCM57800 1/10 GbE (quad-port); nic2 active at 1 Gbps (switch limits; supports 10 Gbps). nic0, nic1, nic3 unused. + +--- + +## NIC Summary by Host + +| Host | NIC models | Ports | Active | Max speed | +|------|------------|-------|--------|-----------| +| ml110 | Broadcom BCM5717 | 2 | nic0 | 1 GbE | +| r630-01 | Broadcom BCM5720 | 4 | nic0 | 1 GbE | +| r630-02 | Broadcom BCM57800 | 4 | nic2 | 10 GbE (running at 1 GbE) | + +--- + +## Verification + +To refresh this data, run on each host (or via SSH): + +```bash +# NIC models +lspci -nn | grep -iE 'ethernet|network' + +# Interface mapping and link status +for i in nic0 nic1 nic2 nic3; do + [ -d /sys/class/net/$i ] && echo "--- $i ---" && ethtool $i 2>/dev/null | grep -E 'Speed|Link detected' +done +``` + +--- + +## References + +- [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md) — IP assignments +- [PROXMOX_HOSTS_MAC_ADDRESSES.md](../../reports/PROXMOX_HOSTS_MAC_ADDRESSES.md) — MAC addresses +- [hardware_storage_investigation_*.md](../../reports/status/) — CPU, memory, storage reports diff --git a/docs/03-deployment/COMPLETE_DAPP_NPMPLUS_REMAINING.md b/docs/03-deployment/COMPLETE_DAPP_NPMPLUS_REMAINING.md new file mode 100644 index 0000000..665f4a2 --- /dev/null +++ b/docs/03-deployment/COMPLETE_DAPP_NPMPLUS_REMAINING.md @@ -0,0 +1,37 @@ +# Complete DApp + NPMplus (remaining step) + +DApp LXC **5801** is deployed and serving at **http://192.168.11.58**. To expose it as **dapp.d-bis.org** behind NPMplus and SSL, do the following **from a host that can reach NPMplus** (e.g. your machine on the same LAN as 192.168.11.x). + +## If 192.168.11.167 (NPMplus) is not reachable + +SSH to a Proxmox host and check VM health. NPMplus is **VMID 10233** on **r630-01** (192.168.11.11). + +```bash +# Diagnose: list containers, status, and whether NPMplus (10233) is running +bash scripts/maintenance/diagnose-vm-health-via-proxmox-ssh.sh +``` + +If NPMplus (10233) is **stopped**, start it: + +```bash +ssh root@192.168.11.11 'pct start 10233' +``` + +Wait ~30s, then ping 192.168.11.167 again. Once reachable, run the "One command" below to add the dapp proxy. + +## One command (from proxmox repo root, on a host on the LAN) + +```bash +cd /home/intlc/projects/proxmox && source .env && bash scripts/nginx-proxy-manager/complete-dapp-npmplus-from-lan.sh +``` + +Then in **NPMplus UI** (https://192.168.11.167:81): open the proxy for **dapp.d-bis.org** → **SSL** tab → request certificate and enable **Force SSL**. + +## If you are not on the LAN + +- Use **Option B (via SSH)** or **Option C (manual UI)** in [SSH_DAPP_NPMPLUS_RUNBOOK.md](./SSH_DAPP_NPMPLUS_RUNBOOK.md#2-npmplus-add-dappd-bisorg). +- Or VPN into 192.168.11.x and run the one command above. + +## Optional: Tunnel + DNS + +For public HTTPS at dapp.d-bis.org: add **dapp.d-bis.org** to the Cloudflare tunnel config (origin https://192.168.11.167:443 or the NPMplus public URL) and add a CNAME in Cloudflare DNS. See runbook §3. diff --git a/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md b/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md index f800e2a..a5737f7 100644 --- a/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md +++ b/docs/03-deployment/CONTRACT_DEPLOYMENT_RUNBOOK.md @@ -5,19 +5,21 @@ ## Chain 138 deployment requirements (learned 2026-02-12) - **Gas price:** Chain 138 enforces a minimum gas price. Always use **`--with-gas-price 1000000000`** (1 gwei) for `forge script` and `forge create` when deploying to Chain 138; otherwise transactions fail with "Gas price below configured minimum gas price". -- **On-chain check:** After deployments, run `./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL]` — **36 addresses** (26 canonical + 5 channels/mirror/trustless + 5 CREATE2). See [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [CONTRACT_INVENTORY_AND_VERIFICATION](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md). -- **TransactionMirror:** The deploy script can hit a Forge broadcast constructor-args decode error. If so, deploy manually: `forge create contracts/mirror/TransactionMirror.sol:TransactionMirror --constructor-args --rpc-url $CHAIN138_RPC_URL --private-key $PRIVATE_KEY --gas-price 1000000000`. +- **On-chain check:** After deployments, run `./scripts/verify/check-contracts-on-chain-138.sh` (uses `RPC_URL_138`; optional URL arg). Address list comes from `config/smart-contracts-master.json` when available. See [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [CONTRACT_INVENTORY_AND_VERIFICATION](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md). +- **TransactionMirror:** The deploy script can hit a Forge broadcast constructor-args decode error. If so, deploy manually: `forge create contracts/mirror/TransactionMirror.sol:TransactionMirror --constructor-args --rpc-url $RPC_URL_138 --private-key $PRIVATE_KEY --gas-price 1000000000`. ## RPC Routing Summary +Chain 138 uses two standard env vars: **RPC_URL_138** (Core, admin/deploy) and **RPC_URL_138_PUBLIC** (Public, bridge/frontend). See [RPC_ENDPOINTS_MASTER](../04-configuration/RPC_ENDPOINTS_MASTER.md). + | Use Case | VMID | IP | Ports | Variable | |----------|------|-----|-------|----------| -| Admin / contract deployment | 2101 | 192.168.11.211 | 8545, 8546 | RPC_CORE_1, RPC_URL_138 | -| Bridge, monitoring, public-facing | 2201 | 192.168.11.221 **(FIXED)** | 8545, 8546 | RPC_PUBLIC_1, RPC_URL_138_PUBLIC | +| Admin / contract deployment | 2101 | 192.168.11.211 | 8545, 8546 | RPC_URL_138 (Core) | +| Bridge, monitoring, public-facing | 2201 | 192.168.11.221 **(FIXED)** | 8545, 8546 | RPC_URL_138_PUBLIC (Public) | ## Prerequisites -1. **Network access** to Chain 138 RPC (admin/deployment: RPC_CORE_1 = 192.168.11.211:8545) +1. **Network access** to Chain 138 RPC (set `RPC_URL_138` in .env, e.g. http://192.168.11.211:8545 for Core) - Run from a host on the same LAN as Proxmox, or via VPN - WSL/remote dev environments may get "No route to host" if not on network @@ -25,6 +27,22 @@ 3. **Foundry** (`forge`) installed +### Deprecated bridge (R4) + +Do not use CCIPWETH9Bridge at `0x89dd...`. Use only the canonical bridge at `0x971c...` and set `CCIPWETH9_BRIDGE_CHAIN138` in env. See docs/00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md R4. + +### Env required per deploy script + +| Script / phase | Required env | Notes | +|----------------|--------------|--------| +| DeployMulticall, DeployOracle, DeployMultiSig | `PRIVATE_KEY`, `RPC_URL_138` (Chain 138 Core) | deploy-all-contracts.sh | +| 01_DeployCore, 02_DeployBridges | `PRIVATE_KEY`, RPC; 02 needs `UNIVERSAL_ASSET_REGISTRY`, `GOVERNANCE_CONTROLLER` | Phased core | +| DeployCCIPReceiver, DeployCCIPSender | `PRIVATE_KEY`, `CCIP_ROUTER_ADDRESS`, `ORACLE_AGGREGATOR_ADDRESS`; Sender optional: `LINK_TOKEN_ADDRESS` | Set in .env; see .env.example | +| DeployWETHBridges (mainnet receiver) | `MAINNET_WETH9_BRIDGE_ADDRESS`, `MAINNET_WETH10_BRIDGE_ADDRESS` when configuring cross-chain | .env.example | +| DeploySmartAccountsKit | `PRIVATE_KEY`, `RPC_URL_138`; optional `ENTRY_POINT`, `SMART_ACCOUNT_FACTORY`, `PAYMASTER` if pre-deployed | Script does not deploy contracts; obtain EntryPoint/Factory from MetaMask kit or ERC-4337 impl and set in env | +| DeployTransactionMirror | `PRIVATE_KEY`, `MIRROR_ADMIN` (optional, default deployer) | If `forge script` fails with constructor-args decode, use forge create — see § TransactionMirror below | +| DeployReserveSystem | `TOKEN_FACTORY` in .env | Phase 6 | + ## Deploy Core Contracts (Chain 138) ```bash @@ -54,6 +72,162 @@ GAS_PRICE=1000000000 ./scripts/deploy-and-configure-weth9-bridge-chain138.sh # Then set CCIPWETH9_BRIDGE_CHAIN138 in smom-dbis-138/.env ``` +## Smart accounts (ERC-4337) + +**Script:** `smom-dbis-138/script/smart-accounts/DeploySmartAccountsKit.s.sol` (and `DeployAccountWalletRegistryExtended.s.sol` for registry). + +**Required env (in `smom-dbis-138/.env`):** `PRIVATE_KEY`, `RPC_URL_138` (Chain 138 Core). Optional: set `ENTRY_POINT`, `SMART_ACCOUNT_FACTORY`, `PAYMASTER` if already deployed; otherwise the script will deploy and log addresses to set in `.env`. + +**Deploy (Chain 138):** +```bash +cd smom-dbis-138 +source .env +forge script script/smart-accounts/DeploySmartAccountsKit.s.sol --rpc-url $RPC_URL_138 --broadcast --with-gas-price 1000000000 +# Set ENTRY_POINT, SMART_ACCOUNT_FACTORY, PAYMASTER from output +``` + +**Verification:** Run script; confirm logged addresses match env. See [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md) Smart Accounts Kit. + +## TransactionMirror (Chain 138) + +**Script:** `script/DeployTransactionMirror.s.sol`. If `forge script` fails with "Failed to decode constructor arguments", deploy via `forge create`: + +```bash +cd smom-dbis-138 +source .env +ADMIN="${MIRROR_ADMIN:-$(cast wallet address --private-key $PRIVATE_KEY)}" +forge create contracts/mirror/TransactionMirror.sol:TransactionMirror \ + --constructor-args "$ADMIN" \ + --rpc-url "$RPC_URL_138" \ + --private-key "$PRIVATE_KEY" \ + --legacy \ + --gas-price 1000000000 +``` + +Or run the helper script (from repo root, **from a host on LAN** that can reach `RPC_URL_138` e.g. 192.168.11.211:8545): `./scripts/deployment/deploy-transaction-mirror-chain138.sh`. The script exports `ETH_RPC_URL` so Forge uses the correct RPC and, on success, updates or appends `TRANSACTION_MIRROR_ADDRESS` in `smom-dbis-138/.env`. + +## AlltraAdapter — setBridgeFee after deploy + +After deploying or using AlltraAdapter (138 ↔ ALL Mainnet 651940), set the bridge fee to match ALL Mainnet fee structure. + +**Required:** `ALLTRA_ADAPTER_CHAIN138` in `smom-dbis-138/.env` (adapter address; see config/smart-contracts-master.json). Optional: `ALLTRA_BRIDGE_FEE` (wei) to pass to setBridgeFee. Deployer must have `DEFAULT_ADMIN_ROLE`. + +```bash +cd smom-dbis-138 && source .env +# Use ALLTRA_BRIDGE_FEE from .env if set, else 0.001 ALL (1000000000000000 wei) +FEE="${ALLTRA_BRIDGE_FEE:-1000000000000000}" +cast send "$ALLTRA_ADAPTER_CHAIN138" "setBridgeFee(uint256)" "$FEE" \ + --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --gas-price 1000000000 +``` + +Document the final fee in [PLACEHOLDERS_AND_TBD](../PLACEHOLDERS_AND_TBD.md) § AlltraAdapter when known. + +## Vault ac* / vdc* / sdc* (Chain 138) + +After deploying the Vault System (`DeployVaultSystem.s.sol`), run the single script that creates all asset/deposit (ac*) and debt (vdc*) tokens via `VaultFactory.createVaultWithDecimals`. + +**Required env:** `VAULT_FACTORY_ADDRESS`, `PRIVATE_KEY`, `RPC_URL_138`. Optional: `OWNER`, `ENTITY` (default deployer); `CUSDC_ADDRESS_138`, `CUSDT_ADDRESS_138` or `COMPLIANT_USDC_ADDRESS`, `COMPLIANT_USDT_ADDRESS` (skip currency if unset). + +Option A — deploy Vault System then ac/vdc/sdc in one go: run `./scripts/deployment/deploy-vault-system-and-ac-vdc-sdc.sh` from `smom-dbis-138` (uses `PRIVATE_KEY`, `RPC_URL_138`; parses VaultFactory from broadcast and runs ac/vdc/sdc step). + +Option B — run steps separately: +```bash +cd smom-dbis-138 +source .env +forge script script/deploy/vault/DeployVaultSystem.s.sol:DeployVaultSystem \ + --rpc-url "$RPC_URL_138" --broadcast --with-gas-price 1000000000 +# From output, set VAULT_FACTORY_ADDRESS=0x... then: +forge script script/deploy/vault/DeployAcVdcSdcVaults.s.sol:DeployAcVdcSdcVaults \ + --rpc-url "$RPC_URL_138" --broadcast --with-gas-price 1000000000 +``` + +Deployer must have `VAULT_DEPLOYER_ROLE` on VaultFactory. Each configured base token gets one vault with deposit token (ac*) and debt token (vdc*), 6 decimals, transferable debt. See [MULTI_CHAIN_EXECUTION_DETERMINISTIC_DEPLOYMENT](../runbooks/MULTI_CHAIN_EXECUTION_DETERMINISTIC_DEPLOYMENT.md). Full architecture and phased roadmap: see [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN](../VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md). + +## EnhancedSwapRouter & DODOPMMProvider (post-deploy configuration) + +When Uniswap V3, Balancer, or DODO PMM pools exist on Chain 138 / 651940, configure the router and provider so on-chain quotes and swaps work. + +**EnhancedSwapRouter** (set by address with `ROUTING_MANAGER_ROLE`): + +| Config | Method | Env (optional) | When | +|--------|--------|----------------|------| +| Uniswap V3 Quoter | `setUniswapQuoter(address)` | `ENHANCED_SWAP_ROUTER_UNISWAP_QUOTER` | After Uniswap Quoter is deployed on chain | +| Balancer pool (WETH↔stable) | `setBalancerPoolId(tokenIn, tokenOut, poolId)` | `BALANCER_WETH_USDC_POOL_ID`, `BALANCER_WETH_USDT_POOL_ID` | After Balancer pool exists | +| Dodoex pool | `setDodoPoolAddress(tokenIn, tokenOut, pool)` | Set via cast or script when DODO pool is known | After DODO PMM pool deployed | + +Example (Chain 138, after setting env): + +```bash +cd smom-dbis-138 && source .env +# Uniswap Quoter +[ -n "$ENHANCED_SWAP_ROUTER_UNISWAP_QUOTER" ] && cast send "$ENHANCED_SWAP_ROUTER" "setUniswapQuoter(address)" "$ENHANCED_SWAP_ROUTER_UNISWAP_QUOTER" --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --gas-price 1000000000 +# Balancer (bytes32 pool IDs; use cast send with 0x-prefixed hex) +# cast send "$ENHANCED_SWAP_ROUTER" "setBalancerPoolId(address,address,bytes32)" "$BALANCER_WETH_USDC_POOL_ID" ... +``` + +**DODOPMMProvider:** Register existing DODO PMM pools so `getQuote` / `executeSwap` work. Address with `POOL_MANAGER_ROLE` calls `registerPool(tokenIn, tokenOut, pool)`. + +```bash +# After DODO pool is deployed (e.g. cUSDT↔USDT) +cast send "$DODO_PMM_PROVIDER_ADDRESS" "registerPool(address,address,address)" "" "" "" --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --gas-price 1000000000 +``` + +Optional .env placeholders (see `smom-dbis-138/.env.example`): `ENHANCED_SWAP_ROUTER_UNISWAP_QUOTER`, `BALANCER_WETH_USDC_POOL_ID`, `BALANCER_WETH_USDT_POOL_ID`, `DODO_PMM_PROVIDER_ADDRESS`. Until set, router returns 0 for Uniswap/Balancer quotes and DODO provider returns no pool. + +## Private stabilization pools (Master Plan Phase 2) + +XAU-anchored private pools (cUSDT↔XAU, cUSDC↔XAU, cEURT↔XAU) for the Stabilizer; only the Stabilizer or whitelisted keeper should execute swaps. See [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN](../VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md) §5. + +**Script:** `smom-dbis-138/script/dex/DeployPrivatePoolRegistryAndPools.s.sol` — deploys [PrivatePoolRegistry](../../smom-dbis-138/contracts/dex/PrivatePoolRegistry.sol) and optionally creates pools via [DODOPMMIntegration](../../smom-dbis-138/contracts/dex/DODOPMMIntegration.sol) `createPool`, then registers them in the registry. + +**Env (in `smom-dbis-138/.env`):** + +| Variable | Description | +|----------|--------------| +| `PRIVATE_KEY` | Deployer (must have `POOL_MANAGER_ROLE` on DODOPMMIntegration to create pools) | +| `PRIVATE_POOL_REGISTRY_ADMIN` | Admin for PrivatePoolRegistry (default: deployer) | +| `DODOPMM_INTEGRATION_ADDRESS` | Deployed DODOPMMIntegration (set to create XAU pools in same run) | +| `XAU_ADDRESS_138` | XAU token address on Chain 138 (required to create XAU-anchored pools) | +| `COMPLIANT_USDT_ADDRESS` | cUSDT on Chain 138 | +| `COMPLIANT_USDC_ADDRESS` | cUSDC on Chain 138 | +| `cEURT_ADDRESS_138` | cEURT on Chain 138 (optional; omit to skip cEURT↔XAU pool) | + +**Deploy:** + +```bash +cd smom-dbis-138 && source .env +forge script script/dex/DeployPrivatePoolRegistryAndPools.s.sol:DeployPrivatePoolRegistryAndPools \ + --rpc-url "$RPC_URL_138" --broadcast --with-gas-price 1000000000 +``` + +If only the registry is needed (pools created later), leave `DODOPMM_INTEGRATION_ADDRESS` or `XAU_ADDRESS_138` unset. To register existing pools manually: `cast send "$PRIVATE_POOL_REGISTRY" "register(address,address,address)" ...`. Grant `STABILIZER_LP_ROLE` to allowed LPs when using a wrapper that checks it. + +## Stabilizer deployment and configuration (Phase 3 + 6) + +Deploy the [Stabilizer](../../smom-dbis-138/contracts/bridge/trustless/integration/Stabilizer.sol) (Master Plan Phase 3) after PrivatePoolRegistry and private XAU-anchored pools exist. The Stabilizer calls `checkDeviation()` (peg manager or TWAP) and `executePrivateSwap(tradeSize, tokenIn, tokenOut)` via the private pool registry. Phase 6: TWAP/sustained N-block deviation, per-block volume cap, flash drain recovery target <3 blocks (see [OPERATIONS_RUNBOOK](../../smom-dbis-138/docs/OPERATIONS_RUNBOOK.md) Flash Loan Containment). + +**Deploy (e.g. via forge create or a small script):** + +- Constructor: `(admin, privatePoolRegistryAddress)`. +- Set in `.env`: `STABILIZER_ADDRESS`, `PRIVATE_POOL_REGISTRY_ADDRESS`, `STABLECOIN_PEG_MANAGER_ADDRESS` (or commodity peg), peg asset address. + +**Configuration (admin):** + +| Parameter | Method | Typical / notes | +|-----------|--------|------------------| +| Peg source | `setStablecoinPegSource(manager, asset)` or `setCommodityPegSource(manager, asset)` | One of them; deviation from peg used for `checkDeviation()` | +| thresholdBps | `setThresholdBps(uint256)` | e.g. 50 (0.5%) | +| minBlocksBetweenExecution | `setMinBlocksBetweenExecution(uint256)` | e.g. 3–5 (block delay) | +| maxStabilizationVolumePerBlock | `setMaxStabilizationVolumePerBlock(uint256)` | Cap per block | +| maxSlippageBps | `setMaxSlippageBps(uint256)` | e.g. 100 (1%) | +| maxGasPriceForStabilizer | `setMaxGasPriceForStabilizer(uint256)` | MEV resistance; 0 = disabled | +| sustainedDeviationBlocks | `setSustainedDeviationBlocks(uint256)` | N blocks over threshold before rebalance (Phase 6) | + +**Keeper:** Grant `STABILIZER_KEEPER_ROLE` to the keeper EOA or bot: +`cast send "$STABILIZER_ADDRESS" "grantRole(bytes32,address)" $(cast keccak "STABILIZER_KEEPER_ROLE()") "$KEEPER_ADDRESS" --rpc-url "$RPC_URL_138" --private-key "$PRIVATE_KEY" --gas-price 1000000000` + +**Operational target (Phase 6):** Flash drain recovery <3 blocks. The contract enforces sustained deviation over N blocks, per-block volume cap, and block delay; document in [OPERATIONS_RUNBOOK](../../smom-dbis-138/docs/OPERATIONS_RUNBOOK.md) and [VAULT_SYSTEM_MASTER_TECHNICAL_PLAN](../VAULT_SYSTEM_MASTER_TECHNICAL_PLAN.md) §8/§16. + ## Contract Verification (Blockscout) Use the **Forge Verification Proxy** for `forge verify-contract` (Blockscout expects `module`/`action` in query; Forge sends JSON only). @@ -75,13 +249,15 @@ BLOCKSCOUT_URL=http://192.168.11.140:4000 node forge-verification-proxy/server.j **See:** [forge-verification-proxy/README.md](../../forge-verification-proxy/README.md), [BLOCKSCOUT_FORGE_VERIFICATION_EVALUATION.md](BLOCKSCOUT_FORGE_VERIFICATION_EVALUATION.md). Fallback: manual verification at https://explorer.d-bis.org/address/#verify-contract +**Runbooks in sync (R12):** [BLOCKSCOUT_FIX_RUNBOOK](BLOCKSCOUT_FIX_RUNBOOK.md), [BLOCKSCOUT_FORGE_VERIFICATION_EVALUATION](BLOCKSCOUT_FORGE_VERIFICATION_EVALUATION.md), this runbook. **Full recommendations (R1–R24):** [RECOMMENDATIONS_OPERATOR_CHECKLIST](../00-meta/RECOMMENDATIONS_OPERATOR_CHECKLIST.md). + --- ## Troubleshooting | Error | Cause | Fix | |-------|-------|-----| -| `No route to host` | Dev machine cannot reach 192.168.11.x (RPC_CORE_1: 192.168.11.211) | Run from machine on LAN or VPN | +| `No route to host` | Dev machine cannot reach RPC (RPC_URL_138, e.g. 192.168.11.211:8545) | Run from machine on LAN or VPN; or set RPC_URL_138=https://rpc-core.d-bis.org | | `PRIVATE_KEY not set` | Missing in .env | Add deployer key to smom-dbis-138/.env | | `Gas price below configured minimum gas price` | Chain 138 minimum gas not met | Use `--with-gas-price 1000000000` for all `forge script` / `forge create` on Chain 138 | | `Failed to decode constructor arguments` (TransactionMirror) | Forge broadcast decode bug | Deploy via `forge create ... --constructor-args --gas-price 1000000000` | diff --git a/docs/03-deployment/DAPP_LXC_DEPLOYMENT.md b/docs/03-deployment/DAPP_LXC_DEPLOYMENT.md new file mode 100644 index 0000000..89e029c --- /dev/null +++ b/docs/03-deployment/DAPP_LXC_DEPLOYMENT.md @@ -0,0 +1,134 @@ +# DApp LXC Deployment (VMID 5801) + +**Last Updated:** 2026-02-20 +**Status:** Active + +**Note:** VMID **5800** is reserved for Mifos/Fineract (192.168.11.85, mifos.d-bis.org). The DApp uses **5801** at **192.168.11.58**. + +--- + +## Overview + +One Proxmox LXC container (VMID **5801**, hostname **dapp-smom**) runs the Bridge DApp (frontend build from `smom-dbis-138/frontend-dapp`) and is reachable via the existing network and NPMplus. + +- **VMID:** 5801 (from range 5701–5999; 5800 is Mifos) +- **Hostname:** dapp-smom +- **IP:** 192.168.11.58 (static; override with `IP_DAPP_LXC`) +- **Node:** Default r630-02 (same as 5800); override with `NODE` if needed. + +## Prerequisites + +- Run the deploy script from a machine that can SSH to the Proxmox host, or run it on the Proxmox host (with `pct`). +- Ubuntu 22.04 LTS template on the host: `local:vztmpl/ubuntu-22.04-standard_22.04-1_amd64.tar.zst`. +- For build: set **REPO_URL** to the Git URL of the repo (e.g. your fork or the main smom-dbis-138 repo). + +## Running the Script + +From the **proxmox** repo root (or from `smom-dbis-138`): + +```bash +# Optional: load IP/config +source config/ip-addresses.conf 2>/dev/null || true + +# Create and provision (from Proxmox host) +cd smom-dbis-138 +REPO_URL=https://github.com/your-org/smom-dbis-138.git ./scripts/deployment/deploy-dapp-lxc.sh + +# Or from another machine via SSH +PROXMOX_HOST=192.168.11.12 REPO_URL=https://github.com/your-org/smom-dbis-138.git \ + ./scripts/deployment/deploy-dapp-lxc.sh +``` + +- **--dry-run:** Print what would be done; do not create or change anything. +- **--skip-create:** Assume container 5801 already exists; only install Node/nginx, clone, build, and configure nginx. + +### Env Overrides + +| Variable | Default | Description | +|----------------|----------------------|--------------------------------------| +| VMID | 5801 | Container ID (5800 = Mifos) | +| HOSTNAME | dapp-smom | Container hostname | +| IP_DAPP_LXC | 192.168.11.58 | Static IP (`IP_DAPP_LXC` in config) | +| PROXMOX_HOST | (none) | If set, script SSHs here to run pct | +| NODE | (none) | Proxmox node name for `pct --node` | +| REPO_URL | (required for build) | Git URL to clone | +| ENV_FILE | (none) | Path to .env (VITE_* for build) | +| MEMORY_MB | 6144 | RAM | +| CORES | 4 | CPU cores | +| DISK_GB | 40 | Root disk size | +| TEMPLATE | ubuntu-22.04-standard | LXC template | +| IP_CONFIG_PATH | (auto) | Override path to ip-addresses.conf; script also tries SMOM_ROOT/../../config and SCRIPT_DIR/../../../config | + +## What Runs Inside the LXC + +- **Node.js 20** (from NodeSource) for building. +- **Clone** of the repo to `/srv/smom-dbis-138` (from REPO_URL). +- **Build:** `npm ci && npm run build` in `frontend-dapp`, using env from `/srv/smom-dbis-138/.env` if present (e.g. VITE_* for contract addresses and RPC). +- **Nginx** serving `/srv/smom-dbis-138/frontend-dapp/dist` on port 80. + +## Production build: VITE_* and .env + +VITE_* variables are **baked in at build time**. For a production build with custom contract addresses or RPC URLs you must have a `.env` (or `.env.production`) in the container **before** running `npm run build`. + +- **Set ENV_FILE** when running the deploy script: the script copies that file into the container (when running on the Proxmox host, or via scp + pct push when using PROXMOX_HOST) before the build step. +- **Or** after clone and before build: copy `.env` into the container manually, e.g. from the Proxmox host: + ```bash + pct push 5801 /path/to/your/.env /srv/smom-dbis-138/.env + ``` + then run the build (e.g. with `--skip-create` and REPO_URL set, or run the build step by hand inside the container). +- **Or** in CI: build with env injected (e.g. `env VITE_RPC_URL_138=... npm run build`), then rsync the `dist/` folder into the container and reload nginx; no need for a full clone inside the container. + +Relevant VITE_* (see `smom-dbis-138/.env.example` and `frontend-dapp/src/config/bridge.ts`, `networks.ts`): + +- **RPC:** `VITE_RPC_URL_138`, `VITE_BSC_RPC_URL`, `VITE_AVALANCHE_RPC_URL`, `VITE_CRONOS_RPC_URL`, `VITE_GNOSIS_RPC_URL` +- **Trustless:** `VITE_LOCKBOX_138`, `VITE_INBOX_ETH_MAINNET`, `VITE_LIQUIDITY_POOL_ETH_MAINNET`, `VITE_BRIDGE_SWAP_COORDINATOR_MAINNET`, `VITE_DUAL_ROUTER_BRIDGE_SWAP_COORDINATOR`, `VITE_CHALLENGE_MANAGER_MAINNET`, `VITE_CUSDT_ADDRESS_138`, `VITE_CUSDC_ADDRESS_138` +- **WalletConnect / thirdweb:** `VITE_WALLETCONNECT_PROJECT_ID`, `VITE_THIRDWEB_CLIENT_ID` + +## Updating the DApp + +1. SSH or `pct exec` into the container: + ```bash + pct exec 5801 -- bash + ``` +2. Pull and rebuild: + ```bash + cd /srv/smom-dbis-138 && git pull && cd frontend-dapp && npm ci && npm run build + ``` +3. Reload nginx: + ```bash + systemctl reload nginx + ``` + +Or from the host (one-liner): + +```bash +pct exec 5801 -- bash -c 'cd /srv/smom-dbis-138 && git pull && cd frontend-dapp && npm ci && npm run build && systemctl reload nginx' +``` + +## NPMplus / Reverse Proxy + +Add a proxy host in NPMplus pointing to the LXC: + +- **Upstream:** `http://192.168.11.58:80` (or the IP you set with `IP_DAPP_LXC`). +- **Domain:** e.g. `dapp.d-bis.org` or `app.d-bis.org` (your choice). + +Document the chosen hostname in your VMID/IP reference (e.g. [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md)). + +## VMID / IP Reference + +See [ALL_VMIDS_ENDPOINTS.md](../04-configuration/ALL_VMIDS_ENDPOINTS.md) for the 5801 entry (DApp LXC). + +## Full E2E: Cloudflare Tunnel + DNS + NPMplus SSL + +To expose the DApp at **https://dapp.d-bis.org** with an existing Cloudflare Tunnel and full SSL: + +1. **Tunnel (existing):** In Cloudflare Zero Trust → Networks → Tunnels → tunnel that uses `https://192.168.11.167:443` (same as RPC Option B). Add **Public Hostname:** `dapp.d-bis.org` → **URL** `https://192.168.11.167:443` (No TLS Verify). +2. **DNS:** In Cloudflare DNS (zone d-bis.org), add **CNAME** `dapp` → `.cfargotunnel.com` (Proxied). +3. **NPMplus (10233 @ 192.168.11.167):** Add Proxy Host: Domain `dapp.d-bis.org`, Forward `192.168.11.58:80`, Scheme HTTP. Request Let's Encrypt (or Cloudflare Origin cert); Force SSL. +4. **DApp LXC:** Deploy with VMID=5801, IP_DAPP_LXC=192.168.11.58 (see Running the Script above). + +Traffic flow: **Internet → Cloudflare → Tunnel → NPMplus 10233 → http://192.168.11.58:80** (LXC 5801). See [CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md](../05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md) and [OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md](../05-network/OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md). + +## Optional: Token-Aggregation in Same Container + +To run token-aggregation in the same LXC, install and run it (e.g. via systemd) and optionally proxy it through nginx. Configuration is out of scope here; see token-aggregation docs. diff --git a/docs/03-deployment/DEPLOYMENT_GAPS_COMPLETED.md b/docs/03-deployment/DEPLOYMENT_GAPS_COMPLETED.md new file mode 100644 index 0000000..1e2d879 --- /dev/null +++ b/docs/03-deployment/DEPLOYMENT_GAPS_COMPLETED.md @@ -0,0 +1,67 @@ +# Contract Deployment Gaps — Completed + +**Last Updated:** 2026-02-13 +**Purpose:** Record of gaps and missing pieces that were completed so all blocks to contract deployments are removed or documented. + +**Related:** [CONTRACT_DEPLOYMENT_RUNBOOK](CONTRACT_DEPLOYMENT_RUNBOOK.md) | [CONTRACTS_TO_DEPLOY](../11-references/CONTRACTS_TO_DEPLOY.md) | [CONTRACT_INVENTORY_AND_VERIFICATION](../11-references/CONTRACT_INVENTORY_AND_VERIFICATION.md) | [PLACEHOLDERS_AND_COMPLETION_MASTER_LIST](../00-meta/PLACEHOLDERS_AND_COMPLETION_MASTER_LIST.md) + +--- + +## 1. Env and config (unblock deploys) + +| Gap | Completion | +|-----|------------| +| **CCIPReceiver / CCIPSender** need `CCIP_ROUTER_ADDRESS` and `ORACLE_AGGREGATOR_ADDRESS` | Added `ORACLE_AGGREGATOR_ADDRESS` to `smom-dbis-138/.env.example` with comment; `CCIP_ROUTER_ADDRESS` already present. | +| **Mainnet WETH bridge** addresses for cross-chain config | `.env.example` already had `MAINNET_WETH9_BRIDGE_ADDRESS`, `MAINNET_WETH10_BRIDGE_ADDRESS`; added comment "Set when configuring cross-chain destinations." | +| **Single source** for which env each script needs | Added "Env required per deploy script" table in [CONTRACT_DEPLOYMENT_RUNBOOK](CONTRACT_DEPLOYMENT_RUNBOOK.md) § Prerequisites. | + +--- + +## 2. TransactionMirror (Forge broadcast bug workaround) + +| Gap | Completion | +|-----|------------| +| **TransactionMirror** deploy script can hit constructor-args decode on broadcast | Runbook already had `forge create` one-liner. Added dedicated § **TransactionMirror** in CONTRACT_DEPLOYMENT_RUNBOOK with full command and `MIRROR_ADMIN` handling. | +| **One-command** deploy for operators | Added `./scripts/deployment/deploy-transaction-mirror-chain138.sh` — runs `forge create` with admin from `MIRROR_ADMIN` or deployer; documents setting `TRANSACTION_MIRROR_ADDRESS` in .env. | +| **Inventory** pointed to runbook | CONTRACT_INVENTORY_AND_VERIFICATION §4 Undeployed updated to reference the helper script and runbook § TransactionMirror. | + +--- + +## 3. Smart accounts (no contracts in repo) + +| Gap | Completion | +|-----|------------| +| **DeploySmartAccountsKit** does not deploy (logs next steps only) | Prerequisites table in runbook states: "Script does not deploy contracts; obtain EntryPoint/Factory from MetaMask kit or ERC-4337 impl and set in env." | +| **.env.example** and runbook | Already had ENTRY_POINT, SMART_ACCOUNT_FACTORY, PAYMASTER in smom-dbis-138/.env.example and runbook § Smart accounts. | + +--- + +## 4. Deployments already done (reference) + +| Contract | Address | Script / note | +|----------|---------|----------------| +| Multicall, Oracle (Aggregator+Proxy), MultiSig | See CONTRACT_ADDRESSES_REFERENCE | deploy-all-contracts.sh (2026-02-13) | +| CCIPReceiver | `0xC12236C03b28e675d376774FCE2C2C052488430F` | DeployCCIPReceiver.s.sol | +| Voting | `0x022267b26400114aF01BaCcb92456Fe36cfccD93` | DeployVoting.s.sol | +| Phased core, channels, CREATE2, Vault, Reserve | See CONTRACT_ADDRESSES_REFERENCE | deploy-all-phases.sh (skips when env set) | + +--- + +## 5. Remaining (operator / when-needed) + +| Item | Blocker / when | Action | +|------|----------------|--------| +| **TransactionMirror** on chain | None | Run `./scripts/deployment/deploy-transaction-mirror-chain138.sh` when mirror feature is needed. | +| **Smart accounts** (EntryPoint, Factory, Paymaster) | No contracts in repo | Obtain from MetaMask Smart Accounts Kit or ERC-4337 impl; deploy to Chain 138; set ENTRY_POINT, SMART_ACCOUNT_FACTORY, PAYMASTER in .env. | +| **Mainnet WETH receiver** addresses | When configuring cross-chain to mainnet | Set MAINNET_WETH9_BRIDGE_ADDRESS, MAINNET_WETH10_BRIDGE_ADDRESS in .env. | +| **CCIPLogger** | Optional | Omit from deploy list unless monitoring needed; see CONTRACTS_TO_DEPLOY §1.4. | +| **Dodo / EnhancedSwapRouter** | When DEX integration needed | Set quoter/pool env when pools exist; see PLACEHOLDERS_AND_TBD. | + +--- + +## 6. Where to update when more is completed + +- **This doc:** Add rows to §1–§5 as new gaps are closed. +- **Runbook:** Keep "Env required per deploy script" and § TransactionMirror in sync. +- **CONTRACT_INVENTORY_AND_VERIFICATION:** Update §2 (deployed) and §4 (undeployed) when contracts are deployed or deprecated. +- **PLACEHOLDERS_AND_COMPLETION_MASTER_LIST:** Mark items ✅ and point to this doc or runbook. diff --git a/docs/03-deployment/DEPLOY_AND_VERIFY_ONE_BY_ONE.md b/docs/03-deployment/DEPLOY_AND_VERIFY_ONE_BY_ONE.md new file mode 100644 index 0000000..f649098 --- /dev/null +++ b/docs/03-deployment/DEPLOY_AND_VERIFY_ONE_BY_ONE.md @@ -0,0 +1,147 @@ +# Deploy and Verify Smart Contracts — One at a Time + +**Last Updated:** 2026-02-13 +**Purpose:** Compile, deploy, and verify Chain 138 contracts one contract at a time for controlled rollouts and easier debugging. + +--- + +## Prerequisites + +- **Foundry** installed (`forge` in PATH). +- **Network:** Host must reach Chain 138 RPC (set `RPC_URL_138`, e.g. http://192.168.11.211:8545 for Core) and, for verification, Blockscout (e.g. https://explorer.d-bis.org). +- **Env:** `smom-dbis-138/.env` with `PRIVATE_KEY` and `RPC_URL_138` (Chain 138 Core). + +**Chain 138 gas:** Always use `--with-gas-price 1000000000` (1 gwei) for `forge script` and `forge create`. + +--- + +## Step 1 — Compile + +From repo root or `smom-dbis-138`: + +```bash +cd smom-dbis-138 +forge build +``` + +- First run can take several minutes (67+ files, `via_ir` in default profile). +- Re-runs are fast if cache is warm. Use `forge build --skip test` to skip test contracts for a quicker compile when only deploying. + +--- + +## Step 2 — Deploy One Contract + +Pick one deploy script and run it **without** `--broadcast` first (dry run), then with `--broadcast` to deploy. + +**Template:** + +```bash +cd smom-dbis-138 +source .env +# Dry run (no on-chain tx) +forge script script/DeployMulticall.s.sol:DeployMulticall \ + --rpc-url "$RPC_URL_138" \ + --with-gas-price 1000000000 + +# Deploy (on-chain) +forge script script/DeployMulticall.s.sol:DeployMulticall \ + --rpc-url "$RPC_URL_138" \ + --broadcast \ + --private-key "$PRIVATE_KEY" \ + --with-gas-price 1000000000 +``` + +**Suggested order (matches deploy-all-contracts.sh):** + +| # | Contract | Script | Notes | +|---|-------------|--------|--------| +| 1 | Multicall | `script/DeployMulticall.s.sol:DeployMulticall` | Single contract | +| 2 | Oracle | `script/DeployOracle.s.sol:DeployOracle` | Deploys Aggregator + Proxy; set `ADDR_ORACLE_PROXY` to Proxy address for verification | +| 3 | MultiSig | `script/DeployMultiSig.s.sol:DeployMultiSig` | Governance | + +**Other single-contract or small scripts:** + +- `script/DeployAddressMapper.s.sol` — AddressMapper +- `script/DeployMirrorManager.s.sol` — MirrorManager +- `script/DeployCCIPWETH9Bridge.s.sol` — CCIP WETH9 bridge (env: CCIP_ROUTER, etc.) +- `script/smart-accounts/DeploySmartAccountsKit.s.sol` — ERC-4337 (EntryPoint, Factory, Paymaster) + +After each deploy, note the **deployed address(es)** from the log (e.g. `Multicall deployed at: 0x...`). Update `.env` or `config/contract-addresses.conf` if this contract is used by later deploys or verification. + +--- + +## Step 3 — Verify on Blockscout + +Use the **Forge Verification Proxy** so Forge’s JSON API is translated for Blockscout. + +**3a. Start the proxy (if not already running):** + +```bash +# From repo root +BLOCKSCOUT_URL=http://192.168.11.140:4000 node forge-verification-proxy/server.js +# Or for public explorer: BLOCKSCOUT_URL=https://explorer.d-bis.org node forge-verification-proxy/server.js +``` + +**3b. Verify one contract:** + +```bash +cd smom-dbis-138 +source .env 2>/dev/null +RPC="${RPC_URL_138:-http://192.168.11.211:8545}" +VERIFIER_URL="${FORGE_VERIFIER_URL:-http://127.0.0.1:3080/api}" + +# Example: verify Multicall at 0xYourDeployedAddress +forge verify-contract \ + 0xYourDeployedAddress \ + contracts/utils/Multicall.sol:Multicall \ + --chain-id 138 \ + --verifier blockscout \ + --verifier-url "$VERIFIER_URL" \ + --rpc-url "$RPC" \ + --flatten +``` + +**Example verification paths (contract:path):** + +| Contract | Path | +|----------------|------| +| Multicall | `contracts/utils/Multicall.sol:Multicall` | +| Oracle Proxy | `contracts/oracle/Proxy.sol:Proxy` | +| Aggregator | `contracts/oracle/Aggregator.sol:Aggregator` | +| CCIPWETH9Bridge| `contracts/ccip/CCIPWETH9Bridge.sol:CCIPWETH9Bridge` | +| CCIPSender | `contracts/ccip/CCIPSender.sol:CCIPSender` | + +**Or use the batch script for one contract:** + +```bash +source smom-dbis-138/.env 2>/dev/null +./scripts/verify/run-contract-verification-with-proxy.sh --only Proxy +# (Script currently includes a fixed list; add your contract to config/contract-addresses.conf and verify-contracts-blockscout.sh to use --only.) +``` + +--- + +## Step 4 — Confirm On-Chain + +Check that the contract exists and (if applicable) is verified: + +```bash +./scripts/verify/check-contracts-on-chain-138.sh "${RPC_URL_138:-http://192.168.11.211:8545}" +``` + +Or open the contract on the explorer: +https://explorer.d-bis.org/address/
+ +--- + +## Quick Reference + +| Action | Command | +|----------|---------| +| Compile | `cd smom-dbis-138 && forge build` | +| Dry run | `forge script