Complete markdown files cleanup and organization

- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.

scripts/setup-blockscout-ssl-complete.sh

@@ -0,0 +1,295 @@
+#!/usr/bin/env bash
+# Complete SSL setup for Blockscout with Cloudflare Tunnel
+# Sets up Let's Encrypt certificates, Nginx SSL, and Cloudflare tunnel HTTPS
+# Usage: ./setup-blockscout-ssl-complete.sh
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ENV_FILE="${ENV_FILE:-$SCRIPT_DIR/../.env}"
+
+# Configuration
+VMID="${VMID:-5000}"
+IP="${IP:-192.168.11.140}"
+DOMAIN="${DOMAIN:-explorer.d-bis.org}"
+BLOCKSCOUT_PORT="${BLOCKSCOUT_PORT:-4000}"
+PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.10}"
+EMAIL="${EMAIL:-admin@d-bis.org}"
+PASSWORD="${PASSWORD:-L@kers2010}"
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
+log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
+log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
+log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
+
+# Load environment variables
+if [ -f "$ENV_FILE" ]; then
+    source "$ENV_FILE"
+fi
+
+echo "════════════════════════════════════════════════════════"
+echo "Blockscout SSL Setup with Cloudflare Tunnel"
+echo "════════════════════════════════════════════════════════"
+echo ""
+echo "Configuration:"
+echo "  VMID: $VMID"
+echo "  IP: $IP"
+echo "  Domain: $DOMAIN"
+echo "  Email: $EMAIL"
+echo ""
+
+# Function to execute command in container (direct SSH to container IP)
+exec_container() {
+    local cmd="$1"
+    sshpass -p "$PASSWORD" ssh -o StrictHostKeyChecking=no root@"$IP" "bash -c '$cmd'" 2>&1
+}
+
+# Step 1: Install Certbot
+log_info "Step 1: Installing Certbot..."
+exec_container "export DEBIAN_FRONTEND=noninteractive && apt-get update -qq && apt-get install -y -qq certbot python3-certbot-nginx" || {
+    log_error "Failed to install Certbot"
+    exit 1
+}
+log_success "Certbot installed"
+
+# Step 2: Configure Nginx for ACME challenge (HTTP port 80)
+log_info "Step 2: Configuring Nginx for ACME challenge..."
+# Create config file locally then copy
+cat > /tmp/blockscout-nginx-acme.conf <<EOF
+# HTTP server - for Let's Encrypt ACME challenge
+server {
+    listen 80;
+    listen [::]:80;
+    server_name $DOMAIN $IP;
+
+    # Allow Let's Encrypt ACME challenges
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+        try_files \$uri =404;
+    }
+
+    # Temporary: proxy to Blockscout for testing (will redirect to HTTPS after cert)
+    location / {
+        proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT;
+        proxy_http_version 1.1;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_read_timeout 300s;
+    }
+}
+EOF
+
+sshpass -p "$PASSWORD" scp -o StrictHostKeyChecking=no /tmp/blockscout-nginx-acme.conf root@"$IP":/etc/nginx/sites-available/blockscout
+exec_container "mkdir -p /var/www/html/.well-known/acme-challenge && chown -R www-data:www-data /var/www/html && ln -sf /etc/nginx/sites-available/blockscout /etc/nginx/sites-enabled/ && rm -f /etc/nginx/sites-enabled/default && nginx -t && systemctl reload nginx" || {
+    log_error "Failed to configure Nginx"
+    exit 1
+}
+log_success "Nginx configured for ACME challenge"
+
+# Step 3: Obtain SSL certificate from Let's Encrypt
+log_info "Step 3: Obtaining SSL certificate from Let's Encrypt..."
+log_info "This may take a minute..."
+CERT_RESULT=$(exec_container "certbot certonly --nginx -d $DOMAIN --non-interactive --agree-tos --email $EMAIL --keep-until-expiring 2>&1" || echo "FAILED")
+
+if echo "$CERT_RESULT" | grep -q "Successfully received certificate"; then
+    log_success "SSL certificate obtained successfully"
+    CERT_PATH="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
+    KEY_PATH="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
+else
+    log_error "Failed to obtain SSL certificate"
+    echo "$CERT_RESULT" | tail -20
+    exit 1
+fi
+
+# Step 4: Configure Nginx with SSL
+log_info "Step 4: Configuring Nginx with SSL certificates..."
+cat > /tmp/blockscout-nginx-ssl.conf <<EOF
+# HTTP server - redirect to HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name $DOMAIN $IP;
+
+    # Allow Let's Encrypt ACME challenges
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+        try_files \$uri =404;
+    }
+
+    # Redirect all other traffic to HTTPS
+    location / {
+        return 301 https://\$host\$request_uri;
+    }
+}
+
+# HTTPS server - Blockscout Explorer
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name $DOMAIN $IP;
+
+    # SSL configuration
+    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    # Security headers
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
+    # Logging
+    access_log /var/log/nginx/blockscout-access.log;
+    error_log /var/log/nginx/blockscout-error.log;
+
+    # Increase timeouts for Blockscout requests
+    proxy_connect_timeout 300s;
+    proxy_send_timeout 300s;
+    proxy_read_timeout 300s;
+    send_timeout 300s;
+
+    # Client body size (for large contract verification uploads)
+    client_max_body_size 100M;
+
+    # Blockscout Explorer endpoint
+    location / {
+        proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT;
+        proxy_http_version 1.1;
+        
+        # Headers
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header Connection "";
+        
+        # Buffer settings
+        proxy_buffering off;
+        proxy_request_buffering off;
+        
+        # WebSocket support
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection \$connection_upgrade;
+    }
+
+    # API endpoint
+    location /api/ {
+        proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT;
+        proxy_http_version 1.1;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_read_timeout 300s;
+    }
+
+    # Health check endpoint
+    location /health {
+        access_log off;
+        proxy_pass http://127.0.0.1:$BLOCKSCOUT_PORT/api/v2/status;
+        proxy_set_header Host \$host;
+        add_header Content-Type application/json;
+    }
+}
+
+# WebSocket upgrade mapping
+map \$http_upgrade \$connection_upgrade {
+    default upgrade;
+    '' close;
+}
+EOF
+
+sshpass -p "$PASSWORD" scp -o StrictHostKeyChecking=no /tmp/blockscout-nginx-ssl.conf root@"$IP":/etc/nginx/sites-available/blockscout
+exec_container "nginx -t && systemctl reload nginx" || {
+    log_error "Failed to configure Nginx with SSL"
+    exit 1
+}
+log_success "Nginx configured with SSL"
+
+# Step 5: Set up auto-renewal
+log_info "Step 5: Setting up certificate auto-renewal..."
+exec_container "systemctl enable certbot.timer && systemctl start certbot.timer" || {
+    log_warn "Failed to enable certbot timer (may already be enabled)"
+}
+log_success "Auto-renewal configured"
+
+# Step 6: Update Blockscout to use HTTPS
+log_info "Step 6: Updating Blockscout configuration for HTTPS..."
+exec_container "cd /opt/blockscout && if [ -f docker-compose.yml ]; then sed -i 's|BLOCKSCOUT_PROTOCOL=http|BLOCKSCOUT_PROTOCOL=https|g' docker-compose.yml && sed -i 's|BLOCKSCOUT_HOST=192.168.11.140|BLOCKSCOUT_HOST=$DOMAIN|g' docker-compose.yml && docker-compose restart blockscout 2>/dev/null || docker compose restart blockscout 2>/dev/null || true && echo 'Blockscout configuration updated'; else echo 'docker-compose.yml not found, skipping Blockscout config update'; fi" || {
+    log_warn "Failed to update Blockscout configuration (may need manual update)"
+}
+
+# Step 7: Update Cloudflare Tunnel to use HTTPS
+log_info "Step 7: Updating Cloudflare Tunnel route to HTTPS..."
+if [ -f "$SCRIPT_DIR/configure-cloudflare-tunnel-route.sh" ]; then
+    export EXPLORER_IP="$IP"
+    export EXPLORER_PORT="443"
+    bash "$SCRIPT_DIR/configure-cloudflare-tunnel-route.sh" || {
+        log_warn "Failed to update Cloudflare tunnel route automatically"
+        log_info "Manual update needed: Change tunnel route to https://$IP:443"
+    }
+else
+    log_warn "Cloudflare tunnel route script not found"
+    log_info "Manual update needed: Change tunnel route to https://$IP:443"
+fi
+
+# Step 8: Test SSL configuration
+log_info "Step 8: Testing SSL configuration..."
+sleep 5
+
+SSL_TEST=$(exec_container "timeout 5 curl -k -s -o /dev/null -w '%{http_code}' https://localhost/health 2>&1" || echo "000")
+if [ "$SSL_TEST" = "200" ] || [ "$SSL_TEST" = "301" ] || [ "$SSL_TEST" = "302" ]; then
+    log_success "HTTPS is working (HTTP $SSL_TEST)"
+else
+    log_warn "HTTPS test returned: HTTP $SSL_TEST"
+fi
+
+# Step 9: Verify certificate
+log_info "Step 9: Verifying SSL certificate..."
+CERT_INFO=$(exec_container "openssl x509 -in /etc/letsencrypt/live/$DOMAIN/fullchain.pem -noout -subject -issuer -dates 2>&1" || echo "")
+if [ -n "$CERT_INFO" ]; then
+    log_success "Certificate details:"
+    echo "$CERT_INFO" | while read line; do
+        log_info "  $line"
+    done
+fi
+
+echo ""
+echo "════════════════════════════════════════════════════════"
+echo "SSL Setup Complete!"
+echo "════════════════════════════════════════════════════════"
+echo ""
+log_success "Configuration Summary:"
+echo "  Domain: $DOMAIN"
+echo "  SSL Certificate: /etc/letsencrypt/live/$DOMAIN/"
+echo "  HTTPS Port: 443"
+echo "  HTTP Port: 80 (redirects to HTTPS)"
+echo ""
+log_info "Access Points:"
+echo "  Internal HTTPS: https://$IP"
+echo "  External HTTPS: https://$DOMAIN"
+echo "  Health Check: https://$DOMAIN/health"
+echo ""
+log_info "Next Steps:"
+echo "  1. Verify Cloudflare tunnel route points to https://$IP:443"
+echo "  2. Test external access: curl https://$DOMAIN/health"
+echo "  3. Monitor certificate renewal: systemctl status certbot.timer"
+echo ""
+
+# Cleanup
+rm -f /tmp/blockscout-nginx-acme.conf /tmp/blockscout-nginx-ssl.conf