# MIM4U.ORG DNS & NPMplus Proxy Configuration **Date**: 2026-01-20 **Status**: ✅ **FULLY CONFIGURED** --- ## Summary The DNS and proxy configuration for `mim4u.org` is correctly set up: - **DNS** points to NPMplus (via public IP `76.53.10.36`) - **NPMplus** handles SSL certificates and terminates HTTPS - **NPMplus** proxies to nginx on VMID 7810 (`192.168.11.37:80`) --- ## Current Configuration ### 1. DNS Configuration (Cloudflare) | Domain | Type | Target | Proxy Status | TTL | |--------|------|--------|--------------|-----| | `mim4u.org` | A | `76.53.10.36` | DNS Only | Auto | | `www.mim4u.org` | A | `76.53.10.36` | DNS Only | Auto | | `secure.mim4u.org` | A | `76.53.10.36` | DNS Only | Auto | | `training.mim4u.org` | A | `76.53.10.36` | DNS Only | Auto | **DNS Resolution Verified:** ```bash $ dig +short mim4u.org 76.53.10.36 ``` --- ### 2. Port Forwarding (UDM Pro) | Service | Public IP:Port | Internal IP:Port | Protocol | Status | |---------|---------------|------------------|----------|--------| | HTTPS | `76.53.10.36:443` | `192.168.11.166:443` | TCP | ✅ Configured | | HTTP | `76.53.10.36:80` | `192.168.11.166:80` | TCP | ✅ Configured | **NPMplus Container:** - **VMID**: 10233 - **Host**: r630-01 (192.168.11.11) - **Internal IP**: 192.168.11.166 - **Management UI**: https://192.168.11.166:81 --- ### 3. NPMplus Proxy Configuration **Proxy Host ID**: 17 **Domain**: `mim4u.org` **SSL Certificate**: npm-50 (Certbot Let's Encrypt) **Configuration:** ``` server_name mim4u.org; ssl_certificate /data/tls/certbot/live/npm-50/fullchain.pem; ssl_certificate_key /data/tls/certbot/live/npm-50/privkey.pem; proxy_pass http://192.168.11.37:80$request_uri; ``` **Additional Domains (Same Proxy Host):** - `www.mim4u.org` → Same proxy (redirect configured) - `secure.mim4u.org` → Same proxy (separate proxy host ID: 19) - `training.mim4u.org` → Same proxy (separate proxy host ID: 20) **SSL Features Enabled:** - ✅ HSTS (HTTP Strict Transport Security) - ✅ Force HTTPS redirect - ✅ Brotli compression - ✅ Security headers (CSP, X-Frame-Options, etc.) --- ### 4. Backend Nginx (VMID 7810) **VM Details:** - **VMID**: 7810 - **Hostname**: mim-web-1 - **Host**: r630-02 (192.168.11.12) - **Internal IP**: 192.168.11.37 - **Port**: 80 (HTTP) **Nginx Status:** - ✅ Installed: nginx 1.18.0 - ✅ Service: Running and enabled - ✅ Listening: Port 80 - ✅ Web root: `/var/www/html` **Verification:** ```bash $ ssh root@192.168.11.12 "pct exec 7810 -- systemctl status nginx" Active: active (running) ``` --- ## Complete Traffic Flow ``` Internet User ↓ ↓ DNS Query: mim4u.org ↓ Cloudflare DNS (76.53.10.36) ↓ ↓ HTTPS Request: https://mim4u.org ↓ UDM Pro Port Forwarding (76.53.10.36:443) ↓ ↓ Forwards to: 192.168.11.166:443 ↓ NPMplus (192.168.11.166:443) ├─ SSL Termination (Certbot certificate) ├─ Security Headers Added ├─ HSTS Enforced └─ Proxy Pass: http://192.168.11.37:80 ↓ ↓ HTTP Request (internal) ↓ nginx on VMID 7810 (192.168.11.37:80) ├─ Serves static files from /var/www/html └─ Returns response ↓ ↓ (Response path reverses) ↓ Internet User (HTTPS response) ``` --- ## Configuration Verification ### Test DNS Resolution ```bash dig +short mim4u.org # Expected: 76.53.10.36 ``` ### Test NPMplus SSL Certificate ```bash curl -vI https://mim4u.org 2>&1 | grep -E "(certificate|SSL|TLS)" ``` ### Test Internal Proxy (from NPMplus) ```bash ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus curl -I http://192.168.11.37/" ``` ### Test Backend Nginx (from Proxmox host) ```bash ssh root@192.168.11.12 "pct exec 7810 -- curl -I http://localhost/" ``` ### Test End-to-End (External) ```bash curl -I https://mim4u.org # Expected: HTTP/2 200 or 301/302 redirect ``` --- ## Related Domains All MIM4U domains are configured with the same backend: | Domain | NPMplus Proxy Host ID | Backend | Status | |--------|----------------------|---------|--------| | `mim4u.org` | 17 | 192.168.11.37:80 | ✅ Active | | `secure.mim4u.org` | 19 | 192.168.11.37:80 | ✅ Active | | `training.mim4u.org` | 20 | 192.168.11.37:80 | ✅ Active | **Note**: `www.mim4u.org` is handled by the same proxy host (ID 17) via `server_name` configuration. --- ## Update Configuration To update the NPMplus proxy host configuration: ```bash cd /home/intlc/projects/proxmox bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh ``` This script updates all proxy hosts, including mim4u.org (confirmed pointing to 192.168.11.37:80). --- ## SSL Certificate Management SSL certificates are managed by Certbot within NPMplus: - **Certificate ID**: npm-50 - **Provider**: Let's Encrypt - **Auto-renewal**: Enabled - **Certificate Location**: `/data/tls/certbot/live/npm-50/` To manually renew certificates: ```bash ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus certbot renew" ``` --- ## Troubleshooting ### Issue: DNS not resolving **Check:** ```bash dig +short mim4u.org # Should return: 76.53.10.36 ``` ### Issue: SSL certificate invalid **Check:** ```bash curl -vI https://mim4u.org 2>&1 | grep -i certificate ``` ### Issue: Cannot reach backend nginx **Check:** ```bash # From NPMplus container ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus curl -I http://192.168.11.37/" # From Proxmox host ssh root@192.168.11.12 "pct exec 7810 -- systemctl status nginx" ``` ### Issue: Port forwarding not working **Verify UDM Pro port forwarding rules:** - Public IP: 76.53.10.36:443 → Internal: 192.168.11.166:443 - Public IP: 76.53.10.36:80 → Internal: 192.168.11.166:80 --- ## Related Documentation - `reports/VMID_7810_NGINX_INSTALLATION_COMPLETE.md` - Nginx installation details - `reports/VMID_7810_NETWORK_TEST_RESULTS_FINAL.md` - Network connectivity tests - `docs/04-configuration/NGINX_PUBLIC_IP_CONFIGURATION.md` - Public IP configuration - `scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` - Proxy update script --- **Configuration Status**: ✅ **COMPLETE AND VERIFIED** **Last Verified**: 2026-01-20