d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/NPMPLUS_PORT_FORWARDING_GUIDE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

4.8 KiB
Raw Permalink Blame History

NPMplus Port Forwarding Configuration Guide

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2026-01-16
Status: Configuration Required
NPMplus IP: 192.168.0.166
Public IP: 76.53.10.36

Overview

Port forwarding must be configured in UDM Pro to route traffic from the public IP to NPMplus. Currently, ports 80 and 443 are not accessible, which prevents Let's Encrypt from validating domains for SSL certificates.

Current Status

DNS Configuration: All 19 domains correctly point to 76.53.10.36
Port Forwarding: Not configured (ports 80/443 not accessible)

Required Port Forwarding Rules

Rule 1: HTTP (Port 80)

  • Name: NPMplus HTTP
  • Public IP: 76.53.10.36
  • Public Port: 80
  • Internal IP: 192.168.0.166
  • Internal Port: 80
  • Protocol: TCP
  • Interface: WAN (or appropriate interface)

Rule 2: HTTPS (Port 443)

  • Name: NPMplus HTTPS
  • Public IP: 76.53.10.36
  • Public Port: 443
  • Internal IP: 192.168.0.166
  • Internal Port: 443
  • Protocol: TCP
  • Interface: WAN (or appropriate interface)

Manual Configuration Steps

Step 1: Access UDM Pro

  1. Open web browser
  2. Navigate to UDM Pro web interface (typically https://192.168.1.1 or your UDM Pro IP)
  3. Log in with admin credentials

Step 2: Navigate to Port Forwarding

  1. Click Settings (gear icon)
  2. Go to Firewall & Security
  3. Click Port Forwarding (or Port Forwarding Rules)

Step 3: Create HTTP Rule

  1. Click Add Port Forwarding Rule (or Create New Rule)
  2. Configure:
    • Name: NPMplus HTTP
    • Source: Any (or specific IP if needed)
    • Destination IP: 76.53.10.36
    • Destination Port: 80
    • Forward to IP: 192.168.0.166
    • Forward to Port: 80
    • Protocol: TCP
    • Interface: WAN (or your internet-facing interface)
  3. Click Save or Apply

Step 4: Create HTTPS Rule

  1. Click Add Port Forwarding Rule again
  2. Configure:
    • Name: NPMplus HTTPS
    • Source: Any (or specific IP if needed)
    • Destination IP: 76.53.10.36
    • Destination Port: 443
    • Forward to IP: 192.168.0.166
    • Forward to Port: 443
    • Protocol: TCP
    • Interface: WAN (or your internet-facing interface)
  3. Click Save or Apply

Step 5: Verify Configuration

  1. Review both rules in the Port Forwarding list
  2. Ensure they are Enabled
  3. Check that IPs and ports are correct

Update Existing Rules

If port forwarding rules already exist but point to the old NPM IP (192.168.11.26):

  1. Find the existing rules (may be named "Nginx" or "NPM")
  2. Edit each rule
  3. Update Forward to IP from 192.168.11.26 to 192.168.0.166
  4. Save changes

Verification

After configuring port forwarding, verify connectivity:

# Test HTTP
curl -I http://76.53.10.36

# Test HTTPS
curl -I -k https://76.53.10.36

# Test specific domain
curl -I http://sankofa.nexus

Expected: Should return HTTP response (200, 301, 302, etc.) instead of connection timeout.

Troubleshooting

Ports Still Not Accessible

  1. Check Firewall Rules: Ensure firewall allows traffic on ports 80/443
  2. Check Interface: Verify WAN interface is correct
  3. Check IP Assignment: Confirm 76.53.10.36 is assigned to UDM Pro WAN interface
  4. Check ISP: Some ISPs block ports 80/443 - may need to use alternate ports

Let's Encrypt Still Failing

  1. Wait for DNS Propagation: DNS changes can take 5-10 minutes
  2. Check DNS Resolution: Verify domains resolve to 76.53.10.36 from external DNS 
    dig sankofa.nexus @8.8.8.8
  3. Test HTTP Access: Ensure http://sankofa.nexus is accessible from internet
  4. Check NPMplus Logs: Review certificate request errors in NPMplus

Next Steps After Port Forwarding

  1. Wait 5-10 minutes for configuration to take effect
  2. Test connectivity using curl commands above
  3. Request SSL certificates in NPMplus:
    • Access: https://192.168.0.166:81
    • Go to SSL Certificates
    • Click Request New Certificate
    • Select domain and request Let's Encrypt certificate
  4. Or use automation script: 
    bash scripts/request-npmplus-certificates.sh

Architecture

Internet
    ↓
Cloudflare DNS (76.53.10.36)
    ↓
UDM Pro Port Forwarding
    ├─ 76.53.10.36:80 → 192.168.0.166:80
    └─ 76.53.10.36:443 → 192.168.0.166:443
    ↓
NPMplus (192.168.0.166:80/443)
    ↓
Backend Services (by hostname)

Related Documentation

Reference in New Issue View Git Blame Copy Permalink