d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/NPMPLUS_PORT_FORWARDING_GUIDE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

191 lines
4.8 KiB
Markdown
Raw Permalink Blame History

# NPMplus Port Forwarding Configuration Guide
**Last Updated:** 2026-01-31
**Document Version:** 1.0
**Status:** Active Documentation
---
**Date**: 2026-01-16
**Status**: Configuration Required
**NPMplus IP**: `192.168.0.166`
**Public IP**: `76.53.10.36`
---
## Overview
Port forwarding must be configured in UDM Pro to route traffic from the public IP to NPMplus. Currently, ports 80 and 443 are not accessible, which prevents Let's Encrypt from validating domains for SSL certificates.
---
## Current Status
**DNS Configuration**: All 19 domains correctly point to `76.53.10.36`
**Port Forwarding**: Not configured (ports 80/443 not accessible)
---
## Required Port Forwarding Rules
### Rule 1: HTTP (Port 80)
- **Name**: NPMplus HTTP
- **Public IP**: `76.53.10.36`
- **Public Port**: `80`
- **Internal IP**: `192.168.0.166`
- **Internal Port**: `80`
- **Protocol**: `TCP`
- **Interface**: WAN (or appropriate interface)
### Rule 2: HTTPS (Port 443)
- **Name**: NPMplus HTTPS
- **Public IP**: `76.53.10.36`
- **Public Port**: `443`
- **Internal IP**: `192.168.0.166`
- **Internal Port**: `443`
- **Protocol**: `TCP`
- **Interface**: WAN (or appropriate interface)
---
## Manual Configuration Steps
### Step 1: Access UDM Pro
1. Open web browser
2. Navigate to UDM Pro web interface (typically `https://192.168.1.1` or your UDM Pro IP)
3. Log in with admin credentials
### Step 2: Navigate to Port Forwarding
1. Click **Settings** (gear icon)
2. Go to **Firewall & Security**
3. Click **Port Forwarding** (or **Port Forwarding Rules**)
### Step 3: Create HTTP Rule
1. Click **Add Port Forwarding Rule** (or **Create New Rule**)
2. Configure:
- **Name**: `NPMplus HTTP`
- **Source**: `Any` (or specific IP if needed)
- **Destination IP**: `76.53.10.36`
- **Destination Port**: `80`
- **Forward to IP**: `192.168.0.166`
- **Forward to Port**: `80`
- **Protocol**: `TCP`
- **Interface**: `WAN` (or your internet-facing interface)
3. Click **Save** or **Apply**
### Step 4: Create HTTPS Rule
1. Click **Add Port Forwarding Rule** again
2. Configure:
- **Name**: `NPMplus HTTPS`
- **Source**: `Any` (or specific IP if needed)
- **Destination IP**: `76.53.10.36`
- **Destination Port**: `443`
- **Forward to IP**: `192.168.0.166`
- **Forward to Port**: `443`
- **Protocol**: `TCP`
- **Interface**: `WAN` (or your internet-facing interface)
3. Click **Save** or **Apply**
### Step 5: Verify Configuration
1. Review both rules in the Port Forwarding list
2. Ensure they are **Enabled**
3. Check that IPs and ports are correct
---
## Update Existing Rules
If port forwarding rules already exist but point to the old NPM IP (`192.168.11.26`):
1. Find the existing rules (may be named "Nginx" or "NPM")
2. Edit each rule
3. Update **Forward to IP** from `192.168.11.26` to `192.168.0.166`
4. Save changes
---
## Verification
After configuring port forwarding, verify connectivity:
```bash
# Test HTTP
curl -I http://76.53.10.36
# Test HTTPS
curl -I -k https://76.53.10.36
# Test specific domain
curl -I http://sankofa.nexus
```
Expected: Should return HTTP response (200, 301, 302, etc.) instead of connection timeout.
---
## Troubleshooting
### Ports Still Not Accessible
1. **Check Firewall Rules**: Ensure firewall allows traffic on ports 80/443
2. **Check Interface**: Verify WAN interface is correct
3. **Check IP Assignment**: Confirm `76.53.10.36` is assigned to UDM Pro WAN interface
4. **Check ISP**: Some ISPs block ports 80/443 - may need to use alternate ports
### Let's Encrypt Still Failing
1. **Wait for DNS Propagation**: DNS changes can take 5-10 minutes
2. **Check DNS Resolution**: Verify domains resolve to `76.53.10.36` from external DNS
```bash
dig sankofa.nexus @8.8.8.8
```
3. **Test HTTP Access**: Ensure `http://sankofa.nexus` is accessible from internet
4. **Check NPMplus Logs**: Review certificate request errors in NPMplus
---
## Next Steps After Port Forwarding
1. **Wait 5-10 minutes** for configuration to take effect
2. **Test connectivity** using curl commands above
3. **Request SSL certificates** in NPMplus:
- Access: `https://192.168.0.166:81`
- Go to **SSL Certificates**
- Click **Request New Certificate**
- Select domain and request Let's Encrypt certificate
4. **Or use automation script**:
```bash
bash scripts/request-npmplus-certificates.sh
```
---
## Architecture
```
Internet
Cloudflare DNS (76.53.10.36)
UDM Pro Port Forwarding
├─ 76.53.10.36:80 → 192.168.0.166:80
└─ 76.53.10.36:443 → 192.168.0.166:443
NPMplus (192.168.0.166:80/443)
Backend Services (by hostname)
```
---
## Related Documentation
- [NPMplus Migration Guide](./NPMPLUS_MIGRATION_GUIDE.md)
- [DNS Configuration](./NGINX_PUBLIC_IP_CONFIGURATION.md)
- [UDM Pro Configuration](./UDM_PRO_COMPLETE_MANUAL_GUIDE.md)
Reference in New Issue View Git Blame Copy Permalink