d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/05-network/EDGE_PORT_VERIFICATION_RUNBOOK.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

68 lines
2.5 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Edge Port Verification Runbook (Phase 0)
**Last Updated:** 2026-02-05
**Status:** Active
**Purpose:** Pre-requisite for Fastly/Direct edge design. Verifies whether inbound 80/443 are reachable on the public origin IP so the team can choose Option A (Fastly), Option C (direct), or Option B (tunnel/VPS).
---
## Why This Matters
- **Spectrum** (ISP) gateway at **76.53.10.33** shows ports 21, 22, 23, 80, 110, 143, 443, 3389 as **filtered** when scanned.
- The **origin for public traffic** is **76.53.10.36** (UDM Pro port forward to NPMplus). Reachability of **76.53.10.36:80** and **76.53.10.36:443** from the internet determines whether Fastly or direct-to-origin is viable.
- If both are **open**: proceed with Option A (Fastly) or Option C (DNS direct to 76.53.10.36).
- If **closed/filtered**: Option B required (Cloudflare Tunnel fix, or VPS/outbound connector).
---
## Prerequisite
Run the check from **outside** your network (e.g. mobile hotspot, different ISP, or a cloud VM). Do not rely on LAN or same-Spectrum tests.
---
## Step 1: Port check from outside your network
### Option A: Online port checker
1. Use a public service (e.g. [yougetsignal.com](https://www.yougetsignal.com/tools/open-ports/) or similar).
2. Target: **76.53.10.36**
3. Ports: **80** (HTTP), **443** (HTTPS)
4. Record result: Open / Closed / Filtered for each.
### Option B: nmap from external host
From a host that is **not** on 192.168.11.0/24 and **not** behind the same Spectrum gateway:
```bash
nmap -p 80,443 76.53.10.36
```
Interpret:
- **open**: Proceed with Fastly (Option A) or direct (Option C).
- **filtered** or **closed**: Use Option B (tunnel or VPS origin).
---
## Step 2: Record and decide
| Port | Result | Action |
|------|----------|--------|
| 80 | open | HTTP redirect/origin possible |
| 80 | filtered/closed | Option B or HTTPS-only to 443 |
| 443 | open | Fastly/direct HTTPS viable |
| 443 | filtered/closed | Option B required (no inbound HTTPS to .36) |
**Go/no-go:**
- **Go for Option A/C:** Both 80 and 443 open on 76.53.10.36 from internet.
- **No-go for Option A/C:** 443 closed or filtered → implement Option B (tunnel or VPS origin; see [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md) and edge options in project runbooks).
---
## References
- [NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md) Origin IP 76.53.10.36, Spectrum block
- [MASTER_INDEX.md](../MASTER_INDEX.md) Topology and edge design
Reference in New Issue View Git Blame Copy Permalink