cb47cce074
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
3.5 KiB
3.5 KiB
Blockscout SSL Setup Complete! ✅
Date: December 23, 2025
Status: ✅ SSL CONFIGURED AND WORKING
✅ Completed Tasks
-
Let's Encrypt SSL Certificate: Installed and configured
- Certificate:
/etc/letsencrypt/live/explorer.d-bis.org/ - Valid until: March 23, 2026
- Auto-renewal: Enabled
- Certificate:
-
Nginx SSL Configuration: HTTPS enabled on port 443
- HTTP (port 80): Redirects to HTTPS
- HTTPS (port 443): Full SSL/TLS with modern ciphers
- Security headers: HSTS, X-Frame-Options, etc.
-
Cloudflare Tunnel: Updated to use HTTPS
- Route:
explorer.d-bis.org→https://192.168.11.140:443 - SSL verification: Disabled (noTLSVerify: true) for internal connection
- Route:
-
Blockscout Configuration: Updated for HTTPS
- Protocol: HTTPS
- Host: explorer.d-bis.org
Configuration Details
SSL Certificate
- Domain: explorer.d-bis.org
- Issuer: Let's Encrypt R13
- Location:
/etc/letsencrypt/live/explorer.d-bis.org/ - Auto-renewal: Enabled via certbot.timer
Nginx Configuration
- HTTP Port: 80 (redirects to HTTPS)
- HTTPS Port: 443
- SSL Protocols: TLSv1.2, TLSv1.3
- SSL Ciphers: Modern ECDHE ciphers only
- Security Headers:
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- X-XSS-Protection
Cloudflare Tunnel
- Tunnel ID:
10ab22da-8ea3-4e2e-a896-27ece2211a05 - Route:
explorer.d-bis.org→https://192.168.11.140:443 - SSL Verification: Disabled for internal connection (Cloudflare → Blockscout)
Access Points
Internal
- HTTP: http://192.168.11.140 (redirects to HTTPS)
- HTTPS: https://192.168.11.140
- Health: https://192.168.11.140/health
External
- HTTPS: https://explorer.d-bis.org
- Health: https://explorer.d-bis.org/health
- API: https://explorer.d-bis.org/api
Testing
Test Internal HTTPS
curl -k https://192.168.11.140/health
Test External HTTPS
curl https://explorer.d-bis.org/health
Verify Certificate
openssl s_client -connect explorer.d-bis.org:443 -servername explorer.d-bis.org < /dev/null
Check Certificate Auto-Renewal
systemctl status certbot.timer
Architecture
Internet
↓
Cloudflare Edge (SSL Termination)
↓
Cloudflare Tunnel (encrypted)
↓
cloudflared (VMID 102)
↓
HTTPS → https://192.168.11.140:443
↓
Nginx (VMID 5000) - SSL/TLS
↓
HTTP → http://127.0.0.1:4000
↓
Blockscout Container
Files Modified
/etc/letsencrypt/live/explorer.d-bis.org/- SSL certificates/etc/nginx/sites-available/blockscout- Nginx SSL configuration/opt/blockscout/docker-compose.yml- Blockscout HTTPS configuration- Cloudflare Tunnel configuration - Updated route to HTTPS
Maintenance
Certificate Renewal
Certificates auto-renew via certbot.timer. Manual renewal:
certbot renew --nginx
Check Certificate Expiry
openssl x509 -in /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem -noout -dates
Restart Services
# Nginx
systemctl restart nginx
# Blockscout
cd /opt/blockscout && docker-compose restart blockscout
Next Steps
- ✅ SSL certificates installed
- ✅ Nginx configured with SSL
- ✅ Cloudflare tunnel updated to HTTPS
- ⏳ Wait for Blockscout to fully start (may take 1-2 minutes)
- ⏳ Test external access:
curl https://explorer.d-bis.org/health
✅ SSL setup is complete! Blockscout is now accessible via HTTPS.