d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/archive/status/BLOCKSCOUT_SSL_COMPLETE_STATUS.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

5.0 KiB
Raw Permalink Blame History

Blockscout SSL Setup - Complete Status

Date: December 23, 2025
Container: VMID 5000 on pve2
Status: SSL Infrastructure Complete | Blockscout Initializing

Completed Tasks

1. SSL Certificate Setup

  • Let's Encrypt Certificate: Installed successfully
    • Domain: explorer.d-bis.org
    • Valid until: March 23, 2026
    • Location: /etc/letsencrypt/live/explorer.d-bis.org/
    • Auto-renewal: Enabled via certbot.timer

2. Nginx SSL Configuration

  • HTTPS Port 443: Fully configured
    • SSL/TLS protocols: TLSv1.2, TLSv1.3
    • Modern ciphers enabled
    • Security headers: HSTS, X-Frame-Options, etc.
  • HTTP Port 80: Redirects to HTTPS (301 redirect working)
  • Reverse Proxy: Configured to proxy to Blockscout on port 4000

3. Cloudflare Tunnel

  • Tunnel Route Updated:
    • explorer.d-bis.orghttps://192.168.11.140:443
    • SSL verification disabled for internal connection
    • Route configured via Cloudflare API

4. Blockscout Configuration

  • HTTPS Protocol: Updated in docker-compose.yml
  • Hostname: Set to explorer.d-bis.org
  • Container: Running (VMID 5000 on pve2)

Current Status

Blockscout Database Migrations

Status: Database is empty, migrations need to run automatically on startup

Expected Behavior: Blockscout Docker image should automatically run database migrations when the container starts with /app/bin/blockscout start command.

Current Issue: The application starts, attempts to access the database, finds no tables, and needs to run migrations. However, it appears to be crashing before migrations complete.

Next Steps:

  1. Wait for Blockscout to complete auto-migration (may take 3-5 minutes on first startup)
  2. Monitor logs: docker logs -f blockscout from the container
  3. The application should automatically create all required tables and then start serving requests

🔧 Architecture

Internet
   ↓
Cloudflare Edge (SSL Termination)
   ↓
Cloudflare Tunnel (encrypted connection)
   ↓
cloudflared (VMID 102)
   ↓
HTTPS → https://192.168.11.140:443
   ↓
Nginx (VMID 5000, pve2) - SSL/TLS on port 443
   ↓
HTTP → http://127.0.0.1:4000
   ↓
Blockscout Container (port 4000)
   ↓
PostgreSQL Database

📋 Verification Commands

Check SSL Certificate

sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
  "openssl x509 -in /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem -noout -dates"

Check Nginx Status

sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
  "systemctl status nginx && curl -k -I https://localhost/health"

Check Blockscout Container

sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
  "docker ps | grep blockscout && docker logs --tail 50 blockscout"

Test External Access

curl -I https://explorer.d-bis.org
curl https://explorer.d-bis.org/health

🎯 Expected Behavior Once Blockscout Initializes

Once the database migrations complete (automatically):

  1. Blockscout will start serving requests
  2. HTTP 502 will change to HTTP 200
  3. External access will work: https://explorer.d-bis.org
  4. API will respond: https://explorer.d-bis.org/api/v2/status

Typical startup time: 2-5 minutes after container starts, depending on:

  • Database migration speed
  • Index creation
  • Initial blockchain sync

📝 Configuration Files

Nginx SSL Config

  • Location: /etc/nginx/sites-available/blockscout
  • HTTP (80): Redirects to HTTPS
  • HTTPS (443): Full SSL with modern ciphers

Blockscout Docker Compose

  • Location: /opt/blockscout/docker-compose.yml
  • Protocol: HTTPS
  • Host: explorer.d-bis.org
  • Port: 4000 (mapped to host)

SSL Certificates

  • Certificate: /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem
  • Private Key: /etc/letsencrypt/live/explorer.d-bis.org/privkey.pem
  • Auto-renewal: /etc/systemd/system/certbot.timer

🔄 Maintenance

Certificate Renewal

Certificates auto-renew. Manual renewal:

sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
  "certbot renew --nginx && systemctl reload nginx"

Restart Services

sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
  "cd /opt/blockscout && docker-compose restart blockscout"

Monitor Blockscout Logs

sshpass -p 'L@kers2010' ssh root@192.168.11.140 \
  "docker logs -f blockscout"

Summary

SSL Setup: 100% Complete

  • Let's Encrypt certificates installed
  • Nginx configured with HTTPS
  • Cloudflare tunnel updated to HTTPS
  • Auto-renewal configured

Blockscout Application: Initializing

  • Container running
  • Waiting for database migrations to complete
  • Should be fully operational within 5 minutes

Access Points:

  • Internal HTTPS: https://192.168.11.140 (redirect working)
  • External HTTPS: https://explorer.d-bis.org (waiting for Blockscout)

All SSL infrastructure is complete! Once Blockscout finishes initializing, HTTPS will work fully. 🎉

Reference in New Issue View Git Blame Copy Permalink