proxmox/reports/COMPLETE_DEPLOYMENT_SCRIPTS_READY.md

Complete Deployment Scripts - Ready

Date: 2026-01-09
Status: ✅ All Scripts Created and Ready

---

Summary

All automation scripts for the complete direct public IP routing deployment have been created and are ready to use. This replaces Cloudflare tunnels with stable NAT-based routing.

---

Scripts Created (7 Total)

1. DNS Update Scripts

update-all-dns-to-public-ip.sh

• Purpose: Updates all Cloudflare DNS records to point to 76.53.10.35
• Features: Multi-zone support, smart record management, DNS only mode
• Status: ✅ Ready

get-cloudflare-zone-ids.sh

• Purpose: Retrieves Cloudflare Zone IDs for all domains
• Features: Interactive credential input, formatted output
• Status: ✅ Ready

verify-dns-resolution.sh

• Purpose: Verifies all domains resolve to expected IP
• Features: Tests multiple DNS servers, detailed reporting
• Status: ✅ Ready

---

2. Network Configuration Scripts

configure-er605-nat-rules.sh

• Purpose: Generates ER605 NAT rule configuration
• Features: Detailed rule specifications, firewall guidance
• Status: ✅ Ready
• Note: Manual application required in Omada Controller

---

3. Nginx Configuration Scripts

deploy-complete-nginx-config.sh

• Purpose: Deploys complete Nginx configuration to VMID 105
• Features: Complete config for all 19 domains, path-based routing
• Status: ✅ Ready
• Note: Update placeholder IPs for Phoenix and The Order

---

4. SSL Certificate Scripts

obtain-all-ssl-certificates.sh

• Purpose: Obtains Let's Encrypt certificates for all domains
• Features: Automatic certbot installation, batch processing
• Status: ✅ Ready
• Requirements: DNS + NAT must be configured first

---

5. Orchestration Script

deploy-complete-solution.sh

• Purpose: Orchestrates all deployment steps
• Features: Step-by-step execution, error handling, progress tracking
• Status: ✅ Ready

---

Quick Start

Option 1: Automated (Recommended)

cd /home/intlc/projects/proxmox
./scripts/deploy-complete-solution.sh

Option 2: Manual Step-by-Step

# Step 1: Get Zone IDs
./scripts/get-cloudflare-zone-ids.sh

# Step 2: Add Zone IDs to .env file
# Edit .env and add:
# CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS=...
# CLOUDFLARE_ZONE_ID_D_BIS_ORG=...
# CLOUDFLARE_ZONE_ID_MIM4U_ORG=...
# CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO=...

# Step 3: Update DNS
./scripts/update-all-dns-to-public-ip.sh

# Step 4: Verify DNS
./scripts/verify-dns-resolution.sh

# Step 5: Configure ER605 NAT (manual)
./scripts/configure-er605-nat-rules.sh
# Then configure in Omada Controller

# Step 6: Deploy Nginx
./scripts/deploy-complete-nginx-config.sh

# Step 7: Get SSL Certificates
export SSL_EMAIL=your-email@example.com
./scripts/obtain-all-ssl-certificates.sh

---

Configuration Files

.env File Requirements

# Public IP
PUBLIC_IP=76.53.10.35

# Cloudflare Authentication (choose one)
CLOUDFLARE_API_TOKEN=your-token-here
# OR
CLOUDFLARE_EMAIL=your-email@example.com
CLOUDFLARE_API_KEY=your-api-key-here

# Zone IDs (get from get-cloudflare-zone-ids.sh)
CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS=your-zone-id
CLOUDFLARE_ZONE_ID_D_BIS_ORG=your-zone-id
CLOUDFLARE_ZONE_ID_MIM4U_ORG=your-zone-id
CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO=your-zone-id

---

Domains Configured (19 Total)

sankofa.nexus (5)

• sankofa.nexus
• www.sankofa.nexus
• phoenix.sankofa.nexus
• www.phoenix.sankofa.nexus
• the-order.sankofa.nexus

d-bis.org (9)

• rpc-http-pub.d-bis.org
• rpc-ws-pub.d-bis.org
• rpc-http-prv.d-bis.org
• rpc-ws-prv.d-bis.org
• explorer.d-bis.org
• dbis-admin.d-bis.org
• dbis-api.d-bis.org
• dbis-api-2.d-bis.org
• secure.d-bis.org

mim4u.org (4)

• mim4u.org
• www.mim4u.org
• secure.mim4u.org
• training.mim4u.org

defi-oracle.io (1)

• rpc.public-0138.defi-oracle.io

---

Architecture

Internet
  ↓
Cloudflare DNS (DNS Only - Gray Cloud)
  ↓
76.53.10.35 (Single Public IP)
  ↓
ER605 NAT (443 → 192.168.11.26:443)
  ↓
Nginx VMID 105 (Hostname-based routing)
  ↓
Backend Services

---

Deployment Checklist

• Get Cloudflare Zone IDs (get-cloudflare-zone-ids.sh)
• Add Zone IDs to .env file
• Update Cloudflare DNS (update-all-dns-to-public-ip.sh)
• Verify DNS resolution (verify-dns-resolution.sh)
• Configure ER605 NAT rules (manual, use configure-er605-nat-rules.sh output)
• Deploy Nginx configuration (deploy-complete-nginx-config.sh)
• Update Phoenix and The Order IPs in Nginx config
• Obtain SSL certificates (obtain-all-ssl-certificates.sh)
• Test all endpoints
• Monitor logs for issues

---

Documentation

1. Complete Deployment Guide: docs/04-configuration/COMPLETE_DEPLOYMENT_GUIDE.md

   • Step-by-step instructions
   • Troubleshooting guide
   • Architecture details

2. DNS Update Script Guide: docs/04-configuration/DNS_UPDATE_SCRIPT_GUIDE.md

   • DNS script usage
   • Configuration details
   • Verification steps

3. Quick Reference: scripts/update-all-dns-to-public-ip.README.md

   • Quick start guide
   • Domain list

---

Next Steps

1. Run Zone ID Lookup:

   ./scripts/get-cloudflare-zone-ids.sh
   

2. Add Zone IDs to .env:

   • Edit .env file
   • Add all Zone IDs

3. Run Complete Deployment:

   ./scripts/deploy-complete-solution.sh
   

4. Or Run Steps Manually:

   • Follow the step-by-step guide in COMPLETE_DEPLOYMENT_GUIDE.md

---

Script Locations

All scripts are in: /home/intlc/projects/proxmox/scripts/

• update-all-dns-to-public-ip.sh
• get-cloudflare-zone-ids.sh
• verify-dns-resolution.sh
• configure-er605-nat-rules.sh
• deploy-complete-nginx-config.sh
• obtain-all-ssl-certificates.sh
• deploy-complete-solution.sh

---

Support

For issues or questions:

1. Check COMPLETE_DEPLOYMENT_GUIDE.md troubleshooting section
2. Review script output for error messages
3. Check logs: Nginx (/var/log/nginx/error.log), DNS (Cloudflare dashboard)

---

Status: ✅ All Scripts Ready - Ready to Deploy