fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
6.1 KiB
6.1 KiB
MIM4U.ORG DNS & NPMplus Proxy Configuration
Date: 2026-01-20
Status: ✅ FULLY CONFIGURED
Summary
The DNS and proxy configuration for mim4u.org is correctly set up:
- DNS points to NPMplus (via public IP
76.53.10.36) - NPMplus handles SSL certificates and terminates HTTPS
- NPMplus proxies to nginx on VMID 7810 (
192.168.11.37:80)
Current Configuration
1. DNS Configuration (Cloudflare)
| Domain | Type | Target | Proxy Status | TTL |
|---|---|---|---|---|
mim4u.org |
A | 76.53.10.36 |
DNS Only | Auto |
www.mim4u.org |
A | 76.53.10.36 |
DNS Only | Auto |
secure.mim4u.org |
A | 76.53.10.36 |
DNS Only | Auto |
training.mim4u.org |
A | 76.53.10.36 |
DNS Only | Auto |
DNS Resolution Verified:
$ dig +short mim4u.org
76.53.10.36
2. Port Forwarding (UDM Pro)
| Service | Public IP:Port | Internal IP:Port | Protocol | Status |
|---|---|---|---|---|
| HTTPS | 76.53.10.36:443 |
192.168.11.166:443 |
TCP | ✅ Configured |
| HTTP | 76.53.10.36:80 |
192.168.11.166:80 |
TCP | ✅ Configured |
NPMplus Container:
- VMID: 10233
- Host: r630-01 (192.168.11.11)
- Internal IP: 192.168.11.166
- Management UI: https://192.168.11.166:81
3. NPMplus Proxy Configuration
Proxy Host ID: 17
Domain: mim4u.org
SSL Certificate: npm-50 (Certbot Let's Encrypt)
Configuration:
server_name mim4u.org;
ssl_certificate /data/tls/certbot/live/npm-50/fullchain.pem;
ssl_certificate_key /data/tls/certbot/live/npm-50/privkey.pem;
proxy_pass http://192.168.11.37:80$request_uri;
Additional Domains (Same Proxy Host):
www.mim4u.org→ Same proxy (redirect configured)secure.mim4u.org→ Same proxy (separate proxy host ID: 19)training.mim4u.org→ Same proxy (separate proxy host ID: 20)
SSL Features Enabled:
- ✅ HSTS (HTTP Strict Transport Security)
- ✅ Force HTTPS redirect
- ✅ Brotli compression
- ✅ Security headers (CSP, X-Frame-Options, etc.)
4. Backend Nginx (VMID 7810)
VM Details:
- VMID: 7810
- Hostname: mim-web-1
- Host: r630-02 (192.168.11.12)
- Internal IP: 192.168.11.37
- Port: 80 (HTTP)
Nginx Status:
- ✅ Installed: nginx 1.18.0
- ✅ Service: Running and enabled
- ✅ Listening: Port 80
- ✅ Web root:
/var/www/html
Verification:
$ ssh root@192.168.11.12 "pct exec 7810 -- systemctl status nginx"
Active: active (running)
Complete Traffic Flow
Internet User
↓
↓ DNS Query: mim4u.org
↓
Cloudflare DNS (76.53.10.36)
↓
↓ HTTPS Request: https://mim4u.org
↓
UDM Pro Port Forwarding (76.53.10.36:443)
↓
↓ Forwards to: 192.168.11.166:443
↓
NPMplus (192.168.11.166:443)
├─ SSL Termination (Certbot certificate)
├─ Security Headers Added
├─ HSTS Enforced
└─ Proxy Pass: http://192.168.11.37:80
↓
↓ HTTP Request (internal)
↓
nginx on VMID 7810 (192.168.11.37:80)
├─ Serves static files from /var/www/html
└─ Returns response
↓
↓ (Response path reverses)
↓
Internet User (HTTPS response)
Configuration Verification
Test DNS Resolution
dig +short mim4u.org
# Expected: 76.53.10.36
Test NPMplus SSL Certificate
curl -vI https://mim4u.org 2>&1 | grep -E "(certificate|SSL|TLS)"
Test Internal Proxy (from NPMplus)
ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus curl -I http://192.168.11.37/"
Test Backend Nginx (from Proxmox host)
ssh root@192.168.11.12 "pct exec 7810 -- curl -I http://localhost/"
Test End-to-End (External)
curl -I https://mim4u.org
# Expected: HTTP/2 200 or 301/302 redirect
Related Domains
All MIM4U domains are configured with the same backend:
| Domain | NPMplus Proxy Host ID | Backend | Status |
|---|---|---|---|
mim4u.org |
17 | 192.168.11.37:80 | ✅ Active |
secure.mim4u.org |
19 | 192.168.11.37:80 | ✅ Active |
training.mim4u.org |
20 | 192.168.11.37:80 | ✅ Active |
Note: www.mim4u.org is handled by the same proxy host (ID 17) via server_name configuration.
Update Configuration
To update the NPMplus proxy host configuration:
cd /home/intlc/projects/proxmox
bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh
This script updates all proxy hosts, including mim4u.org (confirmed pointing to 192.168.11.37:80).
SSL Certificate Management
SSL certificates are managed by Certbot within NPMplus:
- Certificate ID: npm-50
- Provider: Let's Encrypt
- Auto-renewal: Enabled
- Certificate Location:
/data/tls/certbot/live/npm-50/
To manually renew certificates:
ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus certbot renew"
Troubleshooting
Issue: DNS not resolving
Check:
dig +short mim4u.org
# Should return: 76.53.10.36
Issue: SSL certificate invalid
Check:
curl -vI https://mim4u.org 2>&1 | grep -i certificate
Issue: Cannot reach backend nginx
Check:
# From NPMplus container
ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus curl -I http://192.168.11.37/"
# From Proxmox host
ssh root@192.168.11.12 "pct exec 7810 -- systemctl status nginx"
Issue: Port forwarding not working
Verify UDM Pro port forwarding rules:
- Public IP: 76.53.10.36:443 → Internal: 192.168.11.166:443
- Public IP: 76.53.10.36:80 → Internal: 192.168.11.166:80
Related Documentation
reports/VMID_7810_NGINX_INSTALLATION_COMPLETE.md- Nginx installation detailsreports/VMID_7810_NETWORK_TEST_RESULTS_FINAL.md- Network connectivity testsdocs/04-configuration/NGINX_PUBLIC_IP_CONFIGURATION.md- Public IP configurationscripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh- Proxy update script
Configuration Status: ✅ COMPLETE AND VERIFIED
Last Verified: 2026-01-20