d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/scripts/archive/consolidated/deploy/deploy-complete-nginx-config.sh
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

598 lines
19 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
# Deploy complete Nginx configuration to VMID 105
# Handles all domains with path-based routing
set -euo pipefail
# Load IP configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }
log_error() { echo -e "${RED}[✗]${NC} $1"; }
PROXMOX_HOST="${PROXMOX_HOST:-192.168.11.10}"
VMID_NGINX=105
NGINX_CONFIG_FILE="/etc/nginx/sites-available/public-services"
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔧 Deploy Complete Nginx Configuration"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
log_info "Proxmox Host: $PROXMOX_HOST"
log_info "Nginx VMID: $VMID_NGINX"
log_info "Config File: $NGINX_CONFIG_FILE"
echo ""
# Generate complete Nginx configuration
generate_nginx_config() {
cat << 'NGINX_CONFIG_EOF'
# Complete Nginx Configuration for All Public Services
# Single Public IP (76.53.10.35) → Nginx → Backend Services
# Generated: 2026-01-09
# ============================================
# RPC Services
# ============================================
# ThirdWeb RPC (defi-oracle.io domain)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rpc.public-0138.defi-oracle.io;
ssl_certificate /etc/letsencrypt/live/rpc.public-0138.defi-oracle.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rpc.public-0138.defi-oracle.io/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass https://${RPC_THIRDWEB_PRIMARY}:443;
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffering off;
}
}
# RPC Public HTTP
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rpc-http-pub.d-bis.org;
ssl_certificate /etc/letsencrypt/live/rpc-http-pub.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rpc-http-pub.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass https://${RPC_ALI_2:-${RPC_ALI_2:-${RPC_ALI_2:-${RPC_ALI_2:-192.168.11.252}}}}:443;
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffering off;
}
}
# RPC Public WebSocket
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rpc-ws-pub.d-bis.org;
ssl_certificate /etc/letsencrypt/live/rpc-ws-pub.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rpc-ws-pub.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass https://${RPC_ALI_2:-${RPC_ALI_2:-${RPC_ALI_2:-${RPC_ALI_2:-192.168.11.252}}}}:443;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
}
# RPC Private HTTP
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rpc-http-prv.d-bis.org;
ssl_certificate /etc/letsencrypt/live/rpc-http-prv.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rpc-http-prv.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass https://${RPC_ALI_1:-${RPC_ALI_1:-${RPC_ALI_1:-${RPC_ALI_1:-192.168.11.251}}}}:443;
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
}
# RPC Private WebSocket
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rpc-ws-prv.d-bis.org;
ssl_certificate /etc/letsencrypt/live/rpc-ws-prv.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rpc-ws-prv.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass https://${RPC_ALI_1:-${RPC_ALI_1:-${RPC_ALI_1:-${RPC_ALI_1:-192.168.11.251}}}}:443;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
}
# ============================================
# Explorer
# ============================================
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name explorer.d-bis.org;
ssl_certificate /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/explorer.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://${IP_BLOCKSCOUT}:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ============================================
# DBIS Core Services
# ============================================
# DBIS Admin
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dbis-admin.d-bis.org;
ssl_certificate /etc/letsencrypt/live/dbis-admin.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dbis-admin.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://${IP_DBIS_FRONTEND:-${IP_SERVICE_13:-${IP_SERVICE_13:-${IP_SERVICE_13:-192.168.11.13}}}0}:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# DBIS API Primary
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dbis-api.d-bis.org;
ssl_certificate /etc/letsencrypt/live/dbis-api.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dbis-api.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://${IP_DBIS_API:-192.168.11.155}:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# DBIS API Secondary
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dbis-api-2.d-bis.org;
ssl_certificate /etc/letsencrypt/live/dbis-api-2.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dbis-api-2.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://${IP_DBIS_API_2:-192.168.11.156}:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# DBIS Secure Portal (Path-based routing)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name secure.d-bis.org;
ssl_certificate /etc/letsencrypt/live/secure.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/secure.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# Admin portal (path-based)
location /admin {
proxy_pass http://${IP_DBIS_FRONTEND:-${IP_SERVICE_13:-${IP_SERVICE_13:-${IP_SERVICE_13:-192.168.11.13}}}0}:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# User API endpoint (path-based)
location /api {
proxy_pass http://${IP_DBIS_API:-192.168.11.155}:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# Graph endpoint (path-based)
location /graph {
proxy_pass http://${IP_DBIS_API:-192.168.11.155}:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# User portal (default)
location / {
proxy_pass http://${IP_DBIS_FRONTEND:-${IP_SERVICE_13:-${IP_SERVICE_13:-${IP_SERVICE_13:-192.168.11.13}}}0}:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ============================================
# MIM4U Services
# ============================================
# MIM4U Main Site
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mim4u.org www.mim4u.org;
ssl_certificate /etc/letsencrypt/live/mim4u.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mim4u.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# Admin portal (path-based)
location /admin {
proxy_pass http://192.168.11.19:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Main site (default)
location / {
proxy_pass http://192.168.11.19:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# MIM4U Secure Portal
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name secure.mim4u.org;
ssl_certificate /etc/letsencrypt/live/secure.mim4u.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/secure.mim4u.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://192.168.11.19:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# MIM4U Training Portal
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name training.mim4u.org;
ssl_certificate /etc/letsencrypt/live/training.mim4u.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/training.mim4u.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://192.168.11.19:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ============================================
# Sankofa Services (sankofa.nexus)
# ============================================
# Sankofa Main Website
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sankofa.nexus www.sankofa.nexus;
ssl_certificate /etc/letsencrypt/live/sankofa.nexus/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sankofa.nexus/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# API endpoint (path-based)
location /api {
proxy_pass http://10.160.0.10:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# Main portal (default)
location / {
proxy_pass http://10.160.0.11:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# Phoenix Website
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name phoenix.sankofa.nexus www.phoenix.sankofa.nexus;
ssl_certificate /etc/letsencrypt/live/phoenix.sankofa.nexus/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/phoenix.sankofa.nexus/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# API endpoint (path-based)
location /api {
proxy_pass http://10.160.0.XX:4000; # Update with Phoenix API IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# Main portal (default)
location / {
proxy_pass http://10.160.0.XX:3000; # Update with Phoenix portal IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# The Order Portal
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name the-order.sankofa.nexus;
ssl_certificate /etc/letsencrypt/live/the-order.sankofa.nexus/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/the-order.sankofa.nexus/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://10.160.0.XX:3000; # Update with The Order portal IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# ============================================
# HTTP to HTTPS Redirect (All Domains)
# ============================================
server {
listen 80;
listen [::]:80;
server_name
# RPC Services
rpc.public-0138.defi-oracle.io
rpc-http-pub.d-bis.org rpc-ws-pub.d-bis.org
rpc-http-prv.d-bis.org rpc-ws-prv.d-bis.org
# Explorer
explorer.d-bis.org
# DBIS Services
dbis-admin.d-bis.org dbis-api.d-bis.org dbis-api-2.d-bis.org
secure.d-bis.org
# MIM4U
mim4u.org www.mim4u.org secure.mim4u.org training.mim4u.org
# Sankofa/Phoenix
sankofa.nexus www.sankofa.nexus
phoenix.sankofa.nexus www.phoenix.sankofa.nexus
the-order.sankofa.nexus;
return 301 https://$host$request_uri;
}
NGINX_CONFIG_EOF
}
# Deploy configuration
deploy_config() {
log_info "Generating Nginx configuration..."
# Create config file on Nginx server
generate_nginx_config | ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" \
"pct exec $VMID_NGINX -- tee $NGINX_CONFIG_FILE > /dev/null"
if [ $? -eq 0 ]; then
log_success "Configuration file created"
else
log_error "Failed to create configuration file"
return 1
fi
# Enable site
log_info "Enabling Nginx site..."
ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" \
"pct exec $VMID_NGINX -- ln -sf $NGINX_CONFIG_FILE /etc/nginx/sites-enabled/public-services" 2>/dev/null || true
# Test configuration
log_info "Testing Nginx configuration..."
test_result=$(ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" \
"pct exec $VMID_NGINX -- nginx -t 2>&1")
if echo "$test_result" | grep -q "syntax is ok"; then
log_success "Nginx configuration is valid"
# Reload Nginx
log_info "Reloading Nginx..."
ssh -o StrictHostKeyChecking=no root@"$PROXMOX_HOST" \
"pct exec $VMID_NGINX -- systemctl reload nginx"
if [ $? -eq 0 ]; then
log_success "Nginx reloaded successfully"
return 0
else
log_error "Failed to reload Nginx"
return 1
fi
else
log_error "Nginx configuration test failed"
echo "$test_result"
return 1
fi
}
# Main execution
main() {
if deploy_config; then
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
log_success "✅ Nginx Configuration Deployed"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
log_warn "⚠️ Note: Update placeholder IPs for Phoenix and The Order services"
log_warn "⚠️ Note: Obtain SSL certificates for all domains"
echo ""
log_info "Next steps:"
echo " 1. Update Phoenix and The Order IPs in config"
echo " 2. Obtain Let's Encrypt certificates"
echo " 3. Test all endpoints"
echo ""
else
log_error "Deployment failed"
exit 1
fi
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink