proxmox/docs/04-configuration

Configuration & Setup

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

---

This directory contains setup and configuration guides.

Master documentation (source of truth for URLs/VMIDs): MASTER_DOCUMENTATION_INDEX.md — Use ALL_VMIDS_ENDPOINTS.md and RPC_ENDPOINTS_MASTER.md as the Bible when fixing placeholders or domain → VMID:port; only explorer.d-bis.org → 192.168.11.140.

Documents

• MCP_SETUP.md ⭐⭐ - MCP Server configuration for Claude Desktop

• ENV_STANDARDIZATION.md ⭐⭐ - Environment variable standardization

• CREDENTIALS_CONFIGURED.md ⭐ - Credentials configuration guide

• SECRETS_KEYS_CONFIGURATION.md ⭐⭐ - Secrets and keys management

• SSH_SETUP.md ⭐ - SSH key setup and configuration

• FINALIZE_TOKEN.md ⭐ - Token finalization guide

• cloudflare/ ⭐⭐⭐ - Cloudflare configuration documentation

• CLOUDFLARE_CREDENTIALS_BOTH_METHODS.md ⭐⭐ - API token vs email+key; Certbot one method per file

• NPMPLUS_CERTBOT_CLOUDNS_CREDENTIALS.md ⭐ - ClouDNS credentials from .env for NPMplus Certbot DNS challenge

• NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md - Snapshot of NPMplus proxy destinations (IP:port) and VMID mapping (March 2026)

• NPMPLUS_CUSTOM_NGINX_CONFIG.md - NPMplus custom config: proxy variables, security headers (CSP with unsafe-eval for ethers.js), and caveat (do not add location '/')

• NPMPLUS_UI_APIERROR_400_RUNBOOK.md - NPMplus UI ApiError 400 on dashboard load: find failing request, test API with curl, logs, fixes

• E2E_DNS_FROM_LAN_RUNBOOK.md - Run E2E domain sweep from LAN when public DNS is unavailable: /etc/hosts option, DNS path, or bastion

• E2E_ENDPOINTS_LIST.md - All E2E verification endpoints (domain, type, URL); list from CLI: ./scripts/verify/verify-end-to-end-routing.sh --list-endpoints --profile=public

• PROXMOX_LOAD_BALANCING_RUNBOOK.md - Balance Proxmox load: migrate containers from r630-01 to r630-02/ml110; candidates, script, cluster vs backup/restore

• PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md - Add 3rd/4th R630 before migration? r630-03/04 status, HA/Ceph (3–4 nodes), order of operations

• ER605_ROUTER_CONFIGURATION.md ⭐⭐ - ER605 router configuration

• OMADA_API_SETUP.md ⭐⭐ - Omada API integration setup

• OMADA_HARDWARE_CONFIGURATION_REVIEW.md ⭐⭐⭐ - Comprehensive Omada hardware and configuration review

• UNIFI_API_SETUP.md ⭐⭐ - UniFi Local API integration setup

• SITE_MANAGER_API_SETUP.md ⭐⭐ - UniFi Site Manager Cloud API integration setup

• UNIFI_API_COMPARISON.md ⭐⭐ - Comparison guide for all UniFi API types

• UNIFI_ENDPOINTS_REFERENCE.md ⭐⭐ - UniFi Local API endpoints reference

• UNIFI_CONFIGURATION_STATUS.md ⭐ - UniFi UDM Pro configuration status and API availability

• UDM_PRO_STATUS.md ⭐⭐⭐ - Single source of truth for UDM Pro configuration status (completed/remaining tasks, progress tracking, key identifiers)

• UDM_PRO_CONFIGURATION_CHECKLIST.md ⭐⭐⭐ - Complete UDM Pro configuration checklist (35 tasks)

• UDM_PRO_API_ENDPOINT_EXPLORATION.md ⭐⭐ - API endpoint exploration and availability testing

• UDM_PRO_API_FIREWALL_ENDPOINTS.md ⭐⭐⭐ - Firewall/ACL API endpoints documentation and configuration examples

• UDM_PRO_FIREWALL_API_LIMITATIONS.md ⭐⭐ - Firewall API limitations and workarounds

• UDM_PRO_FIREWALL_MANUAL_CONFIGURATION.md ⭐⭐⭐ - Manual firewall configuration guide for complex rules

• UDM_PRO_COMPLETE_MANUAL_GUIDE.md ⭐⭐⭐ - Complete manual configuration guide (all remaining tasks)

• UDM_PRO_DHCP_RESERVATIONS_GUIDE.md ⭐⭐⭐ - DHCP static IP reservations configuration guide

• UDM_PRO_PORT_PROFILES_GUIDE.md ⭐⭐⭐ - Port profiles and VLAN trunking configuration guide

• UDM_PRO_SYSTEM_SETTINGS_GUIDE.md ⭐⭐ - System settings configuration guide (hostname, timezone, NTP, backups)

• UDM_PRO_FIREWALL_MANUAL_CONFIGURATION.md ⭐⭐⭐ - Manual firewall configuration guide (sovereign tenant isolation)

• cloudflare/CLOUDFLARE_ZERO_TRUST_GUIDE.md ⭐⭐ - Cloudflare Zero Trust integration

• cloudflare/CLOUDFLARE_DNS_TO_CONTAINERS.md ⭐⭐⭐ - Mapping Cloudflare DNS to Proxmox LXC containers

• cloudflare/CLOUDFLARE_DNS_SPECIFIC_SERVICES.md ⭐⭐⭐ - DNS configuration for Mail (100), RPC (2502), and Solace (300X)

• Fireblocks Web3: Submodule fireblocks-integration/ (Gitea: d-bis/fireblocks-integration) — Dedicated RPC (VMID 2301), Console/SDK docs, .env.example. In-repo copy: FIREBLOCKS_WEB3_INTEGRATION.md (operator/hosting ref).

Price feed (MetaMask and all wallets):

• PRICE_FEED_CHAIN138_METAMASK_AND_WALLETS.md ⭐⭐⭐ - Single reference for adding Chain 138 USD prices to MetaMask and wallets: CoinGecko, CMC, Consensys outreach, on-chain oracle, Snap workaround.

Explorer tokens and GRU:

• EXPLORER_TOKENS_GRU_POLICY.md ⭐⭐ - Policy: all c* tokens on explorer.d-bis.org/tokens must be registered as GRU; token list and registration steps.
• C_TO_CW_MAPPER_MAPPING.md ⭐⭐ - c* → cW* mapping for mapper: symbol mapping and per-chain address mapping in config/token-mapping-multichain.json.

DEX and aggregators (Chain 138 tokens and routing):

• DEX_AND_AGGREGATORS_CHAIN138_EXPLAINER.md ⭐⭐⭐ - Using DEX and aggregators with Chain 138 coins/tokens; routing for DEXs; token-aggregation API, DODO PMM, swap–bridge–swap flows.

Chain 138 / Wallets (overview first; all repos in ~/projects/):

• CHAIN138_WALLET_REPOSITORIES.md ⭐⭐⭐ - Canonical layout: metamask-integration, LedgerLive, app-ethereum, TrustWallet-Integration each in ~/projects/. All items Yes / Completed.
• CHAIN138_WALLET_ECOSYSTEM_AND_RATIONALE.md ⭐⭐⭐ - Why we have the MetaMask Snap, why we need Ledger Live when we already use App-Ethereum, Trust Wallet support; links to all wallet docs.
• ADD_CHAIN138_TO_LEDGER_LIVE.md ⭐⭐ - Add Defi Oracle Meta Mainnet (Chain 138) to Ledger Live (request + materials).
• ADD_CHAIN138_TO_TRUST_WALLET.md ⭐⭐ - Add Chain 138 to Trust Wallet (user manual add via Chainlist; official Wallet Core PR steps; materials in ~/projects/TrustWallet-Integration).
• CHAIN138_WALLET_PROJECTS_COMPLETION_REVIEW.md ⭐⭐ - Completion and test review: all four projects verified; MetaMask E2E 7/7 + Snap unit tests pass; Ledger/app-ethereum/Trust status.

Decision tree (which VLAN, service, deployment path): CONFIGURATION_DECISION_TREE.md (local); canonical version with deployment paths: ../10-best-practices/CONFIGURATION_DECISION_TREE.md.

• FIXES_PREPARED.md ⭐⭐⭐ - Single checklist of all fixes (required + optional) with copy-paste commands: UDM Pro Alltra/HYBX port forward, Alltra/HYBX 502 diagnosis, NPMplus certs, Explorer SSL, shellcheck, verification re-run.
• FULL_FIXES_PREPARED.md ⭐⭐⭐ - Consolidated full fixes: validators & block production, stuck tx, Sentries (1503/1504), RPCs (2301, 2402, 2503–2508), UDM Pro, Alltra/HYBX 502, optional (certs, Explorer SSL, shellcheck, verification). Master table + execution order.

Smart contracts & ISO-20022 / Fin messaging:

• SMART_CONTRACTS_ISO20022_FIN_METHODOLOGY.md ⭐⭐⭐ - Methodology for smart contracts to accept ISO-20022 and SWIFT Fin messages: canonical format, mapping, validation, and contract interface.
• ISO20022_INTAKE_GATEWAY_CONTRACT_MULTI_NETWORK.md ⭐⭐⭐ - How the intake/gateway contract receives ISO messages on different blockchain networks: relayer vs cross-chain (CCIP), same address (CREATE2), per-chain config.
• GRU_M00_DIAMOND_INSTITUTIONAL_SPEC.md ⭐⭐⭐ - GRU M00 Diamond institutional spec (§1–§8): topology, storage, facets, governance, markets, Pattern A/B, minimum checklist; token model A and Pattern A locked.
• GRU_M00_DIAMOND_FACET_MAP.md ⭐⭐⭐ - GRU M00 Diamond (ERC-2535) Token Factory: facet map, storage namespaces, governance levels 0–5, canonical symbol grammar (c/a/d, W rules). Whitepaper-ready.
• GRU_M00_DIAMOND_REVIEW_GAPS_AND_RECOMMENDATIONS.md ⭐⭐⭐ - Detailed review: missing components, functional wire-ins, naming alignment (a/d vs ac/vdc/sdc), checklist and recommendations.
• GRU_M00_DIAMOND_DOCS_REVIEW_GAPS_AND_INCONSISTENCIES.md ⭐⭐ - Review of all GRU M00 Diamond docs: missing refs, link consistency, terminology, and follow-up list.
• DBIS Rail Technical Spec v1 ⭐⭐⭐ - Bank-rail settlement and GRU mint orchestration on Chain 138: RootRegistry, ParticipantRegistry, SignerRegistry, SettlementRouter, GRU_MintController, MintAuth lifecycle, EIP-712 signer quorum (3-of-5), replay protection, and audit events.
• DBIS Rail Rulebook v1 ⭐⭐⭐ - Operational and compliance policy: good funds matrix, finality triggers per rail (wire/ACH/cash/internal), accounting sequence and deterministic accountingRef, MintAuth preconditions, reversal and exception handling, signer revocation timing, incident controls, audit and reporting standards.
• DBIS Rail Security Threat Model v1 ⭐⭐⭐ - Trust boundaries, authorization/ledger/router/mint/validator/off-chain threat categories, severity classification, mitigations, residual risk, versioning and review cycle.
• DBIS Rail Regulator-Facing Brief v1 ⭐⭐⭐ - Institutional narrative for banks, examiners, counsel, risk committees: overview, governance, settlement lifecycle, good funds and finality, controls, risk posture, audit, residual risk disclosure, amendment process.
• DBIS Rail Audit Readiness Checklist v1 ⭐⭐⭐ - Pre-audit control verification: mint path, authorization, signer governance, accounting/evidence, router controls, validator layer, emergency controls, documentation integrity.
• DBIS Rail Audit Readiness Results v1 ⭐⭐ - Baseline checklist run: status per section, gaps, and prioritized remediation (rail contracts, mint path lock, tests, ops).
• DBIS Rail Control Mapping v1 ⭐⭐ - Control IDs mapped to checklist, Spec, Rulebook, and Threat Model for audit and SOC 2 / ISO 27001 alignment.
• DBIS Rail and Project Completion Master v1 ⭐⭐ - Project and deployment status; full task list (required and optional) for DBIS Rail and project completion.
• Implementation coordination (transcript 540ae663) ⭐⭐ - Coordinate implementations with PMM/DEX, tokens, GRU, cW*, deployments; maps Completion Master tasks to done/partial/open.
• DBIS Rail Ledger Attestation Add-On v1.5 ⭐⭐ - LPA state machine, reversal matrix, signer effectiveFromBlock/revokedAtBlock mandatory.
• DBIS Rail Conversion Router Spec v1.5 ⭐⭐ - SwapAuth, best execution/MEV, quote provenance, venue allowlist, sanctions/AML for swaps.
• DBIS Rail Stablecoin Policy v1.5 ⭐⭐ - Canonical stablecoin definition, registry, routing and monitoring.
• DBIS Rail Hash Canonicalization and Test Vectors v1.5 ⭐⭐ - LEB/LPA/ISO schemas, canonicalization rules, test vectors.

Mainnet liquidity & ramps (priority):

• MAINNET_RAMP_USER_FLOWS.md ⭐⭐ - On-ramp (buy on mainnet → bridge to 138) and off-ramp (138→mainnet → sell) user flows. Companion/dApp link target.
• Priority plan: MAINNET_LIQUIDITY_AND_RAMPS_PRIORITY.md - Obtain liquid on mainnet (fund LP + relay bridge), then wire off/on-ramps.

Explorer (explorer.d-bis.org):

• EXPLORER_FUNCTIONALITY_REVIEW.md - Routes, API URLs, contract verification, Snap send HTTPS.
• EXPLORER_GAPS_AND_RECOMMENDATIONS.md - Loading on all pages, bridge/lanes, Verify & Publish (UI) and batch verification (Forge + proxy), user/API key issuance, operator checklist.
• EXPLORER_WALLET_LINK_QUICK_WIN.md — Add Wallet link to explorer navbar (quick win runbook)
• EXPLORER_TROUBLESHOOTING.md - SSL, NPMplus, 502/verification failures, common errors.
• Contract verification (Forge + Blockscout): ../08-monitoring/BLOCKSCOUT_VERIFICATION_GUIDE.md — proxy, manual UI, 502/HTML troubleshooting.

Quick Reference

Initial Setup:

1. MCP_SETUP.md - Configure MCP Server
2. ENV_STANDARDIZATION.md - Standardize environment variables
3. CREDENTIALS_CONFIGURED.md - Configure credentials

Network Configuration:

1. Edge: UDM Pro (76.53.10.34, replaced ER605). Port forward 76.53.10.36:80/443 → 192.168.11.167 (NPMplus). Proxmox hosts: 192.168.11.10–12. NPMplus: .166 and .167; only .167 in UDM Pro. See ../11-references/NETWORK_CONFIGURATION_MASTER.md.
2. ER605_ROUTER_CONFIGURATION.md - ER605 reference (replaced by UDM Pro)
3. CLOUDFLARE_ZERO_TRUST_GUIDE.md - Set up Cloudflare Zero Trust

Related Documentation

• ../01-getting-started/ - Getting started
• ../02-architecture/ - Architecture reference
• ../05-network/ - Network infrastructure