d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3f76bc950779f8c1a4403abddb952cdbce5fa420
proxmox/docs/04-configuration/NGINX_PROXY_MANAGER_SSL_CONFIGURATION.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

7.1 KiB
Raw Blame History

Nginx Proxy Manager SSL Configuration Guide

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2026-01-09
Status: Configuration Script Created
NPM URL: http://192.168.11.26:81

Overview

This guide provides instructions for configuring SSL certificates for all 19 domains in Nginx Proxy Manager using Let's Encrypt.

Prerequisites

  1. Nginx Proxy Manager Access

    • URL: http://192.168.11.26:81
    • Admin credentials required

  2. DNS Configuration

    • All domains must resolve to 76.53.10.36
    • DNS propagation complete (verified )

  3. Port Forwarding

    • HTTP (80) and HTTPS (443) forwarded to 192.168.11.26
    • UDM Pro port forwarding configured

  4. Environment Variables

    • NPM_URL: Nginx Proxy Manager URL (default: http://192.168.11.26:81)
    • NPM_EMAIL: Admin email for Let's Encrypt
    • NPM_PASSWORD: Admin password

Automated Configuration

Option 1: Browser Automation Script

A Playwright script is available to automate the configuration:

cd /home/intlc/projects/proxmox
NPM_EMAIL=your-email@example.com NPM_PASSWORD=your-password \
  node scripts/nginx-proxy-manager/configure-ssl-all-domains.js

Environment Variables:

export NPM_URL="http://192.168.11.26:81"
export NPM_EMAIL="admin@example.com"
export NPM_PASSWORD="your-password"
export HEADLESS="false"  # Set to "true" for headless mode
export PAUSE_MODE="true"  # Set to "true" to pause at each step

Manual Configuration Steps

If automation is not available, follow these manual steps:

Step 1: Access Nginx Proxy Manager

  1. Open browser: http://192.168.11.26:81
  2. Log in with admin credentials

Step 2: Configure Proxy Host for Each Domain

For each domain, follow these steps:

  1. Navigate to Proxy Hosts

    • Click Proxy Hosts in the left menu
    • Click Add Proxy Host

  2. Details Tab

    • Domain Names: Enter the domain (e.g., explorer.d-bis.org)
    • Scheme: Select http or https based on target service
    • Forward Hostname/IP: Enter target IP (e.g., 192.168.11.140)
    • Forward Port: Enter target port (e.g., 80 or 443)
    • Cache Assets: Enable if desired
    • Block Common Exploits: Enable
    • Websockets Support: Enable for WebSocket domains

  3. SSL Tab

    • Click SSL tab
    • Click Request a new SSL Certificate
    • Email Address for Let's Encrypt: Enter your email
    • I Agree to the Let's Encrypt Terms of Service: Check
    • Force SSL: Enable (redirects HTTP to HTTPS)
    • HTTP/2 Support: Enable
    • HSTS Enabled: Enable
    • HSTS Subdomains: Enable if needed

  4. Save

    • Click Save
    • Wait for certificate to be issued (may take 1-2 minutes)

Domain Configuration Reference

sankofa.nexus Zone (5 domains)

Domain Target Port SSL
sankofa.nexus 192.168.11.140 80 Let's Encrypt
www.sankofa.nexus 192.168.11.140 80 Let's Encrypt
phoenix.sankofa.nexus 192.168.11.140 80 Let's Encrypt
www.phoenix.sankofa.nexus 192.168.11.140 80 Let's Encrypt
the-order.sankofa.nexus 192.168.11.140 80 Let's Encrypt

d-bis.org Zone (9 domains)

Domain Target Port SSL Notes
explorer.d-bis.org 192.168.11.140 80 Let's Encrypt Blockscout
rpc-http-pub.d-bis.org 192.168.11.252 443 Let's Encrypt WebSocket
rpc-ws-pub.d-bis.org 192.168.11.252 443 Let's Encrypt WebSocket
rpc-http-prv.d-bis.org 192.168.11.251 443 Let's Encrypt WebSocket
rpc-ws-prv.d-bis.org 192.168.11.251 443 Let's Encrypt WebSocket
dbis-admin.d-bis.org 192.168.11.130 80 Let's Encrypt
dbis-api.d-bis.org 192.168.11.155 3000 Let's Encrypt
dbis-api-2.d-bis.org 192.168.11.156 3000 Let's Encrypt
secure.d-bis.org 192.168.11.130 80 Let's Encrypt

mim4u.org Zone (4 domains)

Domain Target Port SSL
mim4u.org 192.168.11.19 80 Let's Encrypt
www.mim4u.org 192.168.11.19 80 Let's Encrypt
secure.mim4u.org 192.168.11.19 80 Let's Encrypt
training.mim4u.org 192.168.11.19 80 Let's Encrypt

defi-oracle.io Zone (1 domain)

Domain Target Port SSL
rpc.public-0138.defi-oracle.io 192.168.11.252 443 Let's Encrypt

Verification

Test SSL Certificate

After configuration, test each domain:

# Test HTTPS connectivity
curl -I https://explorer.d-bis.org

# Check SSL certificate
openssl s_client -connect explorer.d-bis.org:443 -servername explorer.d-bis.org < /dev/null 2>/dev/null | openssl x509 -noout -dates

Expected Results

  • HTTPS connection successful
  • Certificate issued by Let's Encrypt
  • HTTP redirects to HTTPS (301)
  • Certificate valid for domain

Troubleshooting

Certificate Request Fails

Issue: Let's Encrypt certificate request fails

Possible Causes:

  1. DNS not propagated (domain doesn't resolve to 76.53.10.36)
  2. Port 80 not accessible (required for HTTP-01 challenge)
  3. Domain already has certificate from different source
  4. Rate limiting (too many requests)

Solutions:

  1. Verify DNS: dig +short domain.com
  2. Test HTTP: curl -I http://domain.com
  3. Wait 1 hour if rate limited
  4. Check NPM logs for specific error

Port 443 Not Working

Issue: HTTPS connection fails after certificate configuration

Possible Causes:

  1. Port forwarding rule not active
  2. Firewall blocking port 443
  3. Nginx not listening on port 443

Solutions:

  1. Verify UDM Pro port forwarding: 76.53.10.36:443 → 192.168.11.26:443
  2. Check firewall rules on UDM Pro
  3. Verify Nginx is listening: netstat -tlnp | grep 443

Certificate Not Auto-Renewing

Issue: Let's Encrypt certificates expire

Solution:

  • Nginx Proxy Manager automatically renews certificates
  • Check renewal status in SSL Certificates tab
  • Manual renewal: Click "Renew" button for certificate

Automation Script Usage

Basic Usage

node scripts/nginx-proxy-manager/configure-ssl-all-domains.js

With Environment Variables

NPM_EMAIL=admin@example.com \
NPM_PASSWORD=your-password \
HEADLESS=false \
PAUSE_MODE=true \
node scripts/nginx-proxy-manager/configure-ssl-all-domains.js

Headless Mode (No Browser UI)

HEADLESS=true \
NPM_EMAIL=admin@example.com \
NPM_PASSWORD=your-password \
node scripts/nginx-proxy-manager/configure-ssl-all-domains.js

Related Documentation

Last Updated: 2026-01-09
Status: Configuration script ready

Reference in New Issue View Git Blame Copy Permalink