fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
5.8 KiB
5.8 KiB
E2E Failures — Cloudflare & NPMplus Configuration Review
Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation
Date: 2026-01-30
Context: Block production + chainlist E2E script (scripts/check-block-production-and-chainlist-e2e.sh)
Purpose: Identify whether Cloudflare or NPMplus configuration is the cause of each failing endpoint.
Summary of E2E Failures
| Endpoint | Type | Failure | Cloudflare/NPMplus cause? |
|---|---|---|---|
https://rpc.defi-oracle.io |
HTTP | chainId/eth_blockNumber failed | Yes — Cloudflare Tunnel |
wss://rpc.d-bis.org |
WebSocket | eth_chainId failed or timeout | Yes — NPMplus |
https://defi-oracle-meta.rpc.thirdweb.com/... |
HTTP | eth_blockNumber failed | No (thirdweb infra) |
https://138.rpc.thirdweb.com/... |
HTTP | eth_blockNumber failed | No (thirdweb infra) |
1. https://rpc.defi-oracle.io — Cloudflare Tunnel ingress
Cause
- DNS (docs):
rpc.defi-oracle.iois CNAME →rpc.public-0138.defi-oracle.io→ CNAME →26138c21-db00-4a02-95db-ec75c07bda5b.cfargotunnel.com. - Traffic for
rpc.defi-oracle.iotherefore hits the same Cloudflare Tunnel asrpc.public-0138.defi-oracle.io, but the Host header isrpc.defi-oracle.io. - The tunnel for VMID 2400 (Tunnel ID
26138c21-db00-4a02-95db-ec75c07bda5b) is only configured with one public hostname:rpc.public-0138.defi-oracle.io(seescripts/add-vmid2400-ingress.sh). - Cloudflare Tunnel matches ingress by hostname. There is no ingress rule for
rpc.defi-oracle.io, so requests withHost: rpc.defi-oracle.ioget no matching route (e.g. 404 or catch-all).
Fix
Add rpc.defi-oracle.io (and, if desired, wss.defi-oracle.io) as additional public hostnames for the same tunnel, routing to the same service (http://127.0.0.1:8545 or the same origin as rpc.public-0138.defi-oracle.io).
Option A — Cloudflare Dashboard
- Zero Trust → Networks → Tunnels → tunnel
26138c21-db00-4a02-95db-ec75c07bda5b. - Public Hostname tab → Add a public hostname.
- Subdomain:
rpc, Domain:defi-oracle.io→ Service: same asrpc.public-0138(e.g.http://127.0.0.1:8545orhttp://localhost:80if Nginx is in front). - Save. Repeat for
wssif you wantwss.defi-oracle.ioto use the same tunnel.
Option B — Extend add-vmid2400-ingress.sh
- When building the tunnel config via API, add ingress entries for:
rpc.defi-oracle.io→ same service asrpc.public-0138.defi-oracle.iowss.defi-oracle.io→ same service (if using same hostname for HTTP and WebSocket).
References
docs/04-configuration/RPC_DNS_CONFIGURATION.md(DNS structure, tunnel)scripts/add-vmid2400-ingress.sh(current single hostname)docs/01-getting-started/THIRDWEB_RPC_CLOUDFLARE_QUICKSTART.md(tunnel hostname setup)
2. wss://rpc.d-bis.org — NPMplus custom config (WebSocket)
Cause
- NPMplus has one proxy host per domain. The host rpc.d-bis.org is set to forward to
http://192.168.11.221:8545(HTTP RPC). WebSocket upgrade is allowed on that host, but the backend is still 8545. - For wss://rpc.d-bis.org to work, WebSocket traffic must go to 8546, not 8545. So the same hostname must route:
- HTTP POST (JSON-RPC) → 8545
- WebSocket upgrade → 8546
- By default NPM does not do this; it sends all traffic to one backend. So wss://rpc.d-bis.org fails unless custom Nginx is added to route by
Upgrade: websocketto 8546.
Fix
Add the custom Nginx snippet from docs/04-configuration/NPM_CUSTOM_RPC_D_BIS_ORG_WSS.md to the rpc.d-bis.org proxy host in NPMplus:
- NPMplus → Hosts → edit rpc.d-bis.org → Advanced tab.
- In Custom Nginx Configuration, add (at the top, before default
proxy_pass):
# Route WebSocket to 8546, HTTP stays on 8545
if ($http_upgrade ~* "websocket") {
proxy_pass http://192.168.11.221:8546;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
- Save and let NPM reload Nginx.
Alternative: Use wss://ws.rpc.d-bis.org only (already works; no custom config). Update chainlist to use wss://ws.rpc.d-bis.org instead of wss://rpc.d-bis.org if you do not want to maintain custom Nginx.
References
docs/04-configuration/RPC_D_BIS_ORG_MAPPING.mddocs/04-configuration/NPM_CUSTOM_RPC_D_BIS_ORG_WSS.md
3. Thirdweb URLs — Not Cloudflare/NPMplus
- defi-oracle-meta.rpc.thirdweb.com and 138.rpc.thirdweb.com are thirdweb’s domains. Requests go to their infrastructure; they then proxy to your chain (e.g.
rpc.public-0138.defi-oracle.io). - Failures (e.g.
eth_blockNumberfailed) are due to thirdweb’s RPC proxy or auth (API key, rate limit, or behavior), not your Cloudflare or NPMplus. - No change to Cloudflare or NPMplus will fix these; use thirdweb dashboard/support or their RPC docs if you need these URLs to pass E2E.
Checklist
- rpc.defi-oracle.io (HTTP): Add
rpc.defi-oracle.io(and optionallywss.defi-oracle.io) to Cloudflare Tunnel26138c21-db00-4a02-95db-ec75c07bda5bpublic hostnames, same service asrpc.public-0138.defi-oracle.io. - wss://rpc.d-bis.org: Add custom Nginx snippet to NPMplus proxy host rpc.d-bis.org (Advanced) to route WebSocket to
192.168.11.221:8546, or standardise onwss://ws.rpc.d-bis.orgin chainlist. - Thirdweb URLs: Treat as thirdweb-side; no Cloudflare/NPMplus change.