proxmox/scripts/nginx-proxy-manager/add-rpc-core-2-npmplus-proxy.sh

#!/usr/bin/env bash
# Create NPMplus proxy host for rpc-core-2.d-bis.org → RPC Core-2 (VMID 2102, 192.168.11.212:8545).
# Targets the THIRD NPMplus (192.168.11.169, VMID 10235 — same as Alltra/HYBX). Use after SFValley2 tunnel is set up.
# Requires NPM_PASSWORD for that instance (in .env or NPM_URL). Run from repo root.
# See: docs/04-configuration/NPMPLUS_FOUR_INSTANCES_MASTER.md, docs/04-configuration/cloudflare/SFVALLEY2_TUNNEL_MANUAL_RUNBOOK.md

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"

_orig_npm_url="${NPM_URL:-}"
_orig_npm_email="${NPM_EMAIL:-}"
_orig_npm_password="${NPM_PASSWORD:-}"
[ -f "$PROJECT_ROOT/.env" ] && { set +u; source "$PROJECT_ROOT/.env"; set -u; }
[ -n "$_orig_npm_url" ] && NPM_URL="$_orig_npm_url"
[ -n "$_orig_npm_email" ] && NPM_EMAIL="$_orig_npm_email"
[ -n "$_orig_npm_password" ] && NPM_PASSWORD="$_orig_npm_password"

[ -f "$PROJECT_ROOT/config/ip-addresses.conf" ] && source "$PROJECT_ROOT/config/ip-addresses.conf" 2>/dev/null || true

# Third NPMplus (Alltra/HYBX + Nathan core-2) — 76.53.10.38 → 192.168.11.169
NPMPLUS_THIRD="${IP_NPMPLUS_ALLTRA_HYBX:-192.168.11.169}"
NPM_URL="${NPM_URL:-https://${NPMPLUS_THIRD}:81}"
NPM_EMAIL="${NPM_EMAIL_ALLTRA_HYBX:-${NPM_EMAIL:-admin@example.org}}"
NPM_PASSWORD="${NPM_PASSWORD_ALLTRA_HYBX:-${NPM_PASSWORD:-}}"
RPC_CORE_2="${RPC_CORE_2:-192.168.11.212}"

if [ -z "$NPM_PASSWORD" ]; then
  echo "❌ NPM_PASSWORD is required. Set it in .env or export NPM_PASSWORD=..."
  exit 1
fi

echo "🔐 Authenticating to NPMplus..."
AUTH_JSON=$(jq -n --arg identity "$NPM_EMAIL" --arg secret "$NPM_PASSWORD" '{identity:$identity,secret:$secret}')
TOKEN_RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/tokens" -H "Content-Type: application/json" -d "$AUTH_JSON")
TOKEN=$(echo "$TOKEN_RESPONSE" | jq -r '.token // empty' 2>/dev/null || true)
if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
  echo "❌ NPMplus authentication failed."
  exit 1
fi
echo "✅ Authenticated"
echo ""

PROXY_HOSTS_JSON=$(curl -s -k -X GET "$NPM_URL/api/nginx/proxy-hosts" -H "Authorization: Bearer $TOKEN")
DOMAIN="rpc-core-2.d-bis.org"
HOST_ID=$(echo "$PROXY_HOSTS_JSON" | jq -r ".[] | select(.domain_names | type == \"array\") | select(.domain_names[] == \"$DOMAIN\") | .id" 2>/dev/null | head -n1 || true)

if [ -n "$HOST_ID" ] && [ "$HOST_ID" != "null" ]; then
  echo "✓ $DOMAIN already exists (ID: $HOST_ID). Run update-npmplus-proxy-hosts-api.sh to sync target if needed."
  exit 0
fi

echo "➕ Creating proxy host: $DOMAIN → http://${RPC_CORE_2}:8545 (WebSocket on, block_exploits off for RPC)"
CREATE_PAYLOAD=$(jq -n \
  --arg domain "$DOMAIN" \
  --arg forward_host "$RPC_CORE_2" \
  '{
    domain_names: [$domain],
    forward_scheme: "http",
    forward_host: $forward_host,
    forward_port: 8545,
    allow_websocket_upgrade: true,
    block_exploits: false
  }')
RESPONSE=$(curl -s -k -X POST "$NPM_URL/api/nginx/proxy-hosts" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "$CREATE_PAYLOAD")

NEW_ID=$(echo "$RESPONSE" | jq -r '.id // empty' 2>/dev/null || true)
if [ -n "$NEW_ID" ] && [ "$NEW_ID" != "null" ]; then
  echo "✅ Created $DOMAIN (ID: $NEW_ID). Add the route in Cloudflare sfvalley02 Published application routes and DNS CNAME."
  exit 0
fi

ERROR=$(echo "$RESPONSE" | jq -r '.message // .error // "Unknown error"' 2>/dev/null || echo "$RESPONSE")
echo "❌ Failed to create $DOMAIN: $ERROR"
exit 1