Files

Deploy to Phoenix / deploy (push) Has been cancelled

Details

docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates

- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-12 15:46:57 -08:00

16 KiB

Raw Blame History

DNS → NPMplus → VM Streamlined Architecture Table

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2026-01-20
Status: Complete Streamlined Architecture Reference
Purpose: Cohesive DNS, SSL, and traffic routing table for all services

Current topology: ER605 was replaced by the UDM Pro (76.53.10.34). Proxmox hosts: 192.168.11.10 (ml110), 192.168.11.11 (r630-01), 192.168.11.12 (r630-02). NPMplus LXC (VMID 10233) has 192.168.11.166 (eth0) and 192.168.11.167 (eth1); only 192.168.11.167 is used in UDM Pro port forwarding: 76.53.10.36:80 → 192.168.11.167:80, 76.53.10.36:443 → 192.168.11.167:443.

Architecture Flow

Internet
    ↓
Cloudflare DNS (All domains → 76.53.10.36)
    ↓
UDM Pro Port Forwarding (76.53.10.36:80/443 → 192.168.11.167:80/443)
    ↓
NPMplus (VMID 10233: 192.168.11.167) - SSL Termination & Routing
    ↓
Backend VMs (Various IPs) - Services with/without Nginx

Complete Service Mapping (Streamlined)

d-bis.org Zone (9 Domains)

Domain	SSL Cert	NPMplus Proxy	Backend VM	IP	Port	Has Nginx	Service Type
`explorer.d-bis.org`	49	8	5000 (blockscout-1)	192.168.11.140	4000	✅ Yes	Blockscout Explorer
`rpc-http-pub.d-bis.org`	53	10	2201 (besu-rpc-public-1)	192.168.11.221	8545	❌ No	Besu RPC HTTP
`rpc-ws-pub.d-bis.org`	55	11	2201 (besu-rpc-public-1)	192.168.11.221	8546	❌ No	Besu RPC WebSocket
`rpc.d-bis.org`	Request	—	2201 (besu-rpc-public-1)	192.168.11.221	8545	❌ No	Primary RPC HTTP (same as rpc-http-pub)
`rpc2.d-bis.org`	Request	—	2201 (besu-rpc-public-1)	192.168.11.221	8545	❌ No	Secondary RPC HTTP (same as rpc-http-pub)
`ws.rpc.d-bis.org`	Request	—	2201 (besu-rpc-public-1)	192.168.11.221	8546	❌ No	Primary RPC WebSocket (same as rpc-ws-pub)
`ws.rpc2.d-bis.org`	Request	—	2201 (besu-rpc-public-1)	192.168.11.221	8546	❌ No	Secondary RPC WebSocket (same as rpc-ws-pub)
`rpc-http-prv.d-bis.org`	52	12	2101 (besu-rpc-core-1)	192.168.11.211	8545	❌ No	Besu RPC HTTP (Private)
`rpc-ws-prv.d-bis.org`	54	13	2101 (besu-rpc-core-1)	192.168.11.211	8546	❌ No	Besu RPC WebSocket (Private)
`dbis-admin.d-bis.org`	46	14	10130 (dbis-frontend)	192.168.11.130	80	✅ Yes	DBIS Admin Frontend
`dbis-api.d-bis.org`	48	15	10150 (dbis-api-primary)	192.168.11.155	3000	❌ No	DBIS API Primary
`dbis-api-2.d-bis.org`	47	16	10151 (dbis-api-secondary)	192.168.11.156	3000	❌ No	DBIS API Secondary
`secure.d-bis.org`	58	17	10130 (dbis-frontend)	192.168.11.130	80	✅ Yes	DBIS Secure Portal

mim4u.org Zone (4 Domains)

Domain	SSL Cert	NPMplus Proxy	Backend VM	IP	Port	Has Nginx	Service Type
`mim4u.org`	50	17	7810 (mim-web-1)	192.168.11.37	80	✅ Yes	MIM4U Main Site
`www.mim4u.org`	50	17 (same)	7810 (mim-web-1)	192.168.11.37	80	✅ Yes	MIM4U Main Site
`secure.mim4u.org`	59	19	7810 (mim-web-1)	192.168.11.37	80	✅ Yes	MIM4U Secure Portal
`training.mim4u.org`	61	20	7810 (mim-web-1)	192.168.11.37	80	✅ Yes	MIM4U Training Portal

sankofa.nexus Zone (5 Domains) ⚠️

Domain	SSL Cert	NPMplus Proxy	Backend VM	IP	Port	Has Nginx	Service Type	Status
`sankofa.nexus`	57	21	⚠️ TBD	192.168.11.140 ⚠️	80 ⚠️	⚠️ TBD	Sankofa Main Portal	⚠️ Not Deployed
`www.sankofa.nexus`	64	22	⚠️ TBD	192.168.11.140 ⚠️	80 ⚠️	⚠️ TBD	Sankofa Main Portal	⚠️ Not Deployed
`phoenix.sankofa.nexus`	51	23	⚠️ TBD	192.168.11.140 ⚠️	80 ⚠️	⚠️ TBD	Phoenix Site	⚠️ Not Deployed
`www.phoenix.sankofa.nexus`	63	24	⚠️ TBD	192.168.11.140 ⚠️	80 ⚠️	⚠️ TBD	Phoenix Site	⚠️ Not Deployed
`the-order.sankofa.nexus`	60	25	⚠️ TBD	192.168.11.140 ⚠️	80 ⚠️	⚠️ TBD	The Order Portal	⚠️ Not Deployed

⚠️ Note: All Sankofa domains currently route to Blockscout (192.168.11.140) but services are NOT deployed. This is incorrect routing and needs to be fixed once services are deployed.

defi-oracle.io Zone (3 Domains)

Domain	SSL Cert	NPMplus Proxy	Backend VM	IP	Port	Has Nginx	Service Type
`rpc.public-0138.defi-oracle.io`	56	26	2400 (thirdweb-rpc-1)	192.168.11.240	443	✅ Yes	ThirdWeb RPC (HTTPS)
`rpc.defi-oracle.io`	Request	—	2201 (besu-rpc-public-1)	192.168.11.221	8545	✅ Yes	Defi Oracle HTTP RPC (same as rpc-http-pub)
`wss.defi-oracle.io`	Request	—	2201 (besu-rpc-public-1)	192.168.11.221	8546	✅ Yes	Defi Oracle WebSocket RPC (same as rpc-ws-pub)

DNS Configuration Summary

Cloudflare DNS Records

Zone	Records	Type	Target	Proxy Status	SSL Termination
d-bis.org	13	A	76.53.10.36	DNS Only (Gray)	NPMplus (Let's Encrypt)
mim4u.org	4	A	76.53.10.36	DNS Only (Gray)	NPMplus (Let's Encrypt)
sankofa.nexus	5	A	76.53.10.36	DNS Only (Gray)	NPMplus (Let's Encrypt)
defi-oracle.io	3	A	76.53.10.36	DNS Only (Gray)	NPMplus (Let's Encrypt)
TOTAL	25	A	76.53.10.36	DNS Only	NPMplus

Note: All DNS records use "DNS Only" mode (gray cloud) to bypass Cloudflare proxy. SSL termination is handled by NPMplus using Let's Encrypt certificates (auto-renewing until 2026-04-16).

Port Forwarding Configuration

UDM Pro Port Forwarding Rules

Public IP:Port	Internal IP:Port	Protocol	Service	Status
76.53.10.36:443	192.168.11.167:443	TCP	NPMplus HTTPS	✅ Active
76.53.10.36:80	192.168.11.167:80	TCP	NPMplus HTTP	✅ Active

Router: UDM Pro
Forwarding Type: Port forwarding configured in UDM Pro firewall rules

NPMplus Configuration

NPMplus Container Details

Property	Value
VMID	10233
Host	r630-01 (192.168.11.11)
Internal IP (eth0)	192.168.11.166
Internal IP (eth1)	192.168.11.167
NPMplus (canonical)	192.168.11.167
Management UI	`https://192.168.11.167:81`
Public IP	76.53.10.36
Public Ports	80 (HTTP), 443 (HTTPS)
Status	✅ Running

SSL Certificates (19 Active)

Cert ID	Domain(s)	Provider	Expires	Auto-Renewal
46	`dbis-admin.d-bis.org`	Let's Encrypt	2026-04-16	✅
47	`dbis-api-2.d-bis.org`	Let's Encrypt	2026-04-16	✅
48	`dbis-api.d-bis.org`	Let's Encrypt	2026-04-16	✅
49	`explorer.d-bis.org`	Let's Encrypt	2026-04-16	✅
50	`mim4u.org`, `www.mim4u.org`	Let's Encrypt	2026-04-16	✅
51	`phoenix.sankofa.nexus`	Let's Encrypt	2026-04-16	✅
52	`rpc-http-prv.d-bis.org`	Let's Encrypt	2026-04-16	✅
53	`rpc-http-pub.d-bis.org`	Let's Encrypt	2026-04-16	✅
54	`rpc-ws-prv.d-bis.org`	Let's Encrypt	2026-04-16	✅
55	`rpc-ws-pub.d-bis.org`	Let's Encrypt	2026-04-16	✅
56	`rpc.public-0138.defi-oracle.io`	Let's Encrypt	2026-04-16	✅
57	`sankofa.nexus`	Let's Encrypt	2026-04-16	✅
58	`secure.d-bis.org`	Let's Encrypt	2026-04-16	✅
59	`secure.mim4u.org`	Let's Encrypt	2026-04-16	✅
60	`the-order.sankofa.nexus`	Let's Encrypt	2026-04-16	✅
61	`training.mim4u.org`	Let's Encrypt	2026-04-16	✅
62	`www.mim4u.org`	Let's Encrypt	2026-04-16	✅
63	`www.phoenix.sankofa.nexus`	Let's Encrypt	2026-04-16	✅
64	`www.sankofa.nexus`	Let's Encrypt	2026-04-16	✅

Total: 19 SSL certificates, all valid until 2026-04-16 with auto-renewal enabled.

Backend VM Configuration

VMs with Nginx Web Server (4 VMs)

VMID	IP	Hostname	Host	Status	Nginx Config	Purpose	Domains
5000	192.168.11.140	blockscout-1	r630-02	✅ Running	`/etc/nginx/sites-available/blockscout`	Blockscout Explorer	`explorer.d-bis.org`
7810	192.168.11.37	mim-web-1	r630-02	✅ Running	`/etc/nginx/sites-available/mim4u`	MIM4U Web App	`mim4u.org`, `www.mim4u.org`, `secure.mim4u.org`, `training.mim4u.org`
10130	192.168.11.130	dbis-frontend	r630-01	✅ Running	TBD	DBIS Admin Frontend	`dbis-admin.d-bis.org`, `secure.d-bis.org`
2201	192.168.11.221	besu-rpc-public-1	r630-02	✅ Running	8545/8546	Besu RPC	`rpc-http-pub.d-bis.org`, `rpc-ws-pub.d-bis.org`, `rpc.d-bis.org`, `rpc2.d-bis.org`, `ws.rpc.d-bis.org`, `ws.rpc2.d-bis.org`, `rpc.defi-oracle.io`, `wss.defi-oracle.io`
2400	192.168.11.240	thirdweb-rpc-1	ml110	✅ Running	TBD	ThirdWeb RPC (HTTPS)	`rpc.public-0138.defi-oracle.io`

VMs without Nginx (Direct Service Access) (4 VMs)

VMID	IP	Hostname	Host	Status	Service	Port	Protocol	Domains
2101	192.168.11.211	besu-rpc-core-1	ml110	✅ Running	Besu RPC	8545/8546	HTTP/WS	`rpc-http-prv.d-bis.org`, `rpc-ws-prv.d-bis.org`
2201	192.168.11.221	besu-rpc-public-1	r630-02	✅ Running	Besu RPC	8545/8546	HTTP/WS	`rpc-http-pub.d-bis.org`, `rpc-ws-pub.d-bis.org`, `rpc.d-bis.org`, `rpc2.d-bis.org`, `ws.rpc.d-bis.org`, `ws.rpc2.d-bis.org`, `rpc.defi-oracle.io`, `wss.defi-oracle.io`
10150	192.168.11.155	dbis-api-primary	r630-01	✅ Running	Node.js API	3000	HTTP	`dbis-api.d-bis.org`
10151	192.168.11.156	dbis-api-secondary	r630-01	✅ Running	Node.js API	3000	HTTP	`dbis-api-2.d-bis.org`

Traffic Flow Examples

Example 1: Web Application (MIM4U)

User: https://mim4u.org
    ↓ DNS: mim4u.org → 76.53.10.36
    ↓ Port Forward: 76.53.10.36:443 → 192.168.11.167:443
    ↓ NPMplus (192.168.11.167:443):
    │   ├─ SSL Termination (Cert ID: 50)
    │   ├─ Proxy Host ID: 17
    │   └─ Proxy Pass: http://192.168.11.37:80
    ↓ nginx on VMID 7810 (192.168.11.37:80):
    │   └─ Serve: /var/www/html
    ↓ Response: HTTPS → User

Example 2: API Service (DBIS)

User: https://dbis-api.d-bis.org
    ↓ DNS: dbis-api.d-bis.org → 76.53.10.36
    ↓ Port Forward: 76.53.10.36:443 → 192.168.11.167:443
    ↓ NPMplus (192.168.11.167:443):
    │   ├─ SSL Termination (Cert ID: 48)
    │   ├─ Proxy Host ID: 15
    │   └─ Proxy Pass: http://192.168.11.155:3000
    ↓ Node.js API on VMID 10150 (192.168.11.155:3000):
    │   └─ Process Request
    ↓ Response: HTTPS → User

Example 3: RPC Endpoint (ThirdWeb)

User: https://rpc.public-0138.defi-oracle.io
    ↓ DNS: rpc.public-0138.defi-oracle.io → 76.53.10.36
    ↓ Port Forward: 76.53.10.36:443 → 192.168.11.167:443
    ↓ NPMplus (192.168.11.167:443):
    │   ├─ SSL Termination (Cert ID: 56)
    │   ├─ Proxy Host ID: 26
    │   └─ Proxy Pass: https://192.168.11.240:443
    ↓ nginx on VMID 2400 (192.168.11.240:443):
    │   ├─ SSL Termination (Internal)
    │   └─ Backend: Besu RPC + Translator
    ↓ Response: HTTPS → User

Example 4: RPC Service (Direct Besu)

User: https://rpc-http-pub.d-bis.org
    ↓ DNS: rpc-http-pub.d-bis.org → 76.53.10.36
    ↓ Port Forward: 76.53.10.36:443 → 192.168.11.167:443
    ↓ NPMplus (192.168.11.167:443):
    │   ├─ SSL Termination (Cert ID: 53)
    │   ├─ Proxy Host ID: 10
    │   └─ Proxy Pass: http://192.168.11.221:8545
    ↓ Besu RPC on VMID 2201 (192.168.11.221:8545):
    │   └─ Process JSON-RPC Request
    ↓ Response: HTTPS → User

Service Summary Statistics

By Service Type

Service Type	Count	Domains	VMs with Nginx	VMs Direct Access
Web Applications	5	9	3	0
API Services	2	2	0	2
RPC Services	5	5	1	4
Blockchain Explorer	1	1	1	0
TOTAL	13	17	5	6

Note: Sankofa domains (5) are not included in totals as services are not deployed.

By Zone

Zone	Domains	SSL Certs	Active Services	Issues
d-bis.org	9	9	9	None
mim4u.org	4	4	4	None
sankofa.nexus	5	5	0	⚠️ Services not deployed
defi-oracle.io	1	1	1	None
TOTAL	19	19	14	5 issues

Issues and Action Items

⚠️ Critical Issues

Sankofa Nexus Services NOT Deployed
- All 5 Sankofa domains currently route to Blockscout (192.168.11.140)
- Sankofa services need to be deployed before these domains can work correctly
- Action Required: Deploy Sankofa services and update NPMplus routing

📋 Recommended Improvements

Documentation
- ⚠️ Document nginx config file paths for VMID 10130 and 2400
- ⚠️ Document custom nginx configurations for all VMs with nginx
Monitoring
- Set up certificate expiration alerts (all certs expire 2026-04-16)
- Monitor backend VM health
- Track DNS resolution status
Security
- ✅ All SSL certificates auto-renewing
- ✅ HSTS enabled on all domains
- ✅ Security headers configured

Quick Reference Commands

Test DNS Resolution

dig +short mim4u.org
dig +short explorer.d-bis.org
dig +short rpc-http-pub.d-bis.org

Test SSL Certificates

curl -vI https://mim4u.org 2>&1 | grep -E "(certificate|SSL|TLS)"
curl -vI https://explorer.d-bis.org 2>&1 | grep -E "(certificate|SSL|TLS)"

Test Backend Services

# Test Blockscout
curl -I http://192.168.11.140:80

# Test MIM4U
curl -I http://192.168.11.37:80

# Test DBIS API
curl -I http://192.168.11.155:3000

# Test RPC
curl -X POST http://192.168.11.221:8545 \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Check NPMplus Status

# From Proxmox host
ssh root@192.168.11.11 "pct exec 10233 -- docker ps --filter 'name=npmplus'"

# Check NPMplus logs
ssh root@192.168.11.11 "pct exec 10233 -- docker logs npmplus --tail 50"

Check VM Status

# Check specific VM
ssh root@192.168.11.12 "pct status 7810"

# Check nginx status on VM
ssh root@192.168.11.12 "pct exec 7810 -- systemctl status nginx"

Comprehensive Architecture: docs/04-configuration/DNS_NPMPLUS_VM_COMPREHENSIVE_ARCHITECTURE.md
VMID Endpoints: docs/04-configuration/ALL_VMIDS_ENDPOINTS.md
NPMplus Setup: docs/04-configuration/NPMPLUS_COMPLETE_SETUP_SUMMARY.md
NPMplus Service Mapping: docs/04-configuration/NPMPLUS_SERVICE_MAPPING_COMPLETE.md
MIM4U DNS Config: reports/VMID_7810_DNS_NPMPLUS_CONFIGURATION.md
Cloudflare DNS: docs/04-configuration/cloudflare/CLOUDFLARE_DNS_SPECIFIC_SERVICES.md

Last Updated: 2026-01-20
Maintained By: Infrastructure Team
Status: ✅ Complete Streamlined Architecture Reference

16 KiB Raw Blame History