fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
6.1 KiB
6.1 KiB
SSL Configuration Fix - Summary
Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation
Date: 2026-01-15
Status: ✅ IP Addresses Fixed | ⏳ SSL Configuration Pending Network Access
✅ Completed Fixes
1. IP Address Corrections
All invalid IP addresses have been corrected in all scripts and documentation:
| Service | Fixed IP | Previous (Invalid) | Files Updated |
|---|---|---|---|
| Blockscout | 192.168.11.140 | 192.168.11.280 | ✅ All scripts |
| DBIS API Primary | 192.168.11.155 | 192.168.11.290 | ✅ All scripts |
| DBIS API Secondary | 192.168.11.156 | 192.168.11.291 | ✅ All scripts |
| MIM4U | 192.168.11.36 | 192.168.11.19 | ✅ All scripts |
Files Updated:
- ✅
scripts/nginx-proxy-manager/configure-ssl-api.js - ✅
scripts/nginx-proxy-manager/configure-ssl-all-domains.js - ✅
scripts/nginx-proxy-manager/configure-domains-pct-exec.sh - ✅
scripts/nginx-proxy-manager/manual-ssl-config-guide.sh
2. Password Reset Script Updated
- ✅ Updated to use correct email:
nsatoshi2007@hotmail.com - ✅ Updated to use Node.js with
better-sqlite3for database operations - ✅ Supports creating user if it doesn't exist
3. Complete SSL Fix Script Created
- ✅ Created
scripts/nginx-proxy-manager/fix-ssl-complete.sh - ✅ Automates password reset and SSL configuration
⏳ Pending: SSL Certificate Configuration
Current Issue
NPM is not accessible from the current network:
- ❌ SSH to Proxmox host (192.168.11.11) fails: "No route to host"
- ❌ Direct HTTP access to NPM (192.168.11.26:81) fails: "fetch failed"
Solution Options
Option 1: Run from Proxmox Host (Recommended)
If you have access to the Proxmox host directly:
# SSH to Proxmox host
ssh root@192.168.11.11
# Run SSL configuration inside NPM container
pct exec 105 -- bash -c '
cd /app
export NPM_URL="http://127.0.0.1:81"
export NPM_EMAIL="nsatoshi2007@hotmail.com"
export NPM_PASSWORD="L@ker\$2010"
node /path/to/configure-ssl-api.js
'
Option 2: Manual Configuration via Web UI
- Access NPM Web UI:
http://192.168.11.26:81 - Login:
- Email:
nsatoshi2007@hotmail.com - Password:
L@ker$2010
- Email:
- If login fails, reset password:
bash scripts/nginx-proxy-manager/reset-npm-password.sh "L@ker\$2010" "nsatoshi2007@hotmail.com" - Configure each domain (see domain list below)
Option 3: Run Script When Network Access Available
Once you have network access to NPM:
cd /home/intlc/projects/proxmox
export NPM_URL="http://192.168.11.26:81"
export NPM_EMAIL="nsatoshi2007@hotmail.com"
export NPM_PASSWORD="L@ker\$2010"
node scripts/nginx-proxy-manager/configure-ssl-api.js
📋 All 19 Domains to Configure
sankofa.nexus (5 domains)
sankofa.nexus→http://192.168.11.140:80www.sankofa.nexus→http://192.168.11.140:80phoenix.sankofa.nexus→http://192.168.11.140:80www.phoenix.sankofa.nexus→http://192.168.11.140:80the-order.sankofa.nexus→http://192.168.11.140:80
d-bis.org (9 domains)
explorer.d-bis.org→http://192.168.11.140:80rpc-http-pub.d-bis.org→https://192.168.11.252:443(WebSocket ✅)rpc-ws-pub.d-bis.org→https://192.168.11.252:443(WebSocket ✅)rpc-http-prv.d-bis.org→https://192.168.11.251:443(WebSocket ✅)rpc-ws-prv.d-bis.org→https://192.168.11.251:443(WebSocket ✅)dbis-admin.d-bis.org→http://192.168.11.130:80dbis-api.d-bis.org→http://192.168.11.155:3000dbis-api-2.d-bis.org→http://192.168.11.156:3000secure.d-bis.org→http://192.168.11.130:80
mim4u.org (4 domains)
mim4u.org→http://192.168.11.36:80✅ FIXEDwww.mim4u.org→http://192.168.11.36:80✅ FIXEDsecure.mim4u.org→http://192.168.11.36:80✅ FIXEDtraining.mim4u.org→http://192.168.11.36:80✅ FIXED
defi-oracle.io (1 domain)
rpc.public-0138.defi-oracle.io→https://192.168.11.252:443(WebSocket ✅)
🔧 Configuration Settings for Each Domain
For each proxy host, configure:
- ✅ Forward Scheme:
httporhttps(based on target) - ✅ Forward Hostname: Target IP address
- ✅ Forward Port:
80,3000, or443(based on target) - ✅ WebSocket Support: Enable for RPC domains
- ✅ SSL Certificate: Request Let's Encrypt certificate
- ✅ Force SSL: Enable
- ✅ HTTP/2 Support: Enable
- ✅ HSTS: Enable
- ✅ HSTS Subdomains: Enable
✅ Verification Steps
After SSL configuration:
-
Test HTTPS connectivity:
curl -I https://sankofa.nexus curl -I https://explorer.d-bis.org curl -I https://mim4u.org -
Check SSL certificate status:
bash scripts/check-east-west-ssl-status.sh -
Verify all domains:
for domain in sankofa.nexus explorer.d-bis.org mim4u.org; do echo "Testing $domain..." curl -I https://$domain 2>&1 | head -3 done
📝 Scripts Available
-
scripts/nginx-proxy-manager/fix-ssl-complete.sh- Complete automation: password reset + SSL configuration
- Requires network access to Proxmox host
-
scripts/nginx-proxy-manager/configure-ssl-api.js- API-based SSL configuration
- Requires network access to NPM (192.168.11.26:81)
-
scripts/nginx-proxy-manager/reset-npm-password.sh- Password reset script
- Requires SSH access to Proxmox host
-
scripts/nginx-proxy-manager/configure-domains-pct-exec.sh- Container-based configuration
- Requires SSH access to Proxmox host
🎯 Next Steps
- ✅ All IP addresses fixed - Ready for configuration
- ⏳ Obtain network access to Proxmox host or NPM
- ⏳ Run SSL configuration using one of the options above
- ⏳ Verify SSL certificates are issued and working
- ⏳ Test HTTPS connectivity for all domains
Last Updated: 2026-01-15
Status: ✅ IPs Fixed | ⏳ SSL Configuration Pending Network Access