d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
cb47cce074da46f3ce5910b752d435c4a3ee87d0
proxmox/docs/05-network/NGINX_SETUP_FINAL_SUMMARY.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

5.0 KiB
Raw Blame History

Nginx Setup on VMID 2500 - Final Summary

Last Updated: 2025-01-20
Document Version: 1.0
Status: Active Documentation

Installation Complete

Nginx has been successfully installed, configured, and secured on VMID 2500 (besu-rpc-1).

📋 What Was Configured

1. Core Installation

  • Nginx installed
  • OpenSSL installed
  • SSL certificate generated (self-signed, 10-year validity)
  • Service enabled and active

2. Reverse Proxy Configuration

Ports:

  • 80: HTTP to HTTPS redirect
  • 443: HTTPS RPC API (proxies to Besu port 8545)
  • 8443: HTTPS WebSocket RPC (proxies to Besu port 8546)
  • 8080: Nginx status page (internal only)

Server Names:

  • besu-rpc-1
  • 192.168.11.250
  • rpc-core.besu.local
  • rpc-core.chainid138.local
  • rpc-core-ws.besu.local (WebSocket)
  • rpc-core-ws.chainid138.local (WebSocket)

3. Security Features

Rate Limiting

  • HTTP RPC: 10 requests/second (burst: 20)
  • WebSocket RPC: 50 requests/second (burst: 50)
  • Connection Limiting: 10 connections per IP (HTTP), 5 (WebSocket)

Security Headers

  • Strict-Transport-Security (HSTS)
  • X-Frame-Options
  • X-Content-Type-Options
  • X-XSS-Protection
  • Referrer-Policy
  • Permissions-Policy

SSL/TLS

  • Protocols: TLSv1.2, TLSv1.3
  • Ciphers: Strong ciphers (ECDHE, DHE)
  • Certificate: Self-signed (replace with Let's Encrypt for production)

4. Monitoring

Nginx Status Page

  • URL: http://127.0.0.1:8080/nginx_status
  • Access: Internal only (127.0.0.1)
  • Status: Active

Health Check

  • Script: /usr/local/bin/nginx-health-check.sh
  • Service: nginx-health-monitor.service
  • Timer: Runs every 5 minutes
  • Status: Active

Log Rotation

  • Retention: 14 days
  • Rotation: Daily
  • Compression: Enabled
  • Status: Configured

🧪 Verification Results

Service Status

pct exec 2500 -- systemctl status nginx
# Status: ✅ active (running)

Health Check

pct exec 2500 -- /usr/local/bin/nginx-health-check.sh
# Result: ✅ All checks passing

RPC Endpoint

curl -k -X POST https://192.168.11.250:443 \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
# Result: ✅ Responding correctly

Nginx Status

pct exec 2500 -- curl http://127.0.0.1:8080/nginx_status
# Result: ✅ Active connections, requests handled

Ports

  • Port 80: Listening
  • Port 443: Listening
  • Port 8443: Listening
  • Port 8080: Listening (status page)

📊 Configuration Files

Main Files

  • Nginx Config: /etc/nginx/nginx.conf
  • Site Config: /etc/nginx/sites-available/rpc-core
  • SSL Certificate: /etc/nginx/ssl/rpc.crt
  • SSL Key: /etc/nginx/ssl/rpc.key

Scripts

  • Health Check: /usr/local/bin/nginx-health-check.sh
  • Config Script: scripts/configure-nginx-rpc-2500.sh
  • Security Script: scripts/configure-nginx-security-2500.sh
  • Monitoring Script: scripts/setup-nginx-monitoring-2500.sh

Services

  • Nginx: nginx.service Active
  • Health Monitor: nginx-health-monitor.timer Active

🔧 Management Commands

Service Management

# Status
pct exec 2500 -- systemctl status nginx

# Reload
pct exec 2500 -- systemctl reload nginx

# Restart
pct exec 2500 -- systemctl restart nginx

# Test config
pct exec 2500 -- nginx -t

Monitoring

# Status page
pct exec 2500 -- curl http://127.0.0.1:8080/nginx_status

# Health check
pct exec 2500 -- /usr/local/bin/nginx-health-check.sh

# View logs
pct exec 2500 -- tail -f /var/log/nginx/rpc-core-http-access.log

All Next Steps Completed

  1. Install Nginx
  2. Generate SSL certificate
  3. Configure reverse proxy
  4. Set up rate limiting
  5. Configure security headers
  6. Set up firewall rules
  7. Enable monitoring
  8. Configure health checks
  9. Set up log rotation
  10. Create documentation

🚀 Production Ready

Status: PRODUCTION READY

The RPC node is fully configured with:

  • Secure HTTPS access
  • Rate limiting protection
  • Comprehensive monitoring
  • Automated health checks
  • Proper log management

Optional Enhancement: Replace self-signed certificate with Let's Encrypt for production use.

📚 Documentation

All documentation has been created:

  • Configuration guide
  • Troubleshooting guide
  • Setup summaries
  • Management commands
  • Security recommendations

Related Documentation

Last Updated: 2025-01-20
Document Version: 1.0
Review Cycle: Quarterly

Reference in New Issue View Git Blame Copy Permalink