d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e4a19db0ae96721b9ed70ff8dee304bb35bc6389
proxmox/docs/04-configuration/MIFOS_NPMPLUS_TUNNEL.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

4.3 KiB
Raw Blame History

Mifos: Tunnel via NPMplus (Option — dedicated NPMplus for mifos.d-bis.org)

Last Updated: 2026-02-09
Status: Optional architecture
Context: Use a dedicated NPMplus VM (10237) as the tunnel origin; NPMplus proxies to VMID 5800 (Mifos). SSL and proxy managed in NPMplus UI (e.g. Let's Encrypt).

Yes, we run NPMplus

Existing instances:

VMID Host IP Role / Public
10233 r630-01 192.168.11.167 Main NPMplus (76.53.10.36)
10234 r630-02 192.168.11.168 Secondary
10235 r630-01 192.168.11.169 Alltra/HYBX (76.53.10.42)
10236 r630-01 192.168.11.170 Fourth dev/Codespaces (76.53.10.40)
10237 r630-02 192.168.11.171 NPMplus Mifos tunnel origin → 5800

Flow: Tunnel → NPMplus (10237) → VMID 5800

  1. Cloudflare terminates HTTPS for mifos.d-bis.org and sends traffic through the tunnel.
  2. Tunnel connector runs either:
    • In 10237 (NPMplus Mifos): cloudflared in 10237; Service = https://127.0.0.1:443 or https://192.168.11.171:443.
    • In 5800 (current): cloudflared in 5800; Service = https://192.168.11.171:443 (origin = NPMplus).
  3. NPMplus (10237) has a proxy host: mifos.d-bis.orghttp://192.168.11.85:80 (Mifos in 5800). SSL for mifos.d-bis.org can be Let's Encrypt in NPMplus.
  4. 5800 serves Mifos on port 80 only; no Nginx/SSL on 5800 if you use this path.

1. Create NPMplus Mifos container (10237)

From project root:

./scripts/npmplus/create-npmplus-mifos-container.sh
  • VMID: 10237
  • Host: r630-02 (192.168.11.12)
  • IP: 192.168.11.171
  • Overrides: STORAGE_R630_02_NPMPLUS_MIFOS, TEMPLATE

2. Install NPMplus in 10237

Inside 10237 (same pattern as other NPMplus containers):

  • Install Docker, then Nginx Proxy Manager: ./scripts/npmplus/install-npmplus-mifos.sh.
  • Credentials: All five NPMplus instances use the same NPM_EMAIL and NPM_PASSWORD (in .env). Use them to log in at https://192.168.11.171:81. For a newly created instance, first log in with the auto-generated password (ssh root@<host> 'pct exec 10237 -- cat /opt/.npm_pwd'), then change the admin password in the UI to match NPM_PASSWORD so it stays in sync with the others.
  • Add Proxy Host:
    • Domain: mifos.d-bis.org
    • Forward hostname / IP: 192.168.11.85
    • Forward port: 80
    • SSL: Request Let's Encrypt for mifos.d-bis.org (or use existing cert).

3. Point the tunnel at NPMplus

Option A — Tunnel connector in 10237 (recommended for this design)

  • Install cloudflared in 10237 with the same tunnel token (or a dedicated tunnel for Mifos).
  • Zero TrustPublished application routes:
    • Domain: mifos.d-bis.org
    • Service: https://127.0.0.1:443 (NPMplus in same container) or https://192.168.11.171:443
  • Add Origin configurationNo TLS Verify only if NPMplus uses a self-signed cert for the origin; if NPM has Let's Encrypt for mifos.d-bis.org, verification can stay on.

Option B — Tunnel connector stays in 5800

  • Published application routes: Service = https://192.168.11.171:443.
  • cloudflared in 5800 connects to NPMplus at 192.168.11.171:443; NPMplus proxies to 192.168.11.85:80.

4. DNS

Unchanged: mifos.d-bis.orgCNAME to <tunnel-id>.cfargotunnel.com (Proxied).
Script: MIFOS_DNS_MODE=tunnel ./scripts/cloudflare/configure-mifos-dns.sh

5. Summary

Step Action
1 Create 10237: ./scripts/npmplus/create-npmplus-mifos-container.sh
2 Install NPM in 10237 (Docker + NPM); add proxy mifos.d-bis.org → http://192.168.11.85:80; SSL in NPM (Let's Encrypt)
3 Install cloudflared in 10237 (or keep in 5800); set tunnel Service to https://192.168.11.171:443 (or https://127.0.0.1:443 if connector in 10237)
4 DNS: CNAME mifos → tunnel (already done if using tunnel)

Config: IP_NPMPLUS_MIFOS, NPMPLUS_MIFOS_VMID in config/ip-addresses.conf; VMID 10237 → r630-02 in scripts/lib/load-project-env.sh.
Credentials: All five NPMplus instances (10233, 10234, 10235, 10236, 10237) use the same NPM_EMAIL and NPM_PASSWORD in .env.

Reference in New Issue View Git Blame Copy Permalink