fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
9.5 KiB
9.5 KiB
Nginx Configurations for RPC Nodes
Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation
Date: 2026-01-18
Status: Current Active Configurations
Last Updated: 2026-01-18 (VMID Migration Complete)
VMID Migration Notice
Important: VMIDs 2500-2508 have been decommissioned and destroyed (2026-01-18).
The RPC infrastructure has been migrated to a new VMID structure:
| Old VMID | Old IP | New VMID | New IP | Purpose |
|---|---|---|---|---|
| 2500 | 192.168.11.250 | 2101 | 192.168.11.211 | Core RPC |
| 2501 | 192.168.11.251 | 2201 | 192.168.11.221 | Public RPC |
| 2502 | 192.168.11.252 | 2301 | 192.168.11.232 | Private RPC (stopped) |
| 2503 | 192.168.11.253 | 2303 | 192.168.11.233 | Ali 0x8a |
| 2504 | 192.168.11.254 | 2304 | 192.168.11.234 | Ali 0x1 |
| 2505 | 192.168.11.201 | 2305 | 192.168.11.235 | Luis 0x8a |
| 2506 | 192.168.11.202 | 2306 | 192.168.11.236 | Luis 0x1 |
| 2507 | 192.168.11.203 | 2307 | 192.168.11.237 | Putu 0x8a |
| 2508 | 192.168.11.204 | 2308 | 192.168.11.238 | Putu 0x1 |
Current Active RPC Nodes
| VMID | IP Address | Hostname | Status | Nginx | Purpose |
|---|---|---|---|---|---|
| 2400 | 192.168.11.240 | thirdweb-rpc-1 | ✅ Running | ✅ Active | ThirdWeb RPC (Cloudflare Tunnel) |
| 2101 | 192.168.11.211 | besu-rpc-core-1 | ✅ Running | ❌ Direct | Core RPC |
| 2201 | 192.168.11.221 | besu-rpc-public-1 | ✅ Running | ❌ Direct | Public RPC |
| 2301 | 192.168.11.232 | besu-rpc-private-1 | ⏸️ Stopped | ❌ Direct | Private RPC |
| 2303 | 192.168.11.233 | besu-rpc-ali-0x8a | ✅ Running | ❌ Direct | Ali 0x8a |
| 2304 | 192.168.11.234 | besu-rpc-ali-0x1 | ✅ Running | ❌ Direct | Ali 0x1 |
| 2305 | 192.168.11.235 | besu-rpc-luis-0x8a | ✅ Running | ❌ Direct | Luis 0x8a |
| 2306 | 192.168.11.236 | besu-rpc-luis-0x1 | ✅ Running | ❌ Direct | Luis 0x1 |
| 2307 | 192.168.11.237 | besu-rpc-putu-0x8a | ✅ Running | ❌ Direct | Putu 0x8a |
| 2308 | 192.168.11.238 | besu-rpc-putu-0x1 | ✅ Running | ❌ Direct | Putu 0x1 |
| 2401 | 192.168.11.241 | besu-rpc-thirdweb-0x8a-1 | ✅ Running | ❌ Direct | ThirdWeb 1 |
| 2402 | 192.168.11.242 | besu-rpc-thirdweb-0x8a-2 | ✅ Running | ❌ Direct | ThirdWeb 2 |
| 2403 | 192.168.11.243 | besu-rpc-thirdweb-0x8a-3 | ✅ Running | ❌ Direct | ThirdWeb 3 (syncing) |
VMID 2400 - ThirdWeb RPC (Cloudflare Tunnel)
Active Config: /etc/nginx/sites-enabled/rpc-thirdweb
Domain: rpc.public-0138.defi-oracle.io
IP: 192.168.11.240
Configuration Overview
- Port 80: Returns 204 (no redirect) for RPC clients
- Port 443: HTTPS server handling both HTTP RPC and WebSocket RPC
- Backend:
- HTTP RPC →
127.0.0.1:8545 - WebSocket RPC →
127.0.0.1:8546(detected via$http_upgradeheader)
- HTTP RPC →
- SSL: Cloudflare Origin Certificate
- Cloudflare Integration: Real IP headers configured for Cloudflare IP ranges
Key Features
- WebSocket detection via
$http_upgradeheader - CORS headers enabled for ThirdWeb web apps
- Cloudflare real IP support
- Health check endpoint at
/health
Full Configuration
# RPC endpoint for rpc.public-0138.defi-oracle.io
server {
listen 80;
listen [::]:80;
server_name rpc.public-0138.defi-oracle.io;
# Avoid redirects for RPC clients (prevents loops and broken POST behavior)
return 204;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rpc.public-0138.defi-oracle.io;
ssl_certificate /etc/nginx/ssl/cloudflare-origin.crt;
ssl_certificate_key /etc/nginx/ssl/cloudflare-origin.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/rpc-thirdweb-access.log;
error_log /var/log/nginx/rpc-thirdweb-error.log;
client_max_body_size 10M;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
send_timeout 300s;
# Optional: if you need real client IPs from Cloudflare
real_ip_header CF-Connecting-IP;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
location / {
# Default backend = HTTP RPC
set $backend "http://127.0.0.1:8545";
# If websocket upgrade requested, use WS backend
if ($http_upgrade = "websocket") {
set $backend "http://127.0.0.1:8546";
}
proxy_pass $backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support (safe defaults)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
proxy_request_buffering off;
# CORS (optional; keep if Thirdweb/browser clients need it)
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
if ($request_method = OPTIONS) {
return 204;
}
}
location /health {
access_log off;
add_header Content-Type text/plain;
return 200 "healthy\n";
}
}
ARCHIVED: Old VMID Configurations (2500-2508)
Note
: The following configurations are archived for reference only. VMIDs 2500-2508 have been destroyed as of 2026-01-18.
Click to expand archived VMID 2500-2508 configurations
VMID 2500 - Core RPC Node (DESTROYED)
Status: 🗑️ Destroyed - Replaced by VMID 2101 (192.168.11.211)
Old Config: /etc/nginx/sites-enabled/rpc-core
Old Domains:
rpc-core.d-bis.orgbesu-rpc-1192.168.11.250
Old IP: 192.168.11.250
VMID 2501 - Permissioned RPC (DESTROYED)
Status: 🗑️ Destroyed - Replaced by VMID 2201 (192.168.11.221)
Old Config: /etc/nginx/sites-enabled/rpc-perm
Old Domains:
rpc-http-prv.d-bis.orgrpc-ws-prv.d-bis.orgbesu-rpc-2192.168.11.251
Old IP: 192.168.11.251
VMID 2502 - Public RPC (DESTROYED)
Status: 🗑️ Destroyed - Replaced by VMID 2301 (192.168.11.232)
Old Config: /etc/nginx/sites-enabled/rpc
Old Domains:
rpc-http-pub.d-bis.orgrpc-ws-pub.d-bis.orgbesu-rpc-3192.168.11.252
Old IP: 192.168.11.252
VMIDs 2503-2508 (DESTROYED)
Status: 🗑️ All destroyed - Replaced by VMIDs 2303-2308
| Old VMID | Old IP | Old Hostname | Replaced By |
|---|---|---|---|
| 2503 | 192.168.11.253 | besu-rpc-ali-0x8a | VMID 2303 (192.168.11.233) |
| 2504 | 192.168.11.254 | besu-rpc-ali-0x1 | VMID 2304 (192.168.11.234) |
| 2505 | 192.168.11.201 | besu-rpc-luis-0x8a | VMID 2305 (192.168.11.235) |
| 2506 | 192.168.11.202 | besu-rpc-luis-0x1 | VMID 2306 (192.168.11.236) |
| 2507 | 192.168.11.203 | besu-rpc-putu-0x8a | VMID 2307 (192.168.11.237) |
| 2508 | 192.168.11.204 | besu-rpc-putu-0x1 | VMID 2308 (192.168.11.238) |
Summary of Port Usage
| VMID | IP Address | Port 80 | Port 443 | Port 8545 | Purpose |
|---|---|---|---|---|---|
| 2400 | 192.168.11.240 | Returns 204 | HTTP/WebSocket RPC | Besu RPC | ThirdWeb RPC (Cloudflare Tunnel) |
| 2101 | 192.168.11.211 | - | - | Besu RPC | Core RPC |
| 2201 | 192.168.11.221 | - | - | Besu RPC | Public RPC |
| 2303-2308 | 192.168.11.233-238 | - | - | Besu RPC | Named RPC nodes |
| 2401-2403 | 192.168.11.241-243 | - | - | Besu RPC | ThirdWeb RPC instances |
SSL Certificates
| VMID | Certificate Type | Location |
|---|---|---|
| 2400 | Cloudflare Origin Certificate | /etc/nginx/ssl/cloudflare-origin.crt |
Access Patterns
Public Endpoints (No Authentication)
rpc.public-0138.defi-oracle.io(VMID 2400) - ThirdWeb RPC via Cloudflare
Direct RPC Access (Internal Network)
All new RPC nodes are accessible directly on port 8545/8546:
| VMID | HTTP RPC | WebSocket RPC |
|---|---|---|
| 2101 | http://192.168.11.211:8545 |
ws://192.168.11.211:8546 |
| 2201 | http://192.168.11.221:8545 |
ws://192.168.11.221:8546 |
| 2303 | http://192.168.11.233:8545 |
ws://192.168.11.233:8546 |
| 2304 | http://192.168.11.234:8545 |
ws://192.168.11.234:8546 |
| 2305 | http://192.168.11.235:8545 |
ws://192.168.11.235:8546 |
| 2306 | http://192.168.11.236:8545 |
ws://192.168.11.236:8546 |
| 2307 | http://192.168.11.237:8545 |
ws://192.168.11.237:8546 |
| 2308 | http://192.168.11.238:8545 |
ws://192.168.11.238:8546 |
| 2400 | http://192.168.11.240:8545 |
ws://192.168.11.240:8546 |
| 2401 | http://192.168.11.241:8545 |
ws://192.168.11.241:8546 |
| 2402 | http://192.168.11.242:8545 |
ws://192.168.11.242:8546 |
| 2403 | http://192.168.11.243:8545 |
ws://192.168.11.243:8546 |
Last Updated: 2026-01-18