790e489538
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Made-with: Cursor
7.8 KiB
7.8 KiB
FQDN expected content (what users and clients should see)
Last Updated: 2026-03-27 (Sankofa hostname tiers: public / SSO / dash)
Purpose: One-page description of what should be presented at each public NPM-routed hostname after HTTPS. Use this before pruning evidence or changing proxies so expectations stay aligned with product intent.
Canonical routing (IPs, VMIDs, ports): ALL_VMIDS_ENDPOINTS.md, RPC_ENDPOINTS_MASTER.md.
Product depth (Sankofa / Phoenix / explorer narrative): EXPECTED_WEB_CONTENT.md.
Automated checks: E2E_ENDPOINTS_LIST.md, scripts/verify/verify-end-to-end-routing.sh.
Legend
| Kind | Meaning |
|---|---|
| Web | Browser loads HTML (or SPA shell); humans see pages, forms, or dashboards. |
| API | Primarily JSON over HTTPS; browsers may see errors unless hitting documented REST paths. |
| RPC-HTTP | No marketing page. JSON-RPC 2.0 over HTTPS POST to / (or provider path); wallets and backends consume JSON. |
| RPC-WS | No HTML. WebSocket upgrade; JSON-RPC / subscription traffic. |
| 301 | Apex policy: www.* redirects to non-www HTTPS (see NPM advanced_config). |
sankofa.nexus zone
Canonical roles: EXPECTED_WEB_CONTENT.md (hostname model table).
Public web (unauthenticated visitors for marketing / division pages)
| FQDN | Kind | What should be displayed or returned |
|---|---|---|
sankofa.nexus |
Web | Sankofa — Sovereign Technologies: public corporate / brand web (mission, narrative, entry points). |
www.sankofa.nexus |
301 → apex | Browser ends on https://sankofa.nexus/.... |
phoenix.sankofa.nexus |
Web / API | Phoenix Cloud Services (division of Sankofa): public-facing division web (intent). Same deployment may still expose API paths (/health, /graphql, …). E2E verifier may use /health. |
www.phoenix.sankofa.nexus |
301 → apex | Browser ends on https://phoenix.sankofa.nexus/.... |
Client SSO (system SSO; Keycloak as IdP)
| FQDN | Kind | What should be displayed or returned |
|---|---|---|
keycloak.sankofa.nexus |
Web / IdP | Identity provider for client SSO: realm login UI, OIDC/SAML well-known and token endpoints; operator Keycloak admin at /admin. Backs admin and portal redirects—not a substitute for those apps. |
admin.sankofa.nexus |
Web | Client SSO: administer access (users, roles, org access policy). |
portal.sankofa.nexus |
Web | Client SSO: Phoenix cloud services, Sankofa Marketplace subscriptions, and other client-facing services. |
Operator / systems (IP-gated + MFA)
| FQDN | Kind | What should be displayed or returned |
|---|---|---|
dash.sankofa.nexus |
Web | IP allowlisting + system authentication + MFA: unified admin for Sankofa, Phoenix, Gitea, and related systems (not the client self-service portal). |
Other properties on the zone
| FQDN | Kind | What should be displayed or returned |
|---|---|---|
the-order.sankofa.nexus |
Web | OSJ / Order management portal (secure auth); app the_order. Upstream: HAProxy 10210 → portal stack. |
www.the-order.sankofa.nexus |
301 → apex | Browser ends on https://the-order.sankofa.nexus/.... |
studio.sankofa.nexus |
Web | Sankofa Studio (FusionAI) UI under /studio/ (and related API routes on same origin). |
d-bis.org (DBIS + infrastructure)
| FQDN | Kind | What should be displayed or returned |
|---|---|---|
explorer.d-bis.org |
Web | SolaceScanScout / Blockscout UI: blocks, txs, addresses, tokens, contract verification for Chain 138. Public, no login for browse. |
docs.d-bis.org |
Web | Same Blockscout nginx host as explorer where configured; may serve docs paths (see explorer deploy runbooks). |
dbis-admin.d-bis.org |
Web | DBIS admin frontend (dashboard). |
secure.d-bis.org |
Web | DBIS secure authenticated portal. |
dbis-api.d-bis.org |
API | DBIS core API (aggregation, OTC, exchange JSON). |
dbis-api-2.d-bis.org |
API | Secondary DBIS API instance. |
mim4u.org, www.mim4u.org, secure.mim4u.org, training.mim4u.org |
Web | MIM4U property sites (nginx on MIM stack). |
rpc-http-pub.d-bis.org, rpc.d-bis.org, rpc2.d-bis.org |
RPC-HTTP | Public Besu JSON-RPC (Chain 138); eth_chainId → 0x8a. |
rpc-ws-pub.d-bis.org, ws.rpc.d-bis.org, ws.rpc2.d-bis.org |
RPC-WS | Public Besu WebSocket RPC. |
rpc-http-prv.d-bis.org |
RPC-HTTP | Core / private JSON-RPC (permissioned use). |
rpc-ws-prv.d-bis.org |
RPC-WS | Core / private WebSocket RPC. |
rpc-fireblocks.d-bis.org |
RPC-HTTP | Fireblocks-dedicated JSON-RPC endpoint. |
ws.rpc-fireblocks.d-bis.org |
RPC-WS | Fireblocks-dedicated WebSocket RPC. |
rpc-alltra.d-bis.org, rpc-alltra-2.d-bis.org, rpc-alltra-3.d-bis.org |
RPC-HTTP | Alltra RPC fronts (tunnel to NPM); JSON-RPC for Chain 138 (or as configured on those edges). |
rpc-hybx.d-bis.org, rpc-hybx-2.d-bis.org, rpc-hybx-3.d-bis.org |
RPC-HTTP | HYBX RPC fronts; same class as Alltra. |
cacti-alltra.d-bis.org, cacti-hybx.d-bis.org |
Web | Cacti monitoring UI (graphs, device views). |
mifos.d-bis.org |
Web | Mifos banking platform UI (when backend healthy). |
dapp.d-bis.org |
Web | DApp static/hosted frontend (VMID per ALL_VMIDS). |
gitea.d-bis.org |
Web | Gitea git forge UI. |
dev.d-bis.org |
Web | Dev workspace UI (codespaces / dev host). |
codespaces.d-bis.org |
Web | Codespaces / dev related web entry (as wired on NPM). |
defi-oracle.io (ThirdWeb / public edge)
| FQDN | Kind | What should be displayed or returned |
|---|---|---|
rpc.public-0138.defi-oracle.io |
RPC-HTTP | ThirdWeb-style HTTPS RPC terminator on VMID 2400; JSON-RPC to Chain 138. |
rpc.defi-oracle.io |
RPC-HTTP | Public JSON-RPC alias (same Besu public stack as rpc.d-bis.org family when healthy). |
wss.defi-oracle.io |
RPC-WS | Public WebSocket RPC companion. |
Note: blockscout.defi-oracle.io is a separate Blockscout hostname (generic / reference). Not the canonical DBIS explorer; same class of web explorer UI as Blockscout. See EXPECTED_WEB_CONTENT.
xom-dev.phoenix.sankofa.nexus (gov portals dev)
| FQDN | Kind | What should be displayed or returned |
|---|---|---|
dbis.xom-dev.phoenix.sankofa.nexus |
Web | Gov portals dev app on port 3001 (VMID 7804 family). |
iccc.xom-dev.phoenix.sankofa.nexus |
Web | Idem, port 3002. |
omnl.xom-dev.phoenix.sankofa.nexus |
Web | Idem, port 3003. |
xom.xom-dev.phoenix.sankofa.nexus |
Web | Idem, port 3004. |
Operator checklist
- Wrong content (e.g. explorer UI on
sankofa.nexus, or HTML on RPC hostname) usually means NPM upstream or DNS is wrong — fix withupdate-npmplus-proxy-hosts-api.shand ALL_VMIDS_ENDPOINTS.md. - 301 on
www.*is intentional; content is judged on the apex hostname after redirect.
Inventory alignment: Public hostnames above follow DOMAIN_TYPES_ALL in scripts/verify/verify-end-to-end-routing.sh plus keycloak.sankofa.nexus, docs.d-bis.org, blockscout.defi-oracle.io, and xom-dev hosts. admin.sankofa.nexus, portal.sankofa.nexus, and dash.sankofa.nexus are product-intent hostnames—add to NPM and the E2E script when upstreams are wired. Add new rows here when you add NPM hosts.