proxmox/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md

Complete VMID and Endpoints Reference

Last Updated: 2026-03-30
Document Version: 1.2
Status: Active Documentation — Master (source of truth) for VMID, IP, port, and domain mapping. See MASTER_DOCUMENTATION_INDEX.md.

Operational template (hosts, peering, deployment gates, JSON): ../03-deployment/PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md · config/proxmox-operational-template.json

---

Date: 2026-01-20
Status: Current Active Configuration (Verified)
Last Updated: 2026-01-20
Verification Status: ✅ Complete - All VMIDs verified across 3 hosts

---

Quick Summary

• Total VMIDs: 50+ (excluding deprecated Cloudflared)
• Running: 45+
• Stopped: 5
• Infrastructure Services: 10
• Blockchain Nodes: 22 (Validators: 5, Sentries: 4, RPC: 13)
• Application Services: 22

---

Infrastructure Services

Proxmox Infrastructure (r630-01)

Host note (verified 2026-03-30): CTs 100–105 run on r630-01 (192.168.11.11), not r630-02. Older notes may say r630-02; use pct list on each node to confirm if you move guests.

VMID	IP Address	Hostname	Status	Endpoints	Purpose
100	192.168.11.32	proxmox-mail-gateway	✅ Running	SMTP: 25, 587, 465	Proxmox Mail Proxy / email gateway (LAN SMTP relay); 587/465 enabled on Postfix (master.cf append 2026-03-30)
101	192.168.11.33	proxmox-datacenter-manager	✅ Running	Web: 8006	Datacenter management
103	192.168.11.30	omada	✅ Running	Web: 8043	Omada controller
104	192.168.11.31	gitea	✅ Running	Web: 80, 443	Git repository
105	192.168.11.26	nginxproxymanager	✅ Running	Web: 80, 81, 443	Nginx Proxy Manager (legacy)
130	192.168.11.27	monitoring-1	✅ Running	Web: 80, 443	Monitoring services — Proxmox node not re-verified 2026-03-30 (confirm with pct list if needed).

Proxmox Mail Proxy (VMID 100): On Proxmox VE this CT is the mail proxy / gateway for the lab (proxmox-mail-gateway, 192.168.11.32). Postfix listens on 25, 587 (STARTTLS, smtpd_tls_security_level=may), and 465 (SMTPS wrapper) for 192.168.11.0/24 without SMTP AUTH; the server cert is self-signed (CN=proxmox-mail-gateway, /etc/pmg/pmg-api.pem). Apps should set SMTP_TLS_REJECT_UNAUTHORIZED=false on LAN (see dbis_core/.env.example) or install a trust anchor. Plain 25 remains available for trusted networks. Public SaaS (SES, SendGrid) is optional if you prefer not to relay internally.

NPMplus (r630-01 / r630-02)

VMID	IP Address	Hostname	Status	Endpoints	Purpose
10233	192.168.11.167	npmplus	✅ Running	Web: 80, 81, 443	NPMplus reverse proxy
10234	192.168.11.168	npmplus-secondary	✅ Running	Web: 80, 81, 443	NPMplus secondary (HA); restarted 2026-02-03

Note: NPMplus primary is on VLAN 11 (192.168.11.167). Secondary NPMplus instance on r630-02 for HA configuration.

Operational note (2026-03-26): if 192.168.11.167:81 accepts TCP but hangs without returning HTTP, CT 10233 may be wedged even when networking looks healthy. Rebooting it from r630-01 with pct reboot 10233 restored the expected 301 on port 81 and unblocked the API updater.

---

RPC Translator Supporting Services

VMID	IP Address	Hostname	Status	Endpoints	Purpose
106	192.168.11.110	redis-rpc-translator	✅ Running	Redis: 6379	Distributed nonce management
107	192.168.11.111	web3signer-rpc-translator	✅ Running	Web3Signer: 9000	Transaction signing
108	192.168.11.112	vault-rpc-translator	✅ Running	Vault: 8200	Secrets management

---

Blockchain Nodes - Validators (ChainID 138)

VMID	IP Address	Hostname	Status	Endpoints	Purpose
1000	192.168.11.100	besu-validator-1	✅ Running	P2P: 30303, Metrics: 9545	Validator node 1
1001	192.168.11.101	besu-validator-2	✅ Running	P2P: 30303, Metrics: 9545	Validator node 2
1002	192.168.11.102	besu-validator-3	✅ Running	P2P: 30303, Metrics: 9545	Validator node 3
1003	192.168.11.103	besu-validator-4	✅ Running	P2P: 30303, Metrics: 9545	Validator node 4
1004	192.168.11.104	besu-validator-5	✅ Running	P2P: 30303, Metrics: 9545	Validator node 5

---

Blockchain Nodes - Sentries (ChainID 138)

VMID	IP Address	Hostname	Status	Endpoints	Purpose
1500	192.168.11.150	besu-sentry-1	✅ Running	P2P: 30303, Metrics: 9545	Sentry node 1
1501	192.168.11.151	besu-sentry-2	✅ Running	P2P: 30303, Metrics: 9545	Sentry node 2
1502	192.168.11.152	besu-sentry-3	✅ Running	P2P: 30303, Metrics: 9545	Sentry node 3
1503	192.168.11.153	besu-sentry-4	✅ Running	P2P: 30303, Metrics: 9545	Sentry node 4
1504	192.168.11.154	besu-sentry-ali	✅ Running	P2P: 30303, Metrics: 9545	Sentry node (Ali)
1505	192.168.11.213	besu-sentry-alltra-1	✅ Running	P2P: 30303, Metrics: 9545	Sentry (Alltra 1)
1506	192.168.11.214	besu-sentry-alltra-2	✅ Running	P2P: 30303, Metrics: 9545	Sentry (Alltra 2)

Note: 1505-1506 moved from .170/.171 to .213/.214 (2026-02-01) to free CCIP Ops interim range.

---

RPC Nodes - NEW VMID Structure (ChainID 138)

Migration Status: ✅ Complete (2026-01-18)

All RPC nodes have been migrated to a new VMID structure for better organization.

Core RPC Nodes

VMID	IP Address	Hostname	Status	Block	Peers	Endpoints	Purpose
2101	192.168.11.211	besu-rpc-core-1	✅ Running	1,145,367	7	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Core RPC node
2201	192.168.11.221	besu-rpc-public-1	✅ Running	1,145,367	7	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Public RPC node (FIXED PERMANENT)
2301	192.168.11.232	besu-rpc-private-1	⏸️ Stopped	-	-	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Private RPC node (startup error)

Named RPC Nodes (Ali/Luis/Putu)

VMID	IP Address	Hostname	Status	Block	Peers	Endpoints	Purpose
2303	192.168.11.233	besu-rpc-ali-0x8a	✅ Running	1,145,367	7	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Ali RPC (0x8a identity)
2304	192.168.11.234	besu-rpc-ali-0x1	✅ Running	1,145,367	7	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Ali RPC (0x1 identity)
2305	192.168.11.235	besu-rpc-luis-0x8a	✅ Running	1,145,367	7	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Luis RPC (0x8a identity)
2306	192.168.11.236	besu-rpc-luis-0x1	✅ Running	1,145,367	7	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Luis RPC (0x1 identity)
2307	192.168.11.237	besu-rpc-putu-0x8a	✅ Running	1,145,367	7	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Putu RPC (0x8a identity)
2308	192.168.11.238	besu-rpc-putu-0x1	✅ Running	1,145,367	7	Besu: 8545/8546, P2P: 30303, Metrics: 9545	Putu RPC (0x1 identity)

ThirdWeb RPC Nodes

VMID	IP Address	Hostname	Status	Block	Peers	Endpoints	Purpose
2400	192.168.11.240	thirdweb-rpc-1	✅ Running	1,149,992	2	Nginx: 443, Besu: 8545/8546, P2P: 30303, Metrics: 9545, Translator: 9645/9646	ThirdWeb RPC with translator (primary)
2401	192.168.11.241	besu-rpc-thirdweb-0x8a-1	✅ Running	1,149,992	2	Besu: 8545/8546, P2P: 30303, Metrics: 9545	ThirdWeb RPC instance 1
2402	192.168.11.242	besu-rpc-thirdweb-0x8a-2	✅ Running	1,149,992	2	Besu: 8545/8546, P2P: 30303, Metrics: 9545	ThirdWeb RPC instance 2
2403	192.168.11.243	besu-rpc-thirdweb-0x8a-3	✅ Running	600,172	0	Besu: 8545/8546, P2P: 30303	ThirdWeb RPC instance 3 (syncing)

Note: VMID 2400 is the primary ThirdWeb RPC with Nginx and RPC Translator. VMID 2403 metrics disabled due to port conflict, node is syncing.

Public Domain: rpc.public-0138.defi-oracle.io → Routes to VMID 2400:443

---

OLD RPC Nodes (Decommissioned)

Status: ✅ DECOMMISSIONED (2026-01-18)

The following VMIDs have been permanently removed:

VMID	Old IP Address	Old Hostname	Status	Replaced By
2500	192.168.11.250	besu-rpc-1	🗑️ Destroyed	VMID 2101
2501	192.168.11.251	besu-rpc-2	🗑️ Destroyed	VMID 2201
2502	192.168.11.252	besu-rpc-3	🗑️ Destroyed	VMID 2301
2503	192.168.11.253	besu-rpc-ali-0x8a	🗑️ Destroyed	VMID 2303
2504	192.168.11.254	besu-rpc-ali-0x1	🗑️ Destroyed	VMID 2304
2505	192.168.11.201	besu-rpc-luis-0x8a	🗑️ Destroyed	VMID 2305
2506	192.168.11.202	besu-rpc-luis-0x1	🗑️ Destroyed	VMID 2306
2507	192.168.11.203	besu-rpc-putu-0x8a	🗑️ Destroyed	VMID 2307
2508	192.168.11.204	besu-rpc-putu-0x1	🗑️ Destroyed	VMID 2308

Public Domains (need updating to new IPs):

• rpc-http-prv.d-bis.org → Should route to new RPC nodes
• rpc-ws-prv.d-bis.org → Should route to new RPC nodes
• rpc-http-pub.d-bis.org → Should route to new RPC nodes
• rpc-ws-pub.d-bis.org → Should route to new RPC nodes
• rpc.public-0138.defi-oracle.io → Should route to 2401-2403

---

Application Services

Blockchain Explorer

VMID	IP Address	Hostname	Status	Endpoints	Purpose
5000	192.168.11.140	blockscout-1	✅ Running	Web: 80, 443; API: 4000	Blockchain explorer

Public Domain: explorer.d-bis.org → Routes to VMID 5000:80 (nginx serves web UI, proxies /api/* to port 4000)

---

Firefly

VMID	IP Address	Hostname	Status	Endpoints	Purpose
6200	192.168.11.35	firefly-1	✅ Running	Web: 80, 443, API: 5000	Firefly DLT platform
6201	192.168.11.57	firefly-ali-1	✅ Running	Web: 80, 443, API: 5000	Firefly (Ali instance)

Note: Firefly instances run on r630-02. VMID 6200 also on r630-02.

---

DBIS RTGS first-slice sidecars

VMID	IP Address	Hostname	Status	Endpoints	Purpose
5802	192.168.11.89	rtgs-scsm-1	✅ Running	App: 8080, Redis: 6379	DBIS RTGS mifos-fineract-sidecar / SCSM
5803	192.168.11.90	rtgs-funds-1	✅ Running	App: 8080, Redis: 6379	DBIS RTGS server-funds-sidecar
5804	192.168.11.92	rtgs-xau-1	✅ Running	App: 8080, Redis: 6379	DBIS RTGS off-ledger-2-on-ledger-sidecar

Operational note (2026-03-28/29):

• These three sidecars are deployed internally on r630-02 and return local actuator health.
• They can reach the live Mifos / Fineract surface on VMID 5800 at the HTTP layer.
• Canonical authenticated RTGS flow is still pending final Fineract tenant/auth freeze, so these should currently be treated as runtime deployed, functionally partial.

---

Hyperledger Fabric

VMID	IP Address	Hostname	Status	Endpoints	Purpose
6000	192.168.11.65	fabric-1	✅ Running	Peer: 7051, Orderer: 7050	Hyperledger Fabric network

---

Hyperledger Indy

VMID	IP Address	Hostname	Status	Endpoints	Purpose
6400	192.168.11.64	indy-1	✅ Running	Indy: 9701-9708	Hyperledger Indy network

---

Hyperledger Aries / AnonCreds

VMID	IP Address	Hostname	Status	Endpoints	Purpose
6500	192.168.11.88	aries-1	✅ Running	ACA-Py DIDComm: 8030, Admin API: 8031	Hyperledger Aries / AnonCreds agent runtime

---

Hyperledger Caliper

VMID	IP Address	Hostname	Status	Endpoints	Purpose
6600	192.168.11.93	caliper-1	✅ Running	Local CLI workspace, outbound RPC to 192.168.11.211:8545 / 8546	Hyperledger Caliper benchmark harness

---

DBIS Core Services

VMID	IP Address	Hostname	Status	Endpoints	Purpose
10100	192.168.11.105	dbis-postgres-primary	✅ Running	PostgreSQL: 5432	Primary database
10101	192.168.11.106	dbis-postgres-replica-1	✅ Running	PostgreSQL: 5432	Database replica
10120	192.168.11.125	dbis-redis	✅ Running	Redis: 6379	Cache layer
10130	192.168.11.130	dbis-frontend	✅ Running	Web: 80, 443	Admin + secure web shell (see canonical hostnames below)
10150	192.168.11.155	dbis-api-primary	✅ Running	TCP 3000	Placeholder: python3 -m http.server 3000 (not dbis_core Node API). Host: r630-01. SMTP template: /tmp/smtp.env.example (via pct push / operator; copy into /opt/dbis-core/.env when the real API is deployed).
10151	192.168.11.156	dbis-api-secondary	✅ Running	TCP 3000	Same as 10150 (placeholder static server).

Canonical public hostnames (operator intent)

Hostname	Role	Typical NPM upstream (today)
d-bis.org	Public institutional web	TBD — Gov Portals DBIS Next app or static export when cut over
admin.d-bis.org	Admin console	VMID 10130 :80
secure.d-bis.org	Member secure portal	VMID 10130 :80 (path-based routing; see below)
core.d-bis.org	DBIS Core banking — client portal (dbis_core)	TBD — wire when UI/API for core banking clients is exposed (often 10150/10151 or dedicated LXC)

Legacy: dbis-admin.d-bis.org → same upstream as admin.d-bis.org if still in DNS.

Public Domains (inventory):

• admin.d-bis.org → VMID 10130:80 (canonical admin)
• dbis-admin.d-bis.org → VMID 10130:80 (legacy alias, if configured)
• secure.d-bis.org → VMID 10130:80
• dbis-api.d-bis.org → NPM target VMID 10150:3000 (currently static placeholder, not production API)
• dbis-api-2.d-bis.org → NPM target VMID 10151:3000 (placeholder)

No other LAN host in this inventory currently exposes the compiled dbis_core integration API; 192.168.11.150 / .151 from older deployment notes were unreachable from the operator LAN (2026-03-30). Deploy Node + systemd on 10150/10151 (or update NPM to a new upstream) when the API is ready.

---

Miracles In Motion (MIM4U)

VMID	IP Address	Hostname	Status	Endpoints	Purpose
7810	192.168.11.37	mim-web-1	✅ Running	Web: 80, 443	MIM4U web frontend
7811	192.168.11.36	mim-api-1	✅ Running	Web: 80, 443, API: Various	MIM4U service (web + API)

Public Domains (NPMplus config):

• mim4u.org → Routes to http://192.168.11.37:80 (VMID 7810 mim-web-1)
• www.mim4u.org → Routes to http://192.168.11.37:80 (VMID 7810; optional NPMplus redirect www → apex)
• secure.mim4u.org → Routes to http://192.168.11.37:80 (VMID 7810)
• training.mim4u.org → Routes to http://192.168.11.37:80 (VMID 7810)

Note: All MIM4U domains route to VMID 7810 (mim-web-1) at 192.168.11.37. nginx on 7810 proxies /api/ to VMID 7811 (192.168.11.36:3001).

---

Sankofa Phoenix Services

Status: ✅ DEPLOYED AND OPERATIONAL (2026-01-20)

Verified Deployed Services:

VMID	IP Address	Hostname	Status	Endpoints	Purpose
7800	192.168.11.50	sankofa-api-1	✅ Running	GraphQL: 4000, Health: /health	Phoenix API (Cloud Platform Portal)
7801	192.168.11.51	sankofa-portal-1	✅ Running	Web: 3000	Hybrid cloud client portal (portal.sankofa.nexus / admin.sankofa.nexus when NPM routes); not the long-term corporate apex app — see IP_SANKOFA_PUBLIC_WEB / sync-sankofa-public-web-to-ct.sh
7802	192.168.11.52	sankofa-keycloak-1	✅ Running	Keycloak: 8080, Admin: /admin	Identity and Access Management
7803	192.168.11.53	sankofa-postgres-1	✅ Running	PostgreSQL: 5432	Database Service
7804	192.168.11.54	(Gov Portals dev)	✅ Running	Web: 80	Gov Portals — DBIS, ICCC, OMNL, XOM (*.xom-dev.phoenix.sankofa.nexus)
7805	192.168.11.72	sankofa-studio	—	API: 8000	Sankofa Studio (FusionAI Creator) — studio.sankofa.nexus (IP .72; .55 = VMID 10230 order-vault)
7806	192.168.11.63	sankofa-public-web	✅ Running	Web: 3000	Corporate / marketing Next.js (Sankofa repo root); provision: scripts/deployment/provision-sankofa-public-web-lxc-7806.sh; deploy: scripts/deployment/sync-sankofa-public-web-to-ct.sh; NPM apex via IP_SANKOFA_PUBLIC_WEB (.env or override)

Public Domains (NPMplus routing):

• sankofa.nexus / www.sankofa.nexus → **IP_SANKOFA_PUBLIC_WEB:SANKOFA_PUBLIC_WEB_PORT** (typical: **7806** 192.168.11.63:3000when.envsetsIP_SANKOFA_PUBLIC_WEB; else defaults to portal **7801**); fleet script: scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh. **www** → **301** → apex https://sankofa.nexus ($request_uri`). ✅
• portal.sankofa.nexus / admin.sankofa.nexus → IP_SANKOFA_CLIENT_SSO:SANKOFA_CLIENT_SSO_PORT** (typical: 7801 :3000). NextAuth / OIDC public URL: **https://portal.sankofa.nexus`. ✅ when NPM proxy rows exist (fleet script creates/updates them).
• dash.sankofa.nexus → Set IP_SANKOFA_DASH (+ SANKOFA_DASH_PORT) in config/ip-addresses.conf to enable upstream in the fleet script; IP allowlist at NPM is operator policy. 🔶 until dash app + env are set.
• phoenix.sankofa.nexus → Routes to http://192.168.11.50:4000 (Phoenix API/VMID 7800) ✅
• www.phoenix.sankofa.nexus → Same upstream; 301 to https://phoenix.sankofa.nexus. ✅
• the-order.sankofa.nexus / www.the-order.sankofa.nexus → OSJ management portal (secure auth). App source: the_order at ~/projects/the_order. NPMplus default upstream: order-haproxy http://192.168.11.39:80 (VMID 10210), which proxies to Sankofa portal http://192.168.11.51:3000 (7801). Fallback: set THE_ORDER_UPSTREAM_IP / THE_ORDER_UPSTREAM_PORT to .51 / 3000 if HAProxy is offline. www.the-order.sankofa.nexus → 301 https://the-order.sankofa.nexus (same as www.sankofa / www.phoenix).
• studio.sankofa.nexus → Routes to http://192.168.11.72:8000 (Sankofa Studio / VMID 7805)

Public verification evidence (2026-03-26): bash scripts/verify/verify-end-to-end-routing.sh --profile=public passed with Failed: 0; Sankofa root, Phoenix, Studio, and The Order returned 200. See verification_report.md.

Service Details:

• Host: r630-01 (192.168.11.11)
• Network: VLAN 11 (192.168.11.0/24)
• Gateway: 192.168.11.1
• All services verified and operational

Note: Sankofa services are deployed on VLAN 11 (192.168.11.x) as intended. All services are running and accessible.

---

The Order — microservices (r630-01)

VMID	IP Address	Hostname	Status	Endpoints	Purpose
10030	192.168.11.40	order-identity	✅ Running	API	Identity
10040	192.168.11.41	order-intake	✅ Running	API	Intake
10050	192.168.11.49	order-finance	✅ Running	API	Finance
10060	192.168.11.42	order-dataroom	✅ Running	Web: 80	Dataroom
10070	192.168.11.87	order-legal	✅ Running	API	Legal — use IP_ORDER_LEGAL (.87); not .54
10080	192.168.11.43	order-eresidency	✅ Running	API	eResidency
10090	192.168.11.36	order-portal-public	✅ Running	Web	Public portal
10091	192.168.11.35	order-portal-internal	✅ Running	Web	Internal portal
10092	192.168.11.94	order-mcp-legal	✅ Running	API	MCP legal — moved off .37 on 2026-03-29 to avoid MIM4U ARP conflict
10200	192.168.11.46	order-prometheus	✅ Running	9090	Metrics (IP_ORDER_PROMETHEUS; not Order Redis)
10201	192.168.11.47	order-grafana	✅ Running	3000	Dashboards
10202	192.168.11.48	order-opensearch	✅ Running	9200	Search
10210	192.168.11.39	order-haproxy	✅ Running	80 (HAProxy → portal :3000)	Edge for the-order.sankofa.nexus; HAProxy config via config/haproxy/order-haproxy-10210.cfg.template + scripts/deployment/provision-order-haproxy-10210.sh

Gov portals vs Order: VMID 7804 alone uses 192.168.11.54 (IP_GOV_PORTALS_DEV). Order-legal must not use .54.

MIM4U vs order-mcp-legal: VMID 7810 alone uses 192.168.11.37 (IP_MIM_WEB). VMID 10092 now uses 192.168.11.94 (IP_ORDER_MCP_LEGAL) after the 2026-03-29 ARP conflict fix.

---

Phoenix Vault Cluster (8640-8642)

VMID	IP Address	Hostname	Status	Endpoints	Purpose
8640	192.168.11.200	vault-phoenix-1	✅ Running	Vault: 8200	Phoenix Vault node 1
8641	192.168.11.215	vault-phoenix-2	✅ Running	Vault: 8200	Phoenix Vault node 2
8642	192.168.11.202	vault-phoenix-3	✅ Running	Vault: 8200	Phoenix Vault node 3

Note: 8641 moved from .201 to .215 (2026-02-01) to free CCIP Execute interim range. See IP_CONFLICTS_CCIP_RANGE_RESOLVED_20260201.md.

---

Other Services

VMID	IP Address	Hostname	Status	Endpoints	Purpose	Notes
5800	192.168.11.85	(Mifos)	✅ Running	Web: 80	Mifos X + Fineract (OMNL)	LXC on r630-02; mifos.d-bis.org; see MIFOS_R630_02_DEPLOYMENT.md
5801	192.168.11.58	dapp-smom	—	Web: 80	DApp (frontend-dapp) for Chain 138 bridge	LXC; see DAPP_LXC_DEPLOYMENT.md; NPMplus/tunnel dapp.d-bis.org
10232	192.168.11.56	CT10232	✅ Running	Various	Container service	✅ IP CONFLICT RESOLVED
10234	192.168.11.168	npmplus-secondary	⏸️ Stopped	Web: 80, 81, 443	NPMplus secondary (HA)	On r630-02

---

Oracle & Monitoring

VMID	IP Address	Hostname	Status	Endpoints	Purpose
3500	192.168.11.29	oracle-publisher-1	✅ Running (verify on-chain)	Oracle: Various	r630-02 thin5. Reprovisioned 2026-03-28 via scripts/deployment/provision-oracle-publisher-lxc-3500.sh (systemd oracle-publisher). If updateAnswer txs revert, set PRIVATE_KEY in /opt/oracle-publisher/.env to an EOA authorized on the aggregator (may differ from deployer). Metrics: :8000/metrics.
3501	192.168.11.28	ccip-monitor-1	✅ Running	Monitor: Various	CCIP monitoring; migrated 2026-03-28 to r630-02 thin5 (pvesh … /migrate --target-storage thin5).
5200	192.168.11.80	cacti-1	✅ Running	Web: 80, 443	Network monitoring (Cacti); host r630-02 (migrated 2026-02-15)

---

Machine Learning Nodes

VMID	IP Address	Hostname	Status	Endpoints	Purpose
3000	192.168.11.60	ml110	✅ Running	ML Services: Various	ML node 1
3001	192.168.11.61	ml110	✅ Running	ML Services: Various	ML node 2
3002	192.168.11.62	ml110	✅ Running	ML Services: Various	ML node 3
3003	192.168.11.63	ml110	✅ Running	ML Services: Various	ML node 4

---

Port Reference

Standard Besu Ports

• 8545: HTTP JSON-RPC
• 8546: WebSocket JSON-RPC
• 30303: P2P networking (TCP/UDP)
• 9545: Prometheus metrics

Standard Application Ports

• 80: HTTP
• 443: HTTPS
• 3000: Node.js API
• 5432: PostgreSQL
• 6379: Redis
• 9000: Web3Signer
• 8200: Vault

---

Network Architecture

Public Internet Access Flow

Internet
  ↓
Cloudflare (DNS + DDoS Protection)
  ↓
NPMplus (VMID 10233: 192.168.0.166:443)
  ↓
VM Nginx (443) → Backend Services

Internal RPC Access

Internal Network (192.168.11.0/24)
  ↓
Direct to RPC Nodes:
  - VMID 2101: 192.168.11.211:8545 (HTTP) / 8546 (WS) - Core RPC
  - VMID 2201: 192.168.11.221:8545 (HTTP) / 8546 (WS) - Public RPC
  - VMID 2303: 192.168.11.233:8545 (HTTP) / 8546 (WS) - Ali 0x8a
  - VMID 2304: 192.168.11.234:8545 (HTTP) / 8546 (WS) - Ali 0x1
  - VMID 2305: 192.168.11.235:8545 (HTTP) / 8546 (WS) - Luis 0x8a
  - VMID 2306: 192.168.11.236:8545 (HTTP) / 8546 (WS) - Luis 0x1
  - VMID 2307: 192.168.11.237:8545 (HTTP) / 8546 (WS) - Putu 0x8a
  - VMID 2308: 192.168.11.238:8545 (HTTP) / 8546 (WS) - Putu 0x1
  - VMID 2400: 192.168.11.240:8545 (HTTP) / 8546 (WS) - ThirdWeb Primary
  - VMID 2401: 192.168.11.241:8545 (HTTP) / 8546 (WS) - ThirdWeb 1
  - VMID 2402: 192.168.11.242:8545 (HTTP) / 8546 (WS) - ThirdWeb 2
  - VMID 2403: 192.168.11.243:8545 (HTTP) / 8546 (WS) - ThirdWeb 3

---

Known Issues & Notes

✅ IP Address Conflicts - RESOLVED

Status: ✅ RESOLVED - All conflicts fixed (2026-01-20)

1. 192.168.11.50: ✅ RESOLVED

   • VMID 7800 (sankofa-api-1): 192.168.11.50 ✅ UNIQUE
   • VMID 10070 (order-legal): 192.168.11.87 (IP_ORDER_LEGAL) — moved off .54 2026-03-25 (ARP conflict with VMID 7804 gov-portals) ✅

2. 192.168.11.51: ✅ RESOLVED

   • VMID 7801 (sankofa-portal-1): 192.168.11.51 ✅ UNIQUE
   • VMID 10230 (order-vault): Reassigned to 192.168.11.55 ✅

3. 192.168.11.52: ✅ RESOLVED

   • VMID 7802 (sankofa-keycloak-1): 192.168.11.52 ✅ UNIQUE
   • VMID 10232 (CT10232): Reassigned to 192.168.11.56 ✅

4. 192.168.11.55: ✅ IN USE — VMID 10230 (order-vault) only. Sankofa Studio (VMID 7805) uses 192.168.11.72 to avoid conflict.

Resolution: All IP conflicts resolved using scripts/resolve-ip-conflicts.sh

Verification: ✅ All IPs verified unique, all services operational

IP conflicts (canonical): reports/status/IP_CONFLICTS_RESOLUTION_COMPLETE.md; CCIP range move: reports/status/IP_CONFLICTS_CCIP_RANGE_RESOLVED_20260201.md. Script: scripts/resolve-ip-conflicts.sh (uses config/ip-addresses.conf).

---

Port Conflicts

1. VMID 2400: Port conflict resolved ✅
   • Previous: Besu metrics (9545) conflicted with RPC Translator HTTP (9545)
   • Resolution: Translator moved to 9645/9646 (completed)
   • Current: Nginx routes to translator on 9645/9646

NPMplus Routing Issues

1. rpc.public-0138.defi-oracle.io: Currently routes to wrong VMID
   • Current: https://192.168.11.252:443 (VMID 2502 - decommissioned)
   • Should be: https://192.168.11.240:443 (VMID 2400)
   • Fix: Update NPMplus proxy host configuration

---

Quick Access Commands

Test RPC Endpoints

# Public RPC (HTTP)
curl -X POST https://rpc-http-pub.d-bis.org \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

# Private RPC (HTTP) - requires JWT
curl -X POST https://rpc-http-prv.d-bis.org \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <JWT_TOKEN>' \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

# ThirdWeb RPC
curl -X POST https://rpc.public-0138.defi-oracle.io \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'

Check Container Status

# From Proxmox host
pct status <VMID>
qm status <VMID>

# Check specific service
pct exec <VMID> -- systemctl status <service-name>

---

Related Documentation

• VMID IP List: reports/VMID_IP_ADDRESS_LIST.md
• NPMplus Setup: docs/04-configuration/NPMPLUS_COMPLETE_SETUP_SUMMARY.md
• Nginx Configurations: docs/04-configuration/NGINX_CONFIGURATIONS_VMIDS_2400-2508.md
• RPC Translator: rpc-translator-138/VMID_ALLOCATION.md

---

---

NPMplus Endpoint Configuration Reference

This section lists all endpoints that should be configured in NPMplus, extracted from NPM (VMID 105) configuration files.

Complete NPMplus Domain Mapping

Domain	Target	Scheme	Port	WebSocket	Notes
RPC Services
rpc.public-0138.defi-oracle.io	192.168.11.240	https	443	✅ Yes	ThirdWeb RPC (VMID 2400)
rpc-http-pub.d-bis.org	192.168.11.221	https	443	✅ Yes	Public RPC (VMID 2201)
rpc-ws-pub.d-bis.org	192.168.11.221	https	443	✅ Yes	Public WebSocket RPC (VMID 2201)
rpc-http-prv.d-bis.org	192.168.11.211	https	443	✅ Yes	Private RPC with JWT (VMID 2101)
rpc-ws-prv.d-bis.org	192.168.11.211	https	443	✅ Yes	Private WebSocket RPC with JWT (VMID 2101)
Explorer
explorer.d-bis.org	192.168.11.140	http	4000	❌ No	Blockchain Explorer (VMID 5000 - Direct Route)
DBIS Services
d-bis.org	192.168.11.54	http	3001	❌ No	Public apex — Gov Portals DBIS on 7804 (override IP_DBIS_PUBLIC_APEX / DBIS_PUBLIC_APEX_PORT)
www.d-bis.org	192.168.11.54	http	3001	❌ No	Same upstream as apex; NPM 301 → https://d-bis.org when advanced_config set by fleet script
admin.d-bis.org	192.168.11.130	http	80	❌ No	DBIS admin console (VMID 10130); canonical
dbis-admin.d-bis.org	192.168.11.130	http	80	❌ No	Legacy alias — same upstream as admin.d-bis.org
core.d-bis.org	192.168.11.155	http	3000	❌ No	DBIS Core client portal — default 10150 until IP_DBIS_CORE_CLIENT / DBIS_CORE_CLIENT_PORT repointed
dbis-api.d-bis.org	192.168.11.155	http	3000	❌ No	VMID 10150 — placeholder static server until Node API deployed
dbis-api-2.d-bis.org	192.168.11.156	http	3000	❌ No	VMID 10151 — placeholder
secure.d-bis.org	192.168.11.130	http	80	❌ No	DBIS Secure Portal (VMID 10130) - Path-based routing
MIM4U Services
mim4u.org	192.168.11.37	http	80	❌ No	MIM4U Main Site (VMID 7810 mim-web-1)
www.mim4u.org	192.168.11.37	http	80	❌ No	MIM4U (VMID 7810; optional redirect www → apex)
secure.mim4u.org	192.168.11.37	http	80	❌ No	MIM4U Secure Portal (VMID 7810)
training.mim4u.org	192.168.11.37	http	80	❌ No	MIM4U Training Portal (VMID 7810)
Sankofa Phoenix Services
sankofa.nexus	IP_SANKOFA_PUBLIC_WEB (default .51 until public-web CT)	http	SANKOFA_PUBLIC_WEB_PORT (3000)	❌ No	Corporate apex; fleet script update-npmplus-proxy-hosts-api.sh
www.sankofa.nexus	same as apex	http	same	❌ No	301 → https://sankofa.nexus
portal.sankofa.nexus	IP_SANKOFA_CLIENT_SSO (typ. .51 / 7801)	http	SANKOFA_CLIENT_SSO_PORT (3000)	❌ No	Client SSO portal; NEXTAUTH_URL=https://portal.sankofa.nexus
admin.sankofa.nexus	same as portal	http	same	❌ No	Client access admin (same upstream until split)
dash.sankofa.nexus	IP_SANKOFA_DASH (set in ip-addresses.conf)	http	SANKOFA_DASH_PORT	❌ No	Operator dash — row omitted from fleet script until IP_SANKOFA_DASH set
phoenix.sankofa.nexus	192.168.11.50	http	4000	❌ No	Phoenix API - Cloud Platform Portal (VMID 7800) ✅ Deployed
www.phoenix.sankofa.nexus	192.168.11.50	http	4000	❌ No	Phoenix API (VMID 7800) ✅ Deployed
the-order.sankofa.nexus, www.the-order.sankofa.nexus	192.168.11.39 (10210 HAProxy; default) or 192.168.11.51 (direct portal if env override)	http	80 or 3000	❌ No	NPM → .39:80 by default; HAProxy → .51:3000
studio.sankofa.nexus	192.168.11.72	http	8000	❌ No	Sankofa Studio (FusionAI Creator) — VMID 7805

Path-Based Routing Notes

Some domains use path-based routing in NPM configs:

secure.d-bis.org:

• /admin → http://192.168.11.130:80 (DBIS Frontend)
• /api → http://192.168.11.155:3000 (intended DBIS API — upstream is placeholder until 10150 runs dbis_core)
• /graph → http://192.168.11.155:3000 (same)
• / → http://192.168.11.130:80 (DBIS Frontend)

sankofa.nexus (intent): corporate marketing at IP_SANKOFA_PUBLIC_WEB; portal.sankofa.nexus serves the authenticated portal at IP_SANKOFA_CLIENT_SSO. Legacy path-based splits (if any) should be reconciled with EXPECTED_WEB_CONTENT.md.

Note: NPMplus may need custom location blocks or separate proxy hosts for path-based routing.

NPMplus routing (authoritative targets)

Use this document as the source of truth for domain → VMID:port. Only explorer.d-bis.org should point to Blockscout (VMID 5000, 192.168.11.140). All other domains must point to their correct VMID and port:

Domain	Correct target (VMID, IP:port)	Do NOT point to
explorer.d-bis.org	5000, 192.168.11.140:80 (web), :4000 (API)	—
sankofa.nexus, www.sankofa.nexus	Public web: target 7806 (or IP_SANKOFA_PUBLIC_WEB) when split; defaults still 7801, 192.168.11.51:3000	192.168.11.140 (Blockscout)
portal.sankofa.nexus, admin.sankofa.nexus	7801, 192.168.11.51:3000 (IP_SANKOFA_CLIENT_SSO)	192.168.11.140 (Blockscout)
dash.sankofa.nexus	Set IP_SANKOFA_DASH when operator dash exists	192.168.11.140 (Blockscout)
phoenix.sankofa.nexus, www.phoenix.sankofa.nexus	7800, 192.168.11.50:4000	192.168.11.140 (Blockscout)
the-order.sankofa.nexus, www.the-order.sankofa.nexus	10210, 192.168.11.39:80	192.168.11.140 (Blockscout)
studio.sankofa.nexus	7805, 192.168.11.72:8000	—

If NPMplus proxy hosts for sankofa.nexus or phoenix.sankofa.nexus currently point to 192.168.11.140, update them to the correct IP:port above. See RPC_ENDPOINTS_MASTER.md and table "Sankofa Phoenix Services" in this document.

Note: All www.* subdomains redirect to their parent domains to reduce the number of proxy host configurations needed.

---

Last Updated: 2026-03-29
Maintained By: Infrastructure Team

---

RPC Node Quick Reference

Active RPC Endpoints (12/13 Running)

IP Address	VMID	Name	Status
192.168.11.211	2101	besu-rpc-core-1	✅ Running
192.168.11.221	2201	besu-rpc-public-1	✅ Running
192.168.11.232	2301	besu-rpc-private-1	⏸️ Stopped
192.168.11.233	2303	besu-rpc-ali-0x8a	✅ Running
192.168.11.234	2304	besu-rpc-ali-0x1	✅ Running
192.168.11.235	2305	besu-rpc-luis-0x8a	✅ Running
192.168.11.236	2306	besu-rpc-luis-0x1	✅ Running
192.168.11.237	2307	besu-rpc-putu-0x8a	✅ Running
192.168.11.238	2308	besu-rpc-putu-0x1	✅ Running
192.168.11.240	2400	thirdweb-rpc-1	✅ Running
192.168.11.241	2401	besu-rpc-thirdweb-0x8a-1	✅ Running
192.168.11.242	2402	besu-rpc-thirdweb-0x8a-2	✅ Running
192.168.11.243	2403	besu-rpc-thirdweb-0x8a-3	✅ Running

Test All RPC Nodes

# Quick test all RPC nodes
for ip in 192.168.11.211 192.168.11.221 192.168.11.233 192.168.11.234 192.168.11.235 192.168.11.236 192.168.11.237 192.168.11.238 192.168.11.240 192.168.11.241 192.168.11.242 192.168.11.243; do
  curl -s -X POST -H "Content-Type: application/json" \
    --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' \
    http://$ip:8545 | grep -q "result" && echo "✓ $ip" || echo "✗ $ip"
done