d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
fbda1b4bebd0be1036952f8343d54298f6026865
proxmox/docs/04-configuration/NPMPLUS_ALLTRA_HYBX_MASTER_PLAN.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

6.0 KiB
Raw Blame History

NPMplus for Alltra and HYBX — Master Plan

Last Updated: 2026-02-06
Document Version: 1.0
Status: Active Documentation

Related: NETWORK_CONFIGURATION_MASTER.md, TUNNEL_ALLTRA_HYBX_INSTALL.md

1. Architecture Overview

Internet
    ↓
Cloudflare DNS (CNAME to tunnel) or Direct (76.53.10.38 / 76.53.10.42)
    ↓
Cloudflare Tunnel (Option B) or UDM Pro Port Forward (76.53.10.38:80/81/443)
    ↓
NPMplus Alltra/HYBX (VMID 10235: 192.168.11.169:80/81/443)
    ↓
Alltra + HYBX Backends (Sentry, RPC, Cacti, Firefly, Fabric, Indy)

Traffic paths:

  • Primary (Option B): Internet → Cloudflare DNS (CNAME to tunnel) → cloudflared connector → NPMplus 192.168.11.169:443 → Alltra/HYBX and Nathan's rpc-core-2 backends
  • Direct/Management: Internet or LAN → 76.53.10.38:80/81/443 → NPMplus 192.168.11.169

Note: This is the third of four NPMplus instances (one per public IP .36.39). See NPMPLUS_FOUR_INSTANCES_MASTER.md.

2. IP and Port Assignments

Resource Value Purpose
Public IP (designated) 76.53.10.42 Primary public IP for Alltra/HYBX NPMplus (DNS A records if using direct)
Port-forward source 76.53.10.38 UDM Pro port forwarding: 80, 81, 443 → 192.168.11.169
Internal IP 192.168.11.169 New NPMplus container (single NIC)
VMID 10235 NPMplus for Alltra/HYBX (10233 = primary, 10234 = HA secondary)
Host r630-01 (192.168.11.11) Same Proxmox host as existing NPMplus

Port forwarding (UDM Pro):

Public Internal Protocol
76.53.10.38:80 192.168.11.169:80 TCP (HTTP)
76.53.10.38:81 192.168.11.169:81 TCP (NPMplus Admin UI)
76.53.10.38:443 192.168.11.169:443 TCP (HTTPS)

3. Backend Services (Alltra and HYBX)

Network Service VMIDs IPs
ALLTRA Sentries 1505-1506 192.168.11.170-171
RPC 2500-2502 192.168.11.172-174
Firefly 6202-6203 192.168.11.175-176
Cacti 5201 192.168.11.177
Fabric 6001 192.168.11.178
Indy 6401 192.168.11.179
HYBX Sentries 1507-1508 192.168.11.244-245
RPC 2503-2505 192.168.11.246-248
Firefly 6204-6205 192.168.11.249-250
Cacti 5202 192.168.11.251
Fabric 6002 192.168.11.252
Indy 6402 192.168.11.253

4. Cloudflare Tunnel (Option B) Setup

See TUNNEL_ALLTRA_HYBX_INSTALL.md for connector install steps.

  • New tunnel: Create alltra-hybx-npmplus in Cloudflare Zero Trust
  • Tunnel URL: https://192.168.11.169:443 (No TLS Verify)
  • DNS: CNAME Alltra/HYBX hostnames → <tunnel-id>.cfargotunnel.com (Proxied)

5. NPMplus Container

  • VMID: 10235
  • Template: Debian 12 LXC (same as primary NPMplus)
  • Resources: 2 CPU, 2 GB RAM
  • Network: Single NIC, ip=192.168.11.169/24, gw=192.168.11.1
  • Admin UI: https://192.168.11.169:81

6. NPMplus Proxy Hosts (Alltra/HYBX + Nathan core-2)

Domain (example) Backend Port
rpc-core-2.d-bis.org 192.168.11.212 (Nathan RPC, VMID 2102) 8545
rpc-alltra.* 192.168.11.172:8545 (and .173, .174) 8545
rpc-hybx.* 192.168.11.246:8545 (and .247, .248) 8545
cacti-alltra.* 192.168.11.177:80 80
cacti-hybx.* 192.168.11.251:80 80
firefly-alltra-1.d-bis.org, firefly-alltra-2.d-bis.org 192.168.11.175, .176 80 (script adds; add tunnel route + DNS)
firefly-hybx-1.d-bis.org, firefly-hybx-2.d-bis.org 192.168.11.249, .250 80
fabric-alltra.d-bis.org, indy-alltra.d-bis.org 192.168.11.178, .179 80 (adjust in NPM if different)
fabric-hybx.d-bis.org, indy-hybx.d-bis.org 192.168.11.252, .253 80

SSL: Use Let's Encrypt (DNS Challenge + Cloudflare credentials).

7. Execution Phases

Phase Task Notes
1 Update config and docs config/ip-addresses.conf, .env.example
2 Create LXC container 10235 on r630-01 Assign 192.168.11.169
3 Install NPMplus (Docker + NPM) in 10235 Follow NPMPLUS_COMPLETE_SETUP_SUMMARY
4 Configure UDM Pro port forward 76.53.10.38:80/81/443 → 192.168.11.169
5 Create Cloudflare Tunnel Alltra/HYBX hostnames → https://192.168.11.169:443
6 Add DNS CNAME or A records Cloudflare DNS
7 Add NPMplus proxy hosts NPMplus UI or API script
8 Request Let's Encrypt certs NPMplus SSL Certificates
9 End-to-end verification Tunnel and direct 76.53.10.38

8. Security Notes

  • Port 81 (Admin UI): Exposed via 76.53.10.38:81. Restrict to VPN or IP allowlist.
  • Credentials: Use separate NPM admin credentials; avoid reusing primary NPMplus.
  • Cloudflare Tunnel: No inbound ports; connector is outbound-only.

10. Scripts Created

Script Purpose
scripts/npmplus/create-npmplus-alltra-hybx-container.sh Create LXC 10235
scripts/npmplus/install-npmplus-alltra-hybx.sh Install NPMplus in 10235
scripts/nginx-proxy-manager/update-npmplus-alltra-hybx-proxy-hosts.sh Add proxy hosts via API
scripts/verify/verify-npmplus-alltra-hybx.sh Verify connectivity

11. Reference: NPMplus Comparison

Property Primary NPMplus (10233) Alltra/HYBX NPMplus (10235)
Internal IP 192.168.11.166, .167 192.168.11.169
Public port forward 76.53.10.36:80/443 76.53.10.38:80/81/443
Designated public IP 76.53.10.36 76.53.10.42
Tunnel target https://192.168.11.167:443 https://192.168.11.169:443
Host r630-01 r630-01
Backends d-bis.org, mim4u.org, Blockscout, RPC core (6 hostnames), etc. Nathan rpc-core-2, Alltra + HYBX Sentries, RPC, Cacti, Firefly, Fabric, Indy
Reference in New Issue View Git Blame Copy Permalink