fbda1b4beb
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
19 KiB
RPC Endpoints Master Reference
Last Updated: 2026-02-12
Document Version: 1.3
Status: Active Documentation
Date: 2026-01-18
Status: ✅ Active
Last Updated: 2026-02-05
Changelog: Proxy hosts (sankofa/phoenix/mim4u/explorer) corrected; RPC 405 fix via update-npmplus-proxy-hosts-api.sh (block_exploits false for RPC). Exchange Registry path; Crypto.com OTC API path.
Quick Reference
This is the authoritative source for all RPC endpoint configurations. All other documentation and scripts should reference this document.
Edge & port forwarding: UDM Pro (76.53.10.34, replaced ER605). Proxmox hosts: 192.168.11.10 (ml110), 192.168.11.11 (r630-01), 192.168.11.12 (r630-02). NPMplus LXC (VMID 10233) has 192.168.11.166 and 192.168.11.167; only 192.168.11.167 is used in UDM Pro. Port forward: 76.53.10.36:80 → 192.168.11.167:80, 76.53.10.36:443 → 192.168.11.167:443. See NETWORK_CONFIGURATION_MASTER.md.
Canonical RPC URLs (use when setting missing .env / scripts)
| Variable / use | Canonical value | Notes |
|---|---|---|
| Chain 138 (admin/deploy) | http://192.168.11.211:8545 or https://rpc-core.d-bis.org |
RPC_CORE_1 (VMID 2101); use for deploy, scripts on LAN |
| Chain 138 (public / frontend) | https://rpc-http-pub.d-bis.org |
Public RPC (VMID 2201); use in browser, VITE_RPC_URL_138 |
| Ethereum Mainnet | https://eth.llamarpc.com or Infura/Alchemy |
ETHEREUM_MAINNET_RPC or RPC_URL_MAINNET in .env; CCIP relay uses both. Prefer Infura https://mainnet.infura.io/v3/<PROJECT_ID> to avoid 429. |
| ALL Mainnet (651940) | https://mainnet-rpc.alltra.global |
alltra-lifi-settlement, token-lists |
Obtaining RPC URLs (Infura, Etherscan API, public RPCs)
For Ethereum mainnet and other public chains, you can use:
| Source | Type | URL pattern / notes |
|---|---|---|
| Infura | JSON-RPC (key required) | https://mainnet.infura.io/v3/<PROJECT_ID> — infura.io dashboard; free tier, one key. Other networks: https://polygon-mainnet.infura.io/v3/<ID>, https://base-mainnet.infura.io/v3/<ID>, etc. |
| Alchemy | JSON-RPC (key required) | https://eth-mainnet.g.alchemy.com/v2/<API_KEY> — alchemy.com; free tier. Use for production when you need higher rate limits. |
| Etherscan | REST API (explorer, not RPC) | https://api.etherscan.io/api?...&apikey=<KEY> — block explorer API (contract verification, tx history). Not JSON-RPC; use Infura/Alchemy/public RPC for eth_* calls. |
| Public RPCs (no key) | JSON-RPC | https://eth.llamarpc.com, https://ethereum.publicnode.com, https://cloudflare-eth.com, https://eth.drpc.org — rate limited; fine for dev/fallback. See chainlist.org for more. |
Usage: Set ETHEREUM_MAINNET_RPC (or RPC_URL_MAINNET) in .env to one of the above. Prefer Infura/Alchemy with your own key for production; use public RPCs in .env.example and as code fallbacks. Never commit API keys.
CCIP Relay: The relay service (deployed at /opt/smom-dbis-138/services/relay on r630-01) uses VMID 2201 (192.168.11.221:8545) for Chain 138 RPC (RPC_URL_138). For mainnet it uses RPC_URL_MAINNET first, then ETHEREUM_MAINNET_RPC. Set either in services/relay/.env or in smom-dbis-138/.env (relay loads both). Infura mainnet is recommended to avoid public RPC rate limits (429). See 07-ccip/CCIP_RELAY_DEPLOYMENT.md.
Dotenv: The project .env may contain both Infura (RPC URLs, INFURA_GAS_API) and Etherscan/Blockscan (ETHERSCAN_API_KEY) API keys. Use placeholders in .env.example only; see smom-dbis-138/.env.example for the full list.
Active RPC Nodes (12/13 Running)
| VMID | IP Address | Hostname | HTTP RPC | WebSocket RPC | Status |
|---|---|---|---|---|---|
| 2101 | 192.168.11.211 | besu-rpc-core-1 | http://192.168.11.211:8545 |
ws://192.168.11.211:8546 |
✅ Running |
| 2201 | 192.168.11.221 | besu-rpc-public-1 | http://192.168.11.221:8545 |
ws://192.168.11.221:8546 |
✅ Running |
| 2301 | 192.168.11.232 | besu-rpc-private-1 | http://192.168.11.232:8545 |
ws://192.168.11.232:8546 |
⏸️ Stopped |
| 2303 | 192.168.11.233 | besu-rpc-ali-0x8a | http://192.168.11.233:8545 |
ws://192.168.11.233:8546 |
✅ Running |
| 2304 | 192.168.11.234 | besu-rpc-ali-0x1 | http://192.168.11.234:8545 |
ws://192.168.11.234:8546 |
✅ Running |
| 2305 | 192.168.11.235 | besu-rpc-luis-0x8a | http://192.168.11.235:8545 |
ws://192.168.11.235:8546 |
✅ Running |
| 2306 | 192.168.11.236 | besu-rpc-luis-0x1 | http://192.168.11.236:8545 |
ws://192.168.11.236:8546 |
✅ Running |
| 2307 | 192.168.11.237 | besu-rpc-putu-0x8a | http://192.168.11.237:8545 |
ws://192.168.11.237:8546 |
✅ Running |
| 2308 | 192.168.11.238 | besu-rpc-putu-0x1 | http://192.168.11.238:8545 |
ws://192.168.11.238:8546 |
✅ Running |
| 2400 | 192.168.11.240 | thirdweb-rpc-1 | http://192.168.11.240:8545 |
ws://192.168.11.240:8546 |
✅ Running |
| 2401 | 192.168.11.241 | besu-rpc-thirdweb-0x8a-1 | http://192.168.11.241:8545 |
ws://192.168.11.241:8546 |
✅ Running |
| 2402 | 192.168.11.242 | besu-rpc-thirdweb-0x8a-2 | http://192.168.11.242:8545 |
ws://192.168.11.242:8546 |
✅ Running |
| 2403 | 192.168.11.243 | besu-rpc-thirdweb-0x8a-3 | http://192.168.11.243:8545 |
ws://192.168.11.243:8546 |
✅ Running |
Fixed Permanent: VMID 2201 = 192.168.11.221 (besu-rpc-public-1). Do not change. Source: config/ip-addresses.conf.
Public Domain Mappings (NPMplus)
RPC Domains (d-bis.org)
| Domain | Protocol | Target VMID | Target IP | Target Port | WebSocket | Notes |
|---|---|---|---|---|---|---|
rpc-http-pub.d-bis.org |
HTTPS | 2201 | 192.168.11.221 | 8545 | ✅ Yes | Public HTTP RPC |
rpc-ws-pub.d-bis.org |
WSS | 2201 | 192.168.11.221 | 8546 | ✅ Yes | Public WebSocket RPC |
rpc.d-bis.org |
HTTPS | 2201 | 192.168.11.221 | 8545 | ✅ Yes | Primary RPC (same as rpc-http-pub) |
rpc2.d-bis.org |
HTTPS | 2201 | 192.168.11.221 | 8545 | ✅ Yes | Secondary RPC (same as rpc-http-pub) |
ws.rpc.d-bis.org |
WSS | 2201 | 192.168.11.221 | 8546 | ✅ Yes | Primary WebSocket (same as rpc-ws-pub) |
ws.rpc2.d-bis.org |
WSS | 2201 | 192.168.11.221 | 8546 | ✅ Yes | Secondary WebSocket (same as rpc-ws-pub) |
rpc-http-prv.d-bis.org |
HTTPS | 2101 | 192.168.11.211 | 8545 | ✅ Yes | Private HTTP RPC |
rpc-ws-prv.d-bis.org |
WSS | 2101 | 192.168.11.211 | 8546 | ✅ Yes | Private WebSocket RPC |
ThirdWeb RPC (defi-oracle.io)
| Domain | Protocol | Target VMID | Target IP | Target Port | WebSocket | Notes |
|---|---|---|---|---|---|---|
rpc.public-0138.defi-oracle.io |
HTTPS | 2400 | 192.168.11.240 | 443 | ✅ Yes | ThirdWeb RPC (via Nginx) |
rpc.defi-oracle.io |
HTTPS | 2201 | 192.168.11.221 | 8545 | ✅ Yes | Defi Oracle HTTP RPC (same as rpc-http-pub) |
wss.defi-oracle.io |
WSS | 2201 | 192.168.11.221 | 8546 | ✅ Yes | Defi Oracle WebSocket RPC (same as rpc-ws-pub) |
Explorer (d-bis.org)
| Domain | Protocol | Target VMID | Target IP | Target Port | WebSocket | Notes |
|---|---|---|---|---|---|---|
explorer.d-bis.org |
HTTP | 5000 | 192.168.11.140 | 80, 4000 | ❌ No | Blockscout Explorer (web:80, API:4000) |
DBIS Services (d-bis.org)
| Domain | Protocol | Target VMID | Target IP | Target Port | WebSocket | Notes |
|---|---|---|---|---|---|---|
dbis-admin.d-bis.org |
HTTP | 10130 | 192.168.11.130 | 80 | ❌ No | DBIS Admin Frontend |
dbis-api.d-bis.org |
HTTP | 10150 | 192.168.11.155 | 3000 | ❌ No | DBIS API Primary (includes /api/v1/crypto-com-otc) |
dbis-api-2.d-bis.org |
HTTP | 10151 | 192.168.11.156 | 3000 | ❌ No | DBIS API Secondary |
secure.d-bis.org |
HTTP | 10130 | 192.168.11.130 | 80 | ❌ No | DBIS Secure Portal |
Crypto.com OTC: /api/v1/crypto-com-otc - Institutional OTC trading (RFQ, deals, settle-later).
Exchange Registry: /api/v1/exchange - Multi-exchange price (Binance, Kraken, Oanda, FXCM).
See DBIS_CORE_API_REFERENCE.md.
MIM4U Services (mim4u.org)
| Domain | Protocol | Target VMID | Target IP | Target Port | WebSocket | Notes |
|---|---|---|---|---|---|---|
mim4u.org |
HTTP | 7810 | 192.168.11.37 | 80 | ❌ No | MIM4U Main Site (web frontend) |
www.mim4u.org |
Redirect | - | - | - | ❌ No | Redirects to mim4u.org |
secure.mim4u.org |
HTTP | 7810 | 192.168.11.37 | 80 | ❌ No | MIM4U Secure Portal |
training.mim4u.org |
HTTP | 7810 | 192.168.11.37 | 80 | ❌ No | MIM4U Training Portal |
Sankofa Services (sankofa.nexus)
Config TBD: When The Order portal is deployed or Sankofa cutover is completed, update this table and SANKOFA_CUTOVER_PLAN.md with actual IP:port and NPMplus proxy backends.
| Domain | Protocol | Target VMID | Target IP | Target Port | WebSocket | Notes |
|---|---|---|---|---|---|---|
sankofa.nexus |
HTTP | 7801 | 192.168.11.51 | 3000 | ❌ No | Sankofa Portal |
www.sankofa.nexus |
Redirect | - | - | - | ❌ No | Redirects to sankofa.nexus |
phoenix.sankofa.nexus |
HTTP | 7800 | 192.168.11.50 | 4000 | ❌ No | Phoenix API |
www.phoenix.sankofa.nexus |
Redirect | - | - | - | ❌ No | Redirects to phoenix.sankofa.nexus |
the-order.sankofa.nexus |
HTTP | TBD | TBD | TBD | ❌ No | ⚠️ Placeholder — not yet configured; add when The Order portal is deployed |
NPMplus Configuration Summary
Proxy Hosts with WebSocket Support
These domains require WebSocket support enabled in NPMplus:
rpc-http-pub.d-bis.org → http://192.168.11.221:8545 (WebSocket: Yes)
rpc-ws-pub.d-bis.org → ws://192.168.11.221:8546 (WebSocket: Yes)
rpc.d-bis.org → http://192.168.11.221:8545 (WebSocket: Yes)
rpc2.d-bis.org → http://192.168.11.221:8545 (WebSocket: Yes)
ws.rpc.d-bis.org → http://192.168.11.221:8546 (WebSocket: Yes)
ws.rpc2.d-bis.org → http://192.168.11.221:8546 (WebSocket: Yes)
rpc-http-prv.d-bis.org → http://192.168.11.211:8545 (WebSocket: Yes)
rpc-ws-prv.d-bis.org → ws://192.168.11.211:8546 (WebSocket: Yes)
rpc.public-0138.defi-oracle.io → https://192.168.11.240:443 (WebSocket: Yes)
rpc.defi-oracle.io → http://192.168.11.221:8545 (WebSocket: Yes)
wss.defi-oracle.io → http://192.168.11.221:8546 (WebSocket: Yes)
Proxy Hosts without WebSocket
explorer.d-bis.org → http://192.168.11.140:80 (Blockscout web; API: :4000)
Forge Verification Proxy → http://192.168.11.140:3080 (run locally or on host; for forge verify-contract)
dbis-admin.d-bis.org → http://192.168.11.130:80
dbis-api.d-bis.org → http://192.168.11.155:3000
dbis-api-2.d-bis.org → http://192.168.11.156:3000
secure.d-bis.org → http://192.168.11.130:80
mim4u.org → http://192.168.11.37:80
secure.mim4u.org → http://192.168.11.37:80
training.mim4u.org → http://192.168.11.37:80
sankofa.nexus → http://192.168.11.51:3000
phoenix.sankofa.nexus → http://192.168.11.50:4000
the-order.sankofa.nexus → (TBD — add when The Order portal is deployed)
Redirect Hosts
www.mim4u.org → mim4u.org
www.sankofa.nexus → sankofa.nexus
www.phoenix.sankofa.nexus → phoenix.sankofa.nexus
VMID Migration Reference (2026-01-18)
The following old VMIDs have been destroyed and replaced:
| Old VMID | Old IP | New VMID | New IP | Purpose |
|---|---|---|---|---|
| 2500 | 192.168.11.250 | 2101 | 192.168.11.211 | Core RPC |
| 2501 | 192.168.11.251 | 2201 | 192.168.11.221 | Public RPC |
| 2502 | 192.168.11.252 | 2301 | 192.168.11.232 | Private RPC |
| 2503 | 192.168.11.253 | 2303 | 192.168.11.233 | Ali 0x8a |
| 2504 | 192.168.11.254 | 2304 | 192.168.11.234 | Ali 0x1 |
| 2505 | 192.168.11.201 | 2305 | 192.168.11.235 | Luis 0x8a |
| 2506 | 192.168.11.202 | 2306 | 192.168.11.236 | Luis 0x1 |
| 2507 | 192.168.11.203 | 2307 | 192.168.11.237 | Putu 0x8a |
| 2508 | 192.168.11.204 | 2308 | 192.168.11.238 | Putu 0x1 |
Important: Any scripts or configurations referencing the old IPs (192.168.11.250-254, 192.168.11.201-204) must be updated.
Containers 2506, 2507, 2508 were destroyed 2026-02-08 on all Proxmox hosts. RPC range in use: 2500–2505. IPs .202, .203, .204 freed.
DNS Configuration
When Option B (RPC via Cloudflare Tunnel) is used: The 6 RPC HTTP hostnames (rpc-http-pub, rpc, rpc2, rpc-http-prv, rpc.public-0138.defi-oracle.io, rpc.defi-oracle.io) use CNAME to <tunnel-id>.cfargotunnel.com (Proxied); they do not use A 76.53.10.36. See 05-network/OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md.
Web/api and RPC WS (direct/Fastly): All other domains resolve to the public IP 76.53.10.36 (or Fastly CNAME). NPMplus handles SSL termination and routing to internal services.
Network Configuration
NPMplus Dual-NIC Setup - RESOLVED (2026-01-18)
Issue: NPMplus container needed to reach both the UDM Pro gateway (for port forwarding) and the RPC nodes (for backend proxying), but tagged VLAN 11 traffic couldn't reach untagged hosts.
Root Cause: UDM Pro treats tagged VLAN 11 and untagged traffic as separate networks.
Solution: Dual-NIC configuration with one tagged and one untagged interface.
NPMplus Container Config (VMID 10233 on r630-01; NPMplus has .166 and .167; only .167 is used in UDM Pro port forwarding):
# eth0: Tagged VLAN 11 - for gateway/external access
net0: name=eth0,bridge=vmbr0,gw=192.168.11.1,hwaddr=BC:24:11:18:1C:5D,ip=192.168.11.166/24,tag=11,type=veth
# eth1: Untagged - for backend RPC access
net1: name=eth1,bridge=vmbr0,hwaddr=BC:24:11:5B:50:D9,ip=192.168.11.167/24,type=veth
Routing Table (inside container):
default via 192.168.11.1 dev eth0 proto static # External traffic via gateway
192.168.11.0/24 dev eth1 proto kernel scope link # Local traffic via untagged
192.168.11.0/24 dev eth0 proto kernel scope link # Backup route
Status: ✅ RESOLVED - All public RPC endpoints working
Test Commands
# Test external access
curl -s -X POST https://rpc-http-pub.d-bis.org \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# Test all endpoints
curl -s https://rpc-http-pub.d-bis.org -H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
curl -s https://rpc-http-prv.d-bis.org -H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
curl -s https://rpc.public-0138.defi-oracle.io -H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}'
Cloudflare DNS Records
(When Option B is used, the 6 RPC HTTP domains below use CNAME to tunnel; otherwise A 76.53.10.36.)
| Domain | Type | Value | Proxy |
|---|---|---|---|
rpc-http-pub.d-bis.org |
A or CNAME | 76.53.10.36 or tunnel | ✅ Proxied |
rpc.d-bis.org |
A or CNAME | 76.53.10.36 or tunnel | ✅ Proxied |
rpc2.d-bis.org |
A or CNAME | 76.53.10.36 or tunnel | ✅ Proxied |
rpc-ws-pub.d-bis.org |
A | 76.53.10.36 | ✅ Proxied |
rpc-http-prv.d-bis.org |
A or CNAME | 76.53.10.36 or tunnel | ✅ Proxied |
rpc-ws-prv.d-bis.org |
A | 76.53.10.36 | ✅ Proxied |
explorer.d-bis.org |
A | 76.53.10.36 | ✅ Proxied |
dbis-admin.d-bis.org |
A | 76.53.10.36 | ✅ Proxied |
dbis-api.d-bis.org |
A | 76.53.10.36 | ✅ Proxied |
dbis-api-2.d-bis.org |
A | 76.53.10.36 | ✅ Proxied |
secure.d-bis.org |
A | 76.53.10.36 | ✅ Proxied |
rpc.public-0138.defi-oracle.io |
A or CNAME | 76.53.10.36 or tunnel | ✅ Proxied |
rpc.defi-oracle.io |
A or CNAME | 76.53.10.36 or tunnel | ✅ Proxied |
wss.defi-oracle.io |
A | 76.53.10.36 | ✅ Proxied |
Verification Commands
Test All RPC Nodes (Internal)
for ip in 192.168.11.211 192.168.11.221 192.168.11.233 192.168.11.234 192.168.11.235 192.168.11.236 192.168.11.237 192.168.11.238 192.168.11.240 192.168.11.241 192.168.11.242 192.168.11.243; do
curl -s -X POST -H "Content-Type: application/json" \
--data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' \
http://$ip:8545 | grep -q "result" && echo "✓ $ip" || echo "✗ $ip"
done
Test Public RPC Domains
# HTTP RPC
curl -s -X POST https://rpc-http-pub.d-bis.org \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
# WebSocket RPC (requires wscat)
wscat -c wss://rpc-ws-pub.d-bis.org
# ThirdWeb RPC
curl -s -X POST https://rpc.public-0138.defi-oracle.io \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
Test DNS Resolution
for domain in rpc-http-pub.d-bis.org rpc-ws-pub.d-bis.org rpc-http-prv.d-bis.org rpc-ws-prv.d-bis.org rpc.public-0138.defi-oracle.io rpc.defi-oracle.io wss.defi-oracle.io; do
echo -n "$domain: "
dig +short $domain
done
Related Documentation
- PUBLIC_RPC_CHAIN138_LEDGER.md - Public RPCs for ChainID 138, NPMplus→VM mapping, Ledger App-Ethereum
- ALL_VMIDS_ENDPOINTS.md - Complete VMID reference
- NPMPLUS_COMPLETE_SETUP_SUMMARY.md - NPMplus setup
- NPMPLUS_CORRECT_CONFIGURATION.md - NPMplus domain config
- NGINX_CONFIGURATIONS_VMIDS_2400-2508.md - Nginx configs
- ../05-network/RPC_NODE_TYPES_ARCHITECTURE.md - Architecture
Change Log
2026-01-18
- Created master RPC endpoints document
- Updated NPMplus proxy hosts with new IP addresses:
rpc-http-pub.d-bis.org→ 192.168.11.221:8545 (was 192.168.11.252:443)rpc-ws-pub.d-bis.org→ 192.168.11.221:8546 (was 192.168.11.252:443)rpc-http-prv.d-bis.org→ 192.168.11.211:8545 (was 192.168.11.251:443)rpc-ws-prv.d-bis.org→ 192.168.11.211:8546 (was 192.168.11.251:443)rpc.public-0138.defi-oracle.io→ 192.168.11.240:443 (was 192.168.11.252:443)
- Fixed NPMplus network connectivity by removing VLAN tag
- Updated
configure-npmplus-domains.jswith new IP addresses
Last Updated: 2026-01-18
Maintained By: Infrastructure Team