1fb7266469
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control. - Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities. - Created .gitmodules to include OpenZeppelin contracts as a submodule. - Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment. - Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks. - Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring. - Created scripts for resource import and usage validation across non-US regions. - Added tests for CCIP error handling and integration to ensure robust functionality. - Included various new files and directories for the orchestration portal and deployment scripts.
2.7 KiB
2.7 KiB
Cloudflare DNS → Nginx Proxy Setup
✅ Configuration Complete
All DNS records now point to the Nginx Proxy only (never exposing backend IPs).
📋 Architecture
Internet → Cloudflare → Nginx Proxy (20.160.58.99) → Backend Services
- Never expose backend IPs (10.1.1.4-10.5.1.4) directly
- All traffic goes through Nginx Proxy
- Cloudflare handles SSL termination (for proxied records)
- Nginx routes to appropriate backend services
🔧 DNS Configuration
Proxied Services (through Cloudflare SSL)
explorer.d-bis.org→ Nginx Proxy (port 4000 → Blockscout)besu.d-bis.org→ Nginx Proxy (port 8545 → Besu RPC)blockscout.d-bis.org→ Nginx Proxy (port 4000 → Blockscout)monitoring.d-bis.org→ Nginx Proxywallet.d-bis.org→ Nginx Proxyd-bis.org→ Nginx Proxywww.d-bis.org→ Nginx Proxy
Direct Services (not proxied by CF, still via Nginx)
rpc.d-bis.org→ Nginx Proxy (direct IP, no CF proxy)metrics.d-bis.org→ Nginx Proxyapi.d-bis.org→ Nginx Proxydocs.d-bis.org→ Nginx Proxygrafana.d-bis.org→ Nginx Proxyprometheus.d-bis.org→ Nginx Proxytessera.d-bis.org→ Nginx Proxyws.d-bis.org→ Nginx Proxy
🚀 Usage
Update DNS Records
# Update all DNS records to point to Nginx Proxy
./scripts/cloudflare/update-dns-to-proxy.sh
This script:
- ✅ Reads Cloudflare secrets from
.env - ✅ Updates all DNS A records to Nginx Proxy IP
- ✅ Removes duplicate records
- ✅ Never exposes backend IPs
Verify DNS Configuration
# Verify all records point to proxy
./scripts/cloudflare/verify-dns.sh
📝 Environment Variables
Required in .env:
CLOUDFLARE_ZONE_ID="your-zone-id"
CLOUDFLARE_ACCOUNT_ID="your-account-id"
CLOUDFLARE_API_TOKEN="your-api-token"
CLOUDFLARE_DOMAIN="d-bis.org"
NGINX_PROXY_IP="20.160.58.99"
🔒 Security
- ✅ No backend IPs exposed - All traffic through proxy
- ✅ Cloudflare SSL - For proxied services
- ✅ Nginx routing - Internal service routing
- ✅ Single entry point - Centralized access control
🔄 After DNS Update
- Wait 1-5 minutes for DNS propagation
- Verify records:
dig explorer.d-bis.org dig besu.d-bis.org - Test endpoints:
curl -I https://explorer.d-bis.org curl -X POST http://besu.d-bis.org:8545 \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
⚠️ Important Notes
- Never expose backend IPs (10.1.1.4-10.5.1.4) in DNS
- All services must be accessible via Nginx Proxy
- Nginx config must route hostnames to correct backend services
- Update Nginx if adding new services