Add full monorepo: virtual-banker, backend, frontend, docs, scripts, deployment

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-10 11:32:49 -08:00
parent aafcd913c2
commit 88bc76da91
815 changed files with 125522 additions and 264 deletions
--- a/EXTERNAL_ACCESS_TIMEOUT_DIAGNOSIS.md
+++ b/EXTERNAL_ACCESS_TIMEOUT_DIAGNOSIS.md
@@ -0,0 +1,224 @@
+# External Access Timeout - Diagnosis & Fix
+
+**Date**: 2026-01-21  
+**Issue**: ERR_CONNECTION_TIMED_OUT when accessing explorer.d-bis.org  
+**Status**: ⚠️ **Port Forwarding Configured but Firewall Blocking**
+
+---
+
+## Problem Summary
+
+**Symptoms**:
+- ✅ DNS resolves correctly: `explorer.d-bis.org` → `76.53.10.36`
+- ✅ Port forwarding rules exist in UDM Pro
+- ✅ NPMplus is running and listening on ports 80/443
+- ✅ Internal path works (HTTP 200)
+- ❌ External access times out (ERR_CONNECTION_TIMED_OUT)
+
+**Root Cause**: UDM Pro firewall is likely blocking WAN → LAN traffic, even though port forwarding rules exist.
+
+---
+
+## Current Status
+
+### ✅ Working Components
+
+1. **DNS**: ✅ Resolves to 76.53.10.36
+2. **NPMplus**: ✅ Running, listening on 0.0.0.0:80 and 0.0.0.0:443
+3. **NPMplus Config**: ✅ Proxy host configured correctly
+4. **VMID 5000**: ✅ Operational, serving HTTP 200
+5. **Port Forwarding Rules**: ✅ Exist in UDM Pro:
+   - `76.53.10.36:80` → `192.168.11.166:80`
+   - `76.53.10.36:443` → `192.168.11.166:443`
+
+### ❌ Issue
+
+**Ports 80 and 443 are NOT reachable from external**:
+- Connection to `76.53.10.36:80` → Timeout
+- Connection to `76.53.10.36:443` → Timeout
+
+---
+
+## Root Cause Analysis
+
+Port forwarding rules exist, but traffic is being blocked. This is typically due to:
+
+1. **UDM Pro Firewall Rules** blocking WAN → LAN traffic
+2. **Port forwarding rules not enabled** (though they appear in the UI)
+3. **Zone-based firewall** blocking External → Internal traffic
+4. **WAN interface not selected** in port forwarding rules
+
+---
+
+## Solution: Check UDM Pro Firewall Rules
+
+### Step 1: Verify Port Forwarding Rules Are Enabled
+
+In UDM Pro web interface:
+
+1. Navigate to: **Settings** → **Firewall & Security** → **Port Forwarding**
+2. Verify the rules show as **"Enabled"** or have a checkmark
+3. If disabled, **enable** them:
+   - Click on each rule
+   - Toggle "Enabled" to ON
+   - Save
+
+### Step 2: Check Firewall Rules (WAN → LAN)
+
+UDM Pro may have firewall rules that block incoming WAN traffic. Check:
+
+1. Navigate to: **Settings** → **Firewall & Security** → **Firewall Rules**
+2. Look for rules with:
+   - **Source**: WAN / External / Internet
+   - **Destination**: LAN / Internal / 192.168.11.0/24
+   - **Action**: Block / Deny
+
+3. **If blocking rules exist**, you need to either:
+   - **Option A**: Add an allow rule BEFORE the block rule:
+     - Source: Any (or WAN)
+     - Destination: 192.168.11.166
+     - Port: 80, 443
+     - Action: Allow
+     - Place it ABOVE any block rules
+   
+   - **Option B**: Modify the block rule to exclude port forwarding:
+     - Add exception for destination IP: 192.168.11.166
+     - Add exception for ports: 80, 443
+
+### Step 3: Check Zone-Based Firewall (If Enabled)
+
+If UDM Pro uses zone-based firewall:
+
+1. Navigate to: **Settings** → **Firewall & Security** → **Zones**
+2. Check **External → Internal** policy:
+   - Should be **"Allow"** or **"Allow Return"**
+   - If **"Block"**, change to **"Allow"** or add exception
+
+3. Or create specific rule:
+   - Source Zone: External
+   - Destination Zone: Internal
+   - Destination IP: 192.168.11.166
+   - Ports: 80, 443
+   - Action: Allow
+
+### Step 4: Verify WAN Interface in Port Forwarding
+
+Ensure port forwarding rules specify the correct WAN interface:
+
+1. Edit each port forwarding rule
+2. Check **"Interface"** or **"WAN Interface"**:
+   - Should be set to your primary WAN interface
+   - Or "Any" / "All" if option exists
+3. Save changes
+
+---
+
+## Quick Fix Checklist
+
+- [ ] Verify port forwarding rules are **ENABLED**
+- [ ] Check firewall rules for **WAN → LAN blocking**
+- [ ] Add **allow rule** for 192.168.11.166:80,443 if blocked
+- [ ] Check **zone-based firewall** External → Internal policy
+- [ ] Verify **WAN interface** in port forwarding rules
+- [ ] Test external access after each change
+
+---
+
+## Testing After Fix
+
+### Test 1: Port Reachability
+```bash
+# From external location
+curl -v --connect-timeout 10 https://explorer.d-bis.org
+curl -v --connect-timeout 10 http://explorer.d-bis.org
+```
+
+### Test 2: Direct IP Test
+```bash
+# Test direct IP (bypasses DNS)
+curl -v --connect-timeout 10 https://76.53.10.36
+curl -v --connect-timeout 10 http://76.53.10.36
+```
+
+### Test 3: Port Check
+```bash
+# Check if ports are open
+nmap -p 80,443 76.53.10.36
+```
+
+---
+
+## Expected Behavior After Fix
+
+Once firewall rules are corrected:
+
+1. **External request** → `76.53.10.36:443`
+2. **UDM Pro** → Port forwarding rule matches
+3. **Firewall** → Allows traffic (no block rule)
+4. **NPMplus** → Receives request on 192.168.11.166:443
+5. **NPMplus** → Proxies to 192.168.11.140:80
+6. **VMID 5000** → Serves frontend
+7. **Response** → HTTP 200 OK
+
+---
+
+## Common UDM Pro Firewall Issues
+
+### Issue 1: Default Deny Policy
+**Problem**: UDM Pro may have default "deny all WAN → LAN" policy  
+**Solution**: Add explicit allow rule for port forwarding destination
+
+### Issue 2: Rule Order
+**Problem**: Block rules may be evaluated before port forwarding  
+**Solution**: Ensure allow rules are placed before block rules
+
+### Issue 3: Zone-Based Firewall
+**Problem**: External → Internal zone policy may be blocking  
+**Solution**: Change policy to "Allow" or add exception
+
+### Issue 4: Interface Selection
+**Problem**: Port forwarding rule may not specify correct WAN interface  
+**Solution**: Verify interface selection in port forwarding rule
+
+---
+
+## Manual Verification Steps
+
+1. **Access UDM Pro Web UI**
+   - Navigate to your UDM Pro IP (typically 192.168.1.1 or 192.168.11.1)
+
+2. **Check Port Forwarding Status**
+   - Settings → Firewall & Security → Port Forwarding
+   - Verify rules are enabled (green checkmark or "Enabled" status)
+
+3. **Check Firewall Rules**
+   - Settings → Firewall & Security → Firewall Rules
+   - Look for any rules blocking WAN → LAN
+   - Check rule order (allow rules should be before block rules)
+
+4. **Check Zone Policies** (if zone-based firewall enabled)
+   - Settings → Firewall & Security → Zones
+   - Check External → Internal policy
+   - Should be "Allow" or "Allow Return"
+
+5. **Test After Changes**
+   - Make one change at a time
+   - Test external access after each change
+   - Document what works
+
+---
+
+## Summary
+
+**All internal components are working correctly.** The issue is UDM Pro firewall blocking external traffic, even though port forwarding rules are configured.
+
+**Action Required**: 
+1. Verify port forwarding rules are enabled
+2. Check and fix UDM Pro firewall rules blocking WAN → LAN
+3. Test external access
+
+Once firewall rules are corrected, external access should work immediately.
+
+---
+
+**Status**: ⚠️ **Firewall Configuration Needed**