d-bis/proxmox
4
0
Fork 0
Code Issues 2 Pull Requests 13 Actions Packages Projects Releases Wiki Activity

Add DealFlow to DNS sync and NPM proxy updater
Some checks failed
Deploy to Phoenix / validate (push) Successful in 1m20s
Details
Deploy to Phoenix / deploy (push) Failing after 20s
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details

Browse Source 
- update-all-dns-to-public-ip.sh: include dealflow.d-bis.org in d-bis.org Cloudflare records.
- update-npmplus-proxy-hosts-api.sh: optional forward_scheme for add_proxy_host; upsert dealflow.d-bis.org with HTTPS upstream to CT 10381 :443 (IP_OM_TREASURY_DEALFLOW).

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
defiQUG
2026-05-10 21:52:28 -07:00
parent 27c82cedaa
commit 0a3fd461c6
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh
View File

@@ -157,6 +157,7 @@ validate_canonical_https_redirect() {
# Function to add proxy host (POST) when domain does not exist
# Optional 6th arg: canonical HTTPS apex for www-style hosts (sets advanced_config 301 → apex$request_uri)
# Optional 7th arg: forward_scheme for upstream (default http; use https for TLS backends e.g. DealFlow nginx :443)
add_proxy_host() {
local domain=$1
local forward_host=$2
@@ -164,6 +165,7 @@ add_proxy_host() {
local websocket=$4
local block_exploits=${5:-false}
local canonical_https="${6:-}"
local forward_scheme="${7:-http}"
local adv_line=""
if [ -n "$canonical_https" ] && ! validate_canonical_https_redirect "$canonical_https" "add_proxy_host($domain)"; then
return 1
@@ -177,11 +179,12 @@ add_proxy_host() {
--arg host "$forward_host" \
--argjson port "$forward_port" \
--argjson ws "$websocket" \
--arg fwd "$forward_scheme" \
--argjson block_exploits "$([ "$block_exploits" = "true" ] && echo true || echo false)" \
--arg adv "$adv_line" \
'{
domain_names: [$domain],
forward_scheme: "http",
forward_scheme: $fwd,
forward_host: $host,
forward_port: $port,
allow_websocket_upgrade: $ws,
@@ -202,9 +205,9 @@ add_proxy_host() {
id=$(echo "$resp" | jq -r '.id // empty' 2>/dev/null)
if [ -n "$id" ] && [ "$id" != "null" ]; then
if [ -n "$canonical_https" ]; then
echo " ✅ Added: $domain -> http://${forward_host}:${forward_port} (WebSocket: $websocket) + 301 → ${canonical_https}\$request_uri"
echo " ✅ Added: $domain -> ${forward_scheme}://${forward_host}:${forward_port} (WebSocket: $websocket) + 301 → ${canonical_https}\$request_uri"
else
echo " ✅ Added: $domain -> http://${forward_host}:${forward_port} (WebSocket: $websocket)"
echo " ✅ Added: $domain -> ${forward_scheme}://${forward_host}:${forward_port} (WebSocket: $websocket)"
fi
return 0
else
@@ -421,6 +424,9 @@ update_proxy_host "www.the-order.sankofa.nexus" "http://${THE_ORDER_UPSTREAM_IP}
# Sankofa Studio (FusionAI) — VMID 7805; UI at /studio/ on same origin (port 8000). Prefer IP_SANKOFA_STUDIO from ip-addresses.conf / .env
IP_SANKOFA_STUDIO="${IP_SANKOFA_STUDIO:-192.168.11.72}"
SANKOFA_STUDIO_PORT="${SANKOFA_STUDIO_PORT:-8000}"
# Order of Malta DealFlow — CT 10381; nginx TLS on host :443 (Docker Compose). NPM must use forward_scheme https.
IP_OM_TREASURY_DEALFLOW="${IP_OM_TREASURY_DEALFLOW:-192.168.11.94}"
update_proxy_host "dealflow.d-bis.org" "https://${IP_OM_TREASURY_DEALFLOW}:443" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "dealflow.d-bis.org" "${IP_OM_TREASURY_DEALFLOW}" 443 false false "" "https" && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1))
# block_exploits false — studio UI/API may POST; align with portal policy (avoid spurious 405 from NPM WAF)
update_proxy_host "studio.sankofa.nexus" "http://${IP_SANKOFA_STUDIO}:${SANKOFA_STUDIO_PORT}" false false && updated_count=$((updated_count + 1)) || { add_proxy_host "studio.sankofa.nexus" "${IP_SANKOFA_STUDIO}" "${SANKOFA_STUDIO_PORT}" false false && updated_count=$((updated_count + 1)); } || failed_count=$((failed_count + 1))

1
scripts/update-all-dns-to-public-ip.sh
View File

@@ -359,6 +359,7 @@ main() {
"dbis-api-2" # dbis-api-2.d-bis.org
"secure" # secure.d-bis.org
"mail" # mail.d-bis.org (A → PUBLIC_IP; use with mail MX/SPF script)
"dealflow" # dealflow.d-bis.org (Order of Malta DealFlow CT 10381 via NPM)
)
if ! process_zone "$ZONE_D_BIS_ORG" "d-bis.org" "${DBIS_RECORDS[@]}"; then
((total_failures++))