# NPMplus Configuration Guide - cross-all.defi-oracle.io

## Current Deployment Status

✅ **Bridge Frontend Deployed:**
- **Host**: ml110 (192.168.11.10)
- **VMID**: 2101 (besu-rpc-core-1)
- **VM IP**: 192.168.11.211
- **Domain**: cross-all.defi-oracle.io
- **Status**: HTTP 200 OK ✅

---

## NPMplus Configuration Steps

### Prerequisites

- ✅ Bridge frontend deployed and accessible at `http://192.168.11.211/`
- ✅ NPMplus running (VMID 10233 on 192.168.11.11)
- ⚠️  Access to NPMplus web interface

### Step 1: Access NPMplus Dashboard

1. **Open NPMplus Dashboard:**
   ```
   https://[NPMplus-IP]:81
   ```
   - Default port: `81`
   - Login with your NPMplus credentials

### Step 2: Create Proxy Host

1. **Navigate to Proxy Hosts:**
   - Click "Hosts" in the left sidebar
   - Click "Proxy Hosts"
   - Click "Add Proxy Host" button

### Step 3: Configure Details Tab

**Domain Names:**
```
cross-all.defi-oracle.io
```

**Forward Hostname/IP:**
```
192.168.11.211
```

**Forward Port:**
```
80
```

**Scheme:**
```
http
```

**Enable Options:**
- ✅ **Cache Assets**
- ✅ **Block Common Exploits**
- ✅ **Websockets Support**
- ✅ **Access List** (if needed)

Click **"Save"** to save the Details tab configuration.

### Step 4: Configure SSL Tab

1. **SSL Certificate:**
   - Click the "SSL" tab
   - Under "SSL Certificate", click **"Request a new SSL Certificate"**
   - Select: **"Let's Encrypt"**
   - ✅ **Force SSL** (enabled)
   - ✅ **HTTP/2 Support** (enabled)
   - ✅ **HSTS Enabled** (enabled)
   - ⚠️  **HSTS Subdomains** (optional, enable if you have subdomains)

2. **Email for Let's Encrypt:**
   - Enter your email address (required for Let's Encrypt)

3. **Agree to Terms:**
   - Check the "I agree to the Let's Encrypt Terms of Service" checkbox

4. **Request Certificate:**
   - Click **"Request SSL Certificate"**
   - Wait for certificate issuance (usually takes 1-2 minutes)

5. **Save:**
   - Click **"Save"** to save SSL configuration

### Step 5: Optional - Advanced Tab

If you need custom configurations, use the Advanced tab:

```nginx
# Custom security headers (already in nginx config on VM, but can add here)
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
```

### Step 6: Verify Configuration

1. **Test HTTP Access:**
   ```bash
   curl -I http://cross-all.defi-oracle.io/
   # Should return HTTP 200 OK (or redirect to HTTPS)
   ```

2. **Test HTTPS Access:**
   ```bash
   curl -I https://cross-all.defi-oracle.io/
   # Should return HTTP 200 OK with valid SSL certificate
   ```

3. **Test Admin Panel:**
   ```bash
   curl -I https://cross-all.defi-oracle.io/admin
   # Should return HTTP 200 OK
   ```

4. **Browser Test:**
   - Navigate to: `https://cross-all.defi-oracle.io/`
   - Navigate to: `https://cross-all.defi-oracle.io/admin`
   - Verify SSL certificate is valid (green lock icon)
   - Test wallet connection
   - Test admin panel features

---

## DNS Configuration

### If DNS is Not Configured

Create DNS A record pointing to your NPMplus server's public IP:

```
Type: A
Name: cross-all
Domain: defi-oracle.io
Value: [NPMplus Server Public IP]
TTL: 300 (or auto)
```

### Verify DNS

```bash
dig cross-all.defi-oracle.io +short
# Should return NPMplus server public IP

nslookup cross-all.defi-oracle.io
# Should resolve to NPMplus server public IP
```

**Note**: DNS propagation can take 5 minutes to 48 hours depending on TTL settings.

---

## Configuration Summary

### Proxy Host Settings

| Setting | Value |
|---------|-------|
| Domain | `cross-all.defi-oracle.io` |
| Forward To | `192.168.11.211:80` |
| Scheme | `http` |
| Cache Assets | ✅ Enabled |
| Block Exploits | ✅ Enabled |
| Websockets | ✅ Enabled |
| Force SSL | ✅ Enabled |
| HTTP/2 | ✅ Enabled |
| HSTS | ✅ Enabled |

### Access Points

**Before SSL:**
- `http://cross-all.defi-oracle.io/` (redirects to HTTPS if Force SSL enabled)

**After SSL:**
- `https://cross-all.defi-oracle.io/`
- `https://cross-all.defi-oracle.io/admin`

---

## Troubleshooting

### SSL Certificate Issues

**Certificate Not Issued:**
- Verify DNS A record is configured correctly
- Verify DNS propagation: `dig cross-all.defi-oracle.io`
- Check NPMplus logs for Let's Encrypt errors
- Ensure port 80 is accessible from internet (for Let's Encrypt validation)

### Domain Not Accessible

**Check DNS:**
```bash
dig cross-all.defi-oracle.io +short
nslookup cross-all.defi-oracle.io
```

**Check NPMplus:**
```bash
ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus nginx -T | grep -A 10 'cross-all.defi-oracle.io'"
```

**Check Bridge VM:**
```bash
curl -I http://192.168.11.211/
# Should return HTTP 200 OK
```

### 502 Bad Gateway

- Verify bridge VM is running: `ssh root@192.168.11.10 "pct status 2101"`
- Verify nginx on bridge VM is running
- Check nginx error logs on bridge VM
- Verify IP address in NPMplus matches bridge VM IP (192.168.11.211)

### 404 Not Found

- Verify files are deployed: `ssh root@192.168.11.10 "pct exec 2101 -- ls -la /var/www/html/bridge-dapp/"`
- Check nginx configuration on bridge VM
- Verify web root path in nginx config

---

## Automated Configuration Script

A helper script is available:

```bash
cd /home/intlc/projects/proxmox/smom-dbis-138/frontend-dapp
./configure-npmplus.sh [npmplus-host] [npmplus-vmid] [bridge-vm-ip]

# Example:
./configure-npmplus.sh 192.168.11.11 10233 192.168.11.211
```

This script will:
- ✅ Verify NPMplus is accessible
- ✅ Check if proxy host exists
- ✅ Verify bridge VM is accessible
- ✅ Provide step-by-step instructions
- ✅ Verify configuration after setup

---

## Post-Configuration Verification

### Checklist

- [ ] NPMplus proxy host created
- [ ] SSL certificate issued successfully
- [ ] DNS A record configured (if needed)
- [ ] HTTPS accessible: `https://cross-all.defi-oracle.io/`
- [ ] Admin panel accessible: `https://cross-all.defi-oracle.io/admin`
- [ ] SSL certificate valid (green lock in browser)
- [ ] Security headers present
- [ ] Wallet connection works
- [ ] Contract interactions work

### Test Commands

```bash
# Test HTTP (should redirect to HTTPS)
curl -I http://cross-all.defi-oracle.io/

# Test HTTPS
curl -I https://cross-all.defi-oracle.io/

# Test admin panel
curl -I https://cross-all.defi-oracle.io/admin

# Check SSL certificate
openssl s_client -connect cross-all.defi-oracle.io:443 -servername cross-all.defi-oracle.io < /dev/null 2>/dev/null | openssl x509 -noout -dates
```

---

**Last Updated**: 2025-01-22  
**Status**: Ready for NPMplus Configuration