d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
7517869ea6b9394e9fdaecdff0aba2454691e4a5
smom-dbis-138/frontend-dapp/NPMPLUS_CONFIGURATION.md
defiQUG 50ab378da9 feat: Implement Universal Cross-Chain Asset Hub - All phases complete 
PRODUCTION-GRADE IMPLEMENTATION - All 7 Phases Done

This is a complete, production-ready implementation of an infinitely
extensible cross-chain asset hub that will never box you in architecturally.

## Implementation Summary

### Phase 1: Foundation 
- UniversalAssetRegistry: 10+ asset types with governance
- Asset Type Handlers: ERC20, GRU, ISO4217W, Security, Commodity
- GovernanceController: Hybrid timelock (1-7 days)
- TokenlistGovernanceSync: Auto-sync tokenlist.json

### Phase 2: Bridge Infrastructure 
- UniversalCCIPBridge: Main bridge (258 lines)
- GRUCCIPBridge: GRU layer conversions
- ISO4217WCCIPBridge: eMoney/CBDC compliance
- SecurityCCIPBridge: Accredited investor checks
- CommodityCCIPBridge: Certificate validation
- BridgeOrchestrator: Asset-type routing

### Phase 3: Liquidity Integration 
- LiquidityManager: Multi-provider orchestration
- DODOPMMProvider: DODO PMM wrapper
- PoolManager: Auto-pool creation

### Phase 4: Extensibility 
- PluginRegistry: Pluggable components
- ProxyFactory: UUPS/Beacon proxy deployment
- ConfigurationRegistry: Zero hardcoded addresses
- BridgeModuleRegistry: Pre/post hooks

### Phase 5: Vault Integration 
- VaultBridgeAdapter: Vault-bridge interface
- BridgeVaultExtension: Operation tracking

### Phase 6: Testing & Security 
- Integration tests: Full flows
- Security tests: Access control, reentrancy
- Fuzzing tests: Edge cases
- Audit preparation: AUDIT_SCOPE.md

### Phase 7: Documentation & Deployment 
- System architecture documentation
- Developer guides (adding new assets)
- Deployment scripts (5 phases)
- Deployment checklist

## Extensibility (Never Box In)

7 mechanisms to prevent architectural lock-in:
1. Plugin Architecture - Add asset types without core changes
2. Upgradeable Contracts - UUPS proxies
3. Registry-Based Config - No hardcoded addresses
4. Modular Bridges - Asset-specific contracts
5. Composable Compliance - Stackable modules
6. Multi-Source Liquidity - Pluggable providers
7. Event-Driven - Loose coupling

## Statistics

- Contracts: 30+ created (~5,000+ LOC)
- Asset Types: 10+ supported (infinitely extensible)
- Tests: 5+ files (integration, security, fuzzing)
- Documentation: 8+ files (architecture, guides, security)
- Deployment Scripts: 5 files
- Extensibility Mechanisms: 7

## Result

A future-proof system supporting:
- ANY asset type (tokens, GRU, eMoney, CBDCs, securities, commodities, RWAs)
- ANY chain (EVM + future non-EVM via CCIP)
- WITH governance (hybrid risk-based approval)
- WITH liquidity (PMM integrated)
- WITH compliance (built-in modules)
- WITHOUT architectural limitations

Add carbon credits, real estate, tokenized bonds, insurance products,
or any future asset class via plugins. No redesign ever needed.

Status: Ready for Testing → Audit → Production
2026-01-24 07:01:37 -08:00

286 lines
6.5 KiB
Markdown
Raw Blame History

# NPMplus Configuration Guide - cross-all.defi-oracle.io
## Current Deployment Status
**Bridge Frontend Deployed:**
- **Host**: ml110 (192.168.11.10)
- **VMID**: 2101 (besu-rpc-core-1)
- **VM IP**: 192.168.11.211
- **Domain**: cross-all.defi-oracle.io
- **Status**: HTTP 200 OK ✅
---
## NPMplus Configuration Steps
### Prerequisites
- ✅ Bridge frontend deployed and accessible at `http://192.168.11.211/`
- ✅ NPMplus running (VMID 10233 on 192.168.11.11)
- ⚠️ Access to NPMplus web interface
### Step 1: Access NPMplus Dashboard
1. **Open NPMplus Dashboard:**
```
https://[NPMplus-IP]:81
```
- Default port: `81`
- Login with your NPMplus credentials
### Step 2: Create Proxy Host
1. **Navigate to Proxy Hosts:**
- Click "Hosts" in the left sidebar
- Click "Proxy Hosts"
- Click "Add Proxy Host" button
### Step 3: Configure Details Tab
**Domain Names:**
```
cross-all.defi-oracle.io
```
**Forward Hostname/IP:**
```
192.168.11.211
```
**Forward Port:**
```
80
```
**Scheme:**
```
http
```
**Enable Options:**
- ✅ **Cache Assets**
- ✅ **Block Common Exploits**
- ✅ **Websockets Support**
- ✅ **Access List** (if needed)
Click **"Save"** to save the Details tab configuration.
### Step 4: Configure SSL Tab
1. **SSL Certificate:**
- Click the "SSL" tab
- Under "SSL Certificate", click **"Request a new SSL Certificate"**
- Select: **"Let's Encrypt"**
- ✅ **Force SSL** (enabled)
- ✅ **HTTP/2 Support** (enabled)
- ✅ **HSTS Enabled** (enabled)
- ⚠️ **HSTS Subdomains** (optional, enable if you have subdomains)
2. **Email for Let's Encrypt:**
- Enter your email address (required for Let's Encrypt)
3. **Agree to Terms:**
- Check the "I agree to the Let's Encrypt Terms of Service" checkbox
4. **Request Certificate:**
- Click **"Request SSL Certificate"**
- Wait for certificate issuance (usually takes 1-2 minutes)
5. **Save:**
- Click **"Save"** to save SSL configuration
### Step 5: Optional - Advanced Tab
If you need custom configurations, use the Advanced tab:
```nginx
# Custom security headers (already in nginx config on VM, but can add here)
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
```
### Step 6: Verify Configuration
1. **Test HTTP Access:**
```bash
curl -I http://cross-all.defi-oracle.io/
# Should return HTTP 200 OK (or redirect to HTTPS)
```
2. **Test HTTPS Access:**
```bash
curl -I https://cross-all.defi-oracle.io/
# Should return HTTP 200 OK with valid SSL certificate
```
3. **Test Admin Panel:**
```bash
curl -I https://cross-all.defi-oracle.io/admin
# Should return HTTP 200 OK
```
4. **Browser Test:**
- Navigate to: `https://cross-all.defi-oracle.io/`
- Navigate to: `https://cross-all.defi-oracle.io/admin`
- Verify SSL certificate is valid (green lock icon)
- Test wallet connection
- Test admin panel features
---
## DNS Configuration
### If DNS is Not Configured
Create DNS A record pointing to your NPMplus server's public IP:
```
Type: A
Name: cross-all
Domain: defi-oracle.io
Value: [NPMplus Server Public IP]
TTL: 300 (or auto)
```
### Verify DNS
```bash
dig cross-all.defi-oracle.io +short
# Should return NPMplus server public IP
nslookup cross-all.defi-oracle.io
# Should resolve to NPMplus server public IP
```
**Note**: DNS propagation can take 5 minutes to 48 hours depending on TTL settings.
---
## Configuration Summary
### Proxy Host Settings
| Setting | Value |
|---------|-------|
| Domain | `cross-all.defi-oracle.io` |
| Forward To | `192.168.11.211:80` |
| Scheme | `http` |
| Cache Assets | ✅ Enabled |
| Block Exploits | ✅ Enabled |
| Websockets | ✅ Enabled |
| Force SSL | ✅ Enabled |
| HTTP/2 | ✅ Enabled |
| HSTS | ✅ Enabled |
### Access Points
**Before SSL:**
- `http://cross-all.defi-oracle.io/` (redirects to HTTPS if Force SSL enabled)
**After SSL:**
- `https://cross-all.defi-oracle.io/`
- `https://cross-all.defi-oracle.io/admin`
---
## Troubleshooting
### SSL Certificate Issues
**Certificate Not Issued:**
- Verify DNS A record is configured correctly
- Verify DNS propagation: `dig cross-all.defi-oracle.io`
- Check NPMplus logs for Let's Encrypt errors
- Ensure port 80 is accessible from internet (for Let's Encrypt validation)
### Domain Not Accessible
**Check DNS:**
```bash
dig cross-all.defi-oracle.io +short
nslookup cross-all.defi-oracle.io
```
**Check NPMplus:**
```bash
ssh root@192.168.11.11 "pct exec 10233 -- docker exec npmplus nginx -T | grep -A 10 'cross-all.defi-oracle.io'"
```
**Check Bridge VM:**
```bash
curl -I http://192.168.11.211/
# Should return HTTP 200 OK
```
### 502 Bad Gateway
- Verify bridge VM is running: `ssh root@192.168.11.10 "pct status 2101"`
- Verify nginx on bridge VM is running
- Check nginx error logs on bridge VM
- Verify IP address in NPMplus matches bridge VM IP (192.168.11.211)
### 404 Not Found
- Verify files are deployed: `ssh root@192.168.11.10 "pct exec 2101 -- ls -la /var/www/html/bridge-dapp/"`
- Check nginx configuration on bridge VM
- Verify web root path in nginx config
---
## Automated Configuration Script
A helper script is available:
```bash
cd /home/intlc/projects/proxmox/smom-dbis-138/frontend-dapp
./configure-npmplus.sh [npmplus-host] [npmplus-vmid] [bridge-vm-ip]
# Example:
./configure-npmplus.sh 192.168.11.11 10233 192.168.11.211
```
This script will:
- ✅ Verify NPMplus is accessible
- ✅ Check if proxy host exists
- ✅ Verify bridge VM is accessible
- ✅ Provide step-by-step instructions
- ✅ Verify configuration after setup
---
## Post-Configuration Verification
### Checklist
- [ ] NPMplus proxy host created
- [ ] SSL certificate issued successfully
- [ ] DNS A record configured (if needed)
- [ ] HTTPS accessible: `https://cross-all.defi-oracle.io/`
- [ ] Admin panel accessible: `https://cross-all.defi-oracle.io/admin`
- [ ] SSL certificate valid (green lock in browser)
- [ ] Security headers present
- [ ] Wallet connection works
- [ ] Contract interactions work
### Test Commands
```bash
# Test HTTP (should redirect to HTTPS)
curl -I http://cross-all.defi-oracle.io/
# Test HTTPS
curl -I https://cross-all.defi-oracle.io/
# Test admin panel
curl -I https://cross-all.defi-oracle.io/admin
# Check SSL certificate
openssl s_client -connect cross-all.defi-oracle.io:443 -servername cross-all.defi-oracle.io < /dev/null 2>/dev/null | openssl x509 -noout -dates
```
---
**Last Updated**: 2025-01-22
**Status**: Ready for NPMplus Configuration
Reference in New Issue View Git Blame Copy Permalink