ARCHIVE/Validation-Ledger-Tx-Store-to-xPOP
1
0
Fork 0
mirror of https://github.com/Xahau/Validation-Ledger-Tx-Store-to-xPOP.git synced 2025-11-04 12:25:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add SSL config

Browse Source
This commit is contained in:
Wietse Wind
2023-10-09 13:42:51 +02:00
parent 3b840bba2f
commit 8b6e25fff0
5 changed files with 82 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
conf/nginx.conf
View File

@@ -43,8 +43,30 @@ http {
}
server {
# The config below is for http (non SSL)
listen 3000;
listen [::]:3000;
# The config below is for SSL (https)
listen 3443 ssl;
listen [::]:3443 ssl;
ssl_session_timeout 5m;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5:!DSS;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
resolver 1.1.1.1 8.8.8.8 [2606:4700::1111] [2606:4700:4700::1001] valid=300s ipv6=on;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate_key /etc/nginx/ssl/nginx-ssl-private.key;
ssl_certificate /etc/nginx/ssl/nginx-ssl-certificate.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Regular config
server_name _;
autoindex_format html;
@@ -94,6 +116,7 @@ http {
# Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
proxy_read_timeout 100s;
proxy_set_header Host $host;
proxy_set_header X-Incoming-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-No-Cors 1;
}

8
conf/ssl/dhparam.pem Executable file
View File

@@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA5wUMcskZZ3LbkVDCpY+JV6jVnVakVImQFOvOWsFvgENds/EXig7m
yKFV06NhcQQOithOHvoML4VrSUfyoLO4VodogtmG/JlmAD1oAADHF9y+g6TRb6UT
ciZYP/EFATDV8GkZBXZdNpdRSz6Gnl5X7aJD/eawlb0T5jvvYnFyGWecYpQ5IlGd
XrSJiG0YyPkRIqOd5isFMnaGN27cvqPWk8teJDB5OCW9vl0QxNfshryiQQ5ecPxs
hT2kwaJq2y9nXzcP9E3886g9so4LpzxpYBxZpfDcKRzyDjpU57Qj8qrGOtHtqdq3
TAGqXIXprs9yZH2P3ncvrfokClNLWjC4mwIBAg==
-----END DH PARAMETERS-----

20
conf/ssl/nginx-ssl-certificate.pem Executable file
View File

@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDQzCCAisCFB45ebAgt1ljghzHn7sJjcXE9Ds+MA0GCSqGSIb3DQEBCwUAMF4x
CzAJBgNVBAYTAkdCMQswCQYDVQQIDAJHQjEPMA0GA1UEBwwGTG9uZG9uMQ0wCwYD
VQQKDARZb29vMRAwDgYDVQQLDAdEaWdpdGFsMRAwDgYDVQQDDAdkZWZhdWx0MB4X
DTIzMTAwOTExMTI0OVoXDTMzMTAwNjExMTI0OVowXjELMAkGA1UEBhMCR0IxCzAJ
BgNVBAgMAkdCMQ8wDQYDVQQHDAZMb25kb24xDTALBgNVBAoMBFlvb28xEDAOBgNV
BAsMB0RpZ2l0YWwxEDAOBgNVBAMMB2RlZmF1bHQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqN6LafPr9V0TwY7G9sQaArGFIPHFU0POnJokDdRSZNfoT
IqCotzhSFfxRG95uGr2DmJtNx5x1mbR3dVh4hq8uwbW8ml9owwgKsgZiASik1pCB
7wgd6b0AonzeG454k4AzLvEJOivpRe3JHm0J7UkbuNN9m5ac1QbZTw0tDfz+8pIc
GxREw07vHEeaVuBHg1HtDA1EYr2pVN7IAl+wpjeIoU2wqNkXVeUrV6Pe1nFIzd9H
WLZlJbsLLXTGOaJysUIKYRzH5jQXFnJJv5pNVku+yrp/L0j3GcBk8fjkuXWXylVJ
BOM3aRpazd8epAann0PgJ4JqVvfq9Lq0CYxV5Hw7AgMBAAEwDQYJKoZIhvcNAQEL
BQADggEBACRYvidJtwHyZk5yae5jqRVaT20pRJuxn+tDovy/pI8R09viQoN8itVb
CTtlMcWT//WYaXIEpX527DPv0AoWZJ+PwRXEvAX5DlMrJrWZG80IQ+0E4rNcqBvY
H08EPp6qXgxfvjH89gKcSXFtCJuL7Tl/w6OvKyiMA2BHnESVBRFPrsv5n8jAOm9M
5/cyzxGHlhOGImKN8xKiuRf4l0Uu3mZQRRsTLGnEaF7zrizm0XG7kdQgeenCnNej
Bmqu7LBCejboVhyUZwabqmPtMyNOk1MS7rFvPUb5c2/ky05dLWs3DZ46gqTWUlXF
dk7cDGcUteBaeEVvKtNqgLC76fz1OjY=
-----END CERTIFICATE-----

28
conf/ssl/nginx-ssl-private.key Executable file
View File

@@ -0,0 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAqjei2nz6/VdE8GOxvbEGgKxhSDxxVNDzpyaJA3UUmTX6EyKg
qLc4UhX8URvebhq9g5ibTcecdZm0d3VYeIavLsG1vJpfaMMICrIGYgEopNaQge8I
Hem9AKJ83huOeJOAMy7xCTor6UXtyR5tCe1JG7jTfZuWnNUG2U8NLQ38/vKSHBsU
RMNO7xxHmlbgR4NR7QwNRGK9qVTeyAJfsKY3iKFNsKjZF1XlK1ej3tZxSM3fR1i2
ZSW7Cy10xjmicrFCCmEcx+Y0FxZySb+aTVZLvsq6fy9I9xnAZPH45Ll1l8pVSQTj
N2kaWs3fHqQGp59D4CeCalb36vS6tAmMVeR8OwIDAQABAoIBAQCkpWxBKuMcam2k
mMo0UieYDyWKWezFvdfwtrWRQo7KJAvgtn3wtEkmHV4SloJwvizSPar7cTlGB4co
hbkt3BlXgMfpxujCzOPadJj382b9Cw58oFmZlZ3cH0/pB36n4wT+fUlpQ3t2CM4Y
2/VcxMkSp5TqyrTEvsoBKRX1nrI5Z5UfnBnlKA9r1c7QpCYK60I8MDo+hUMVWC8o
ESzJqypvlkxKTs61scj+zcSFfek6Yf6yAFVtgtvqBetAz2jH4k6nuCYAVR3UNQav
pZEmtdqfWiJw/sd+c8XsgiukPTs3cfNXaFpXXUUY9NYx7b8F+FU7Cywgb+SqGR7q
LRyBF6ABAoGBANepsgh7sRqqOQRF+N+MHiWUKx0AxSveCGH3aK+dK+sEYZN4ptA1
mgHxJ8t9a7ZE/184rebcqBs7HWJOuv4VYGIRG2c59WHGxaSnRgeqL38s0ggCRHGN
sYwcnXM4f6br056EEHVQrn3SYu+SfQsiS2KkIG4TEywaMPdNuz1Oq96BAoGBAMoN
7k5VJWBBYKKsbIOUK1r34iPlSAOqXWXwxtVQgXRXBCuMiuo8lDhSQrL0ugRRbVlW
ZHsXcpoTH+GXb3vSewqUDz+6rFaa7t6LbEJWXK6A9XWTqA+jD8t6Tv9ABsO7rSPM
udFHS7+X0f+LXGoPYLFXjTBWHiuY8oHeLju3RvS7AoGAeg8NOEfpgNH+2zBPHxbK
qTInBI8/CQjtbaT9lwc5qBYes7yBjS4JMDgw8bbWk56Rem813YfdjSv0AYPVyaCH
oHlWLSJcgy5hBkO2GvhzUWMorGe8HRi4+Dfp1SCQ/wRSDVFpjzxOxd+hJz6djwOl
7vo9cI9TNo7MT+uqoZQ5KgECgYAgLYnHFc5G/wJpxbXeWolxCksMVmZalxYatvaj
YBfNtFHosZAp743XTlpq74h0SZd1g8mqxLgui18naRuLB6EqtRuclZj+jdv+uwt5
oRFPhSASInrASsKoMAlGoyawo0HWkrMA/i61C3OZE9Oa3GoUtBG7IevaG5h7UCvi
vLRjIwKBgCRLtdnt+Ws3ACmvzWBLbSLUgWRN4pukwy1DWz8xtUYSsYkGOmmKhlEV
LL61Cn2ir64JWVOx8Ub6GH0ho0Uy0kTRp+6TzBjWa9xCfSAFrVstIaB36XhrkLwL
evQqlSrjT/PsIDf9Bil50Swkd2Q3K2A2lsixA3tk/AW0MpIhTfvN
-----END RSA PRIVATE KEY-----

3
docker-compose.yml
View File

@@ -5,11 +5,13 @@ services:
read_only: true
volumes:
- ./conf/nginx.conf:/etc/nginx/nginx.conf:ro
- ./conf/ssl:/etc/nginx/ssl:ro
- nginxcache:/var/cache/nginx
- nginxpid:/var/run
- ./store/:/usr/share/nginx/html:ro
ports:
- ${PORT:-3000}:3000
- ${SSLPORT:-3443}:3443
image: nginx:alpine
restart: unless-stopped
healthcheck:
@@ -26,6 +28,7 @@ services:
- ./store:/usr/src/app/store
environment:
- EVENT_SOCKET_PORT=3000
- PUBLIC_PORT=${PORT:-3000}
- URL_PREFIX=${URL_PREFIX:-http://localhost:3000}
- NETWORKID=${NETWORKID:-1}
- UNLURL=${UNLURL:-https://vl.altnet.rippletest.net}