ARCHIVE/Validation-Ledger-Tx-Store-to-xPOP
1
0
Fork 0
mirror of https://github.com/Xahau/Validation-Ledger-Tx-Store-to-xPOP.git synced 2025-11-04 12:25:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
91b12622e4ba0e984dbe2d0d6fe90503a87699ef
Validation-Ledger-Tx-Store-…/conf/nginx.conf
Wietse Wind 91b12622e4 Fix websocket testnet #2
2023-12-29 01:13:57 +01:00

242 lines
6.6 KiB
Nginx Configuration File
Raw Blame History

user nginx;
worker_processes 2;
error_log /dev/stderr notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
server_name_in_redirect off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
# gzip on;
map $http_connection $connection_upgrade {
"~*Upgrade" $http_connection;
default keep-alive;
}
map $http_content_type $is_json_request {
"application/json" 1;
default 0;
}
upstream backend-testnet {
server xpop-testnet:3000;
keepalive 32;
}
upstream backend-mainnet {
server xpop-mainnet:3000;
keepalive 32;
}
# TESTNET
server {
# The config below is for http (non SSL)
listen $PUBLIC_PORT_TESTNET;
listen [::]:$PUBLIC_PORT_TESTNET;
# The config below is for SSL (https)
listen $SSLPORT_TESTNET ssl;
listen [::]:$SSLPORT_TESTNET ssl;
ssl_session_timeout 5m;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5:!DSS;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
resolver 1.1.1.1 8.8.8.8 [2606:4700::1111] [2606:4700:4700::1001] valid=300s ipv6=on;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate_key /etc/nginx/ssl/nginx-ssl-private.key;
ssl_certificate /etc/nginx/ssl/nginx-ssl-certificate.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Regular config
server_name _;
autoindex_format html;
add_header Access-Control-Allow-Origin *;
try_files $uri $uri/ =404;
absolute_redirect off;
location /healthcheck {
return 200 'Hi there!';
add_header Content-Type text/plain;
}
location /xpop {
root /usr/share/nginx/html;
autoindex off;
}
if ($http_content_type ~* json) {
set $json_request 1;
}
location ~ ^/json(/.*)?$ {
internal;
alias /usr/share/nginx/html$1; # Point to the same root as the previous location
autoindex on;
autoindex_format json;
}
location ~* ^/[0-9]+ {
root /usr/share/nginx/html;
autoindex on;
if ($is_json_request = 1) {
rewrite ^ /json$request_uri? last;
}
}
location /mainnet/ {
proxy_pass http://127.0.0.1:$PUBLIC_PORT/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache off;
proxy_buffering off;
# Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
proxy_read_timeout 100s;
proxy_set_header Host $host;
proxy_set_header X-Incoming-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-No-Cors 1;
}
location / {
proxy_pass http://backend-testnet;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache off;
proxy_buffering off;
# Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
proxy_read_timeout 100s;
proxy_set_header Host $host;
proxy_set_header X-Incoming-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-No-Cors 1;
}
} # END: server {}
# MAINNET
server {
# The config below is for http (non SSL)
listen $PUBLIC_PORT;
listen [::]:$PUBLIC_PORT;
# The config below is for SSL (https)
listen $SSLPORT ssl;
listen [::]:$SSLPORT ssl;
ssl_session_timeout 5m;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5:!DSS;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
resolver 1.1.1.1 8.8.8.8 [2606:4700::1111] [2606:4700:4700::1001] valid=300s ipv6=on;
resolver_timeout 5s;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate_key /etc/nginx/ssl/nginx-ssl-private.key;
ssl_certificate /etc/nginx/ssl/nginx-ssl-certificate.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Regular config
server_name _;
autoindex_format html;
add_header Access-Control-Allow-Origin *;
try_files $uri $uri/ =404;
absolute_redirect off;
location /healthcheck {
return 200 'Hi there!';
add_header Content-Type text/plain;
}
location /xpop {
root /usr/share/nginx/html;
autoindex off;
}
if ($http_content_type ~* json) {
set $json_request 1;
}
location ~ ^/json(/.*)?$ {
internal;
alias /usr/share/nginx/html$1; # Point to the same root as the previous location
autoindex on;
autoindex_format json;
}
location ~* ^/[0-9]+ {
root /usr/share/nginx/html;
autoindex on;
if ($is_json_request = 1) {
rewrite ^ /json$request_uri? last;
}
}
location /testnet/ {
proxy_pass http://127.0.0.1:$PUBLIC_PORT_TESTNET/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache off;
proxy_buffering off;
# Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
proxy_read_timeout 100s;
proxy_set_header Host $host;
proxy_set_header X-Incoming-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-No-Cors 1;
}
location / {
proxy_pass http://backend-mainnet;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache off;
proxy_buffering off;
# Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
proxy_read_timeout 100s;
proxy_set_header Host $host;
proxy_set_header X-Incoming-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-No-Cors 1;
}
} # END: server {}
}
Reference in New Issue View Git Blame Copy Permalink