This repository has been archived on 2022-10-07. You can view files and clone it, but cannot push or open issues or pull requests.
skynet-webportal/docker/nginx/conf.d/client.conf

225 lines
7.6 KiB
Plaintext
Raw Normal View History

proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=skynet:10m max_size=10g use_temp_path=off;
limit_req_zone $binary_remote_addr zone=stats_by_ip:10m rate=10r/m;
limit_conn_zone $binary_remote_addr zone=uploads_by_ip:10m;
limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m;
limit_req_status 429;
limit_conn_status 429;
# since we are proxying request to nginx from caddy, access logs will contain caddy's ip address
# as the request address so we need to use real_ip_header module to use ip address from
# X-Forwarded-For header as a real ip address of the request
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
real_ip_header X-Forwarded-For;
2020-07-28 11:22:07 +00:00
upstream siad {
server sia:9980;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
# ddos protection: closing slow connections
client_body_timeout 5s;
client_header_timeout 5s;
# Increase the body buffer size, to ensure the internal POSTs can always
# parse the full POST contents into memory.
client_body_buffer_size 128k;
client_max_body_size 128k;
2020-07-27 13:40:26 +00:00
location / {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-07-27 13:40:26 +00:00
root /var/www/webportal;
}
2020-07-27 09:30:55 +00:00
2020-06-23 16:20:59 +00:00
location /blacklist {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-06-23 16:20:59 +00:00
proxy_cache skynet;
proxy_cache_valid any 1m; # cache blacklist for 1 minute
2020-07-27 13:40:26 +00:00
proxy_set_header User-Agent: Sia-Agent;
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/blacklist;
2020-06-23 16:20:59 +00:00
}
2020-07-27 15:37:17 +00:00
location /skynet/blacklist {
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
proxy_cache_valid any 1m; # cache blacklist for 1 minute
proxy_set_header User-Agent: Sia-Agent;
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/blacklist;
2020-07-27 15:37:17 +00:00
}
location /portals {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
proxy_cache_valid any 1m; # cache portals for 1 minute
2020-07-27 13:40:26 +00:00
proxy_set_header User-Agent: Sia-Agent;
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/portals;
}
2020-07-27 15:37:17 +00:00
location /skynet/portals {
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
proxy_cache_valid any 1m; # cache portals for 1 minute
proxy_set_header User-Agent: Sia-Agent;
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/portals;
2020-07-27 15:37:17 +00:00
}
location /stats {
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
2020-07-29 09:06:53 +00:00
proxy_cache_valid any 10m; # cache stats for 10 minutes
2020-07-27 15:37:17 +00:00
proxy_set_header User-Agent: Sia-Agent;
2020-07-29 09:06:53 +00:00
proxy_read_timeout 5m; # extend the read timeout
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/stats;
2020-07-27 15:37:17 +00:00
}
location /skynet/stats {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
2020-07-29 09:06:53 +00:00
proxy_cache_valid any 10m; # cache stats for 10 minutes
2020-07-27 13:40:26 +00:00
proxy_set_header User-Agent: Sia-Agent;
2020-07-29 09:06:53 +00:00
proxy_read_timeout 5m; # extend the read timeout
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/stats;
}
2020-08-18 09:09:13 +00:00
# This endpoint is a backward compatilibilty workaround for reporting stats from legacy
# upload siad node for portals that used double-siad setup. If your portal does not need
# to support additional siad node, you can remove it from this config.
location /statsdown {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
2020-07-29 09:06:53 +00:00
proxy_cache_valid any 10m; # cache stats for 10 minutes
2020-07-27 13:40:26 +00:00
proxy_set_header User-Agent: Sia-Agent;
2020-07-29 09:06:53 +00:00
proxy_read_timeout 5m; # extend the read timeout
2020-08-18 09:09:13 +00:00
proxy_pass http://sia-upload:9980/skynet/stats; # serve upload node stats temporarily
}
2020-07-27 13:40:26 +00:00
location /health-check {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-07-27 13:40:26 +00:00
proxy_pass http://health-check:3100;
}
location /hns {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-07-31 13:25:57 +00:00
include /etc/nginx/conf.d/include/proxy-buffer;
2020-07-27 15:04:21 +00:00
2020-07-27 13:40:26 +00:00
proxy_pass http://handshake-api:3100;
}
location /hnsres {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-07-27 13:40:26 +00:00
proxy_pass http://handshake-api:3100;
}
location /skynet/skyfile {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-07-28 09:19:03 +00:00
include /etc/nginx/conf.d/include/sia-auth;
2020-07-27 15:04:21 +00:00
limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
proxy_read_timeout 600;
proxy_request_buffering off; # stream uploaded files through the proxy as it comes in
proxy_set_header Expect $http_expect;
2020-07-27 13:40:26 +00:00
proxy_set_header User-Agent: Sia-Agent;
# Extract 3 sets of 2 characters from $request_id and assign to $dir1, $dir2, $dir3
# respectfully. The rest of the $request_id is going to be assigned to $dir4.
# We use those variables to automatically generate a unique path for the uploaded file.
# This ensures that not all uploaded files end up in the same directory, which is something
# that causes performance issues in the renter.
# Example path result: /af/24/9b/c5ec894920ccc45634dc9a8065
if ($request_id ~* "(\w{2})(\w{2})(\w{2})(\w+)") {
set $dir1 $1;
set $dir2 $2;
set $dir3 $3;
set $dir4 $4;
}
# proxy this call to siad endpoint (make sure the ip is correct)
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/skyfile/$dir1/$dir2/$dir3/$dir4$is_args$args;
}
2020-07-15 15:09:22 +00:00
location ~ "/skynet/skyfile/(.+)" {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-07-28 09:19:03 +00:00
include /etc/nginx/conf.d/include/sia-auth;
2020-07-27 15:04:21 +00:00
limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
proxy_read_timeout 600;
proxy_request_buffering off; # stream uploaded files through the proxy as it comes in
proxy_set_header Expect $http_expect;
2020-07-27 13:40:26 +00:00
proxy_set_header User-Agent: Sia-Agent;
# we need to explicitly use set directive here because $1 will contain the siapath with
# decoded whitespaces and set will re-encode it for us before passing it to proxy_pass
set $siapath $1;
# proxy this call to siad endpoint (make sure the ip is correct)
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/skyfile/$siapath$is_args$args;
}
location ~ "^/([a-zA-Z0-9-_]{46}(/.*)?)$" {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-07-31 13:25:57 +00:00
include /etc/nginx/conf.d/include/proxy-buffer;
2020-07-27 15:04:21 +00:00
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
2020-07-30 19:15:21 +00:00
add_header Cache-Control "public, max-age=86400"; # allow consumer to cache response
# we need to explicitly use set directive here because $1 will contain the skylink with
# decoded whitespaces and set will re-encode it for us before passing it to proxy_pass
set $skylink $1;
proxy_read_timeout 600;
2020-07-27 13:40:26 +00:00
proxy_set_header User-Agent: Sia-Agent;
# proxy this call to siad /skynet/skylink/ endpoint (make sure the ip is correct)
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/skylink/$skylink$is_args$args;
# cache frequent (> 10) downloads for 24 hours
proxy_cache skynet;
proxy_cache_key $uri;
proxy_cache_min_uses 10;
proxy_cache_valid 200 1440m;
2020-07-29 10:05:26 +00:00
proxy_cache_bypass $cookie_nocache $arg_nocache; # add cache bypass option
2020-07-30 14:38:09 +00:00
add_header X-Proxy-Cache $upstream_cache_status;
}
location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" {
2020-07-27 15:04:21 +00:00
include /etc/nginx/conf.d/include/cors;
2020-07-31 13:25:57 +00:00
include /etc/nginx/conf.d/include/proxy-buffer;
2020-07-27 15:04:21 +00:00
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
2020-07-30 19:15:21 +00:00
add_header Cache-Control "public, max-age=86400"; # allow consumer to cache response
# we need to explicitly use set directive here because $1 will contain the skylink with
# decoded whitespaces and set will re-encode it for us before passing it to proxy_pass
set $skylink $1;
proxy_read_timeout 600;
2020-07-27 13:40:26 +00:00
proxy_set_header User-Agent: Sia-Agent;
# proxy this call to siad /skynet/skylink/ endpoint (make sure the ip is correct)
# this alias also adds attachment=true url param to force download the file
2020-07-28 11:22:07 +00:00
proxy_pass http://siad/skynet/skylink/$skylink?attachment=true&$args;
# cache frequent (> 10) downloads for 24 hours
proxy_cache skynet;
proxy_cache_key $uri;
proxy_cache_min_uses 10;
proxy_cache_valid 200 1440m;
2020-07-29 10:05:26 +00:00
proxy_cache_bypass $cookie_nocache $arg_nocache; # add cache bypass option
2020-07-30 14:38:09 +00:00
add_header X-Proxy-Cache $upstream_cache_status;
}
}