set portal domain header to server domain when accessing through server domain
This commit is contained in:
parent
e5894b1b3c
commit
169d0a8d55
|
@ -9,6 +9,9 @@
|
||||||
server {
|
server {
|
||||||
server_name account.{{PORTAL_DOMAIN}}; # example: account.siasky.net
|
server_name account.{{PORTAL_DOMAIN}}; # example: account.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
||||||
|
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" == "" and "{{PORTAL_DOMAIN}}" or "{{SERVER_DOMAIN}}" }
|
||||||
|
|
||||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.crt;
|
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.crt;
|
||||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.key;
|
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.key;
|
||||||
|
|
||||||
|
@ -31,6 +34,9 @@
|
||||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.crt;
|
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.crt;
|
||||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.key;
|
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.key;
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
||||||
|
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.account;
|
include /etc/nginx/conf.d/server/server.account;
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
||||||
|
|
|
@ -8,6 +8,9 @@ server {
|
||||||
server {
|
server {
|
||||||
server_name {{PORTAL_DOMAIN}}; # example: siasky.net
|
server_name {{PORTAL_DOMAIN}}; # example: siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
||||||
|
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" == "" and "{{PORTAL_DOMAIN}}" or "{{SERVER_DOMAIN}}" }
|
||||||
|
|
||||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{PORTAL_DOMAIN}}/{{PORTAL_DOMAIN}}.crt;
|
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{PORTAL_DOMAIN}}/{{PORTAL_DOMAIN}}.crt;
|
||||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{PORTAL_DOMAIN}}/{{PORTAL_DOMAIN}}.key;
|
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{PORTAL_DOMAIN}}/{{PORTAL_DOMAIN}}.key;
|
||||||
|
|
||||||
|
@ -30,6 +33,9 @@ server {
|
||||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{SERVER_DOMAIN}}/{{SERVER_DOMAIN}}.crt;
|
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{SERVER_DOMAIN}}/{{SERVER_DOMAIN}}.crt;
|
||||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{SERVER_DOMAIN}}/{{SERVER_DOMAIN}}.key;
|
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{SERVER_DOMAIN}}/{{SERVER_DOMAIN}}.key;
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
||||||
|
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
||||||
|
|
||||||
include /etc/nginx/conf.d/server/server.api;
|
include /etc/nginx/conf.d/server/server.api;
|
||||||
|
|
||||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
||||||
|
|
|
@ -8,6 +8,9 @@ server {
|
||||||
server {
|
server {
|
||||||
server_name *.hns.{{PORTAL_DOMAIN}}; # example: *.hns.siasky.net
|
server_name *.hns.{{PORTAL_DOMAIN}}; # example: *.hns.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
||||||
|
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" == "" and "{{PORTAL_DOMAIN}}" or "{{SERVER_DOMAIN}}" }
|
||||||
|
|
||||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{PORTAL_DOMAIN}}/wildcard_.hns.{{PORTAL_DOMAIN}}.crt;
|
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{PORTAL_DOMAIN}}/wildcard_.hns.{{PORTAL_DOMAIN}}.crt;
|
||||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{PORTAL_DOMAIN}}/wildcard_.hns.{{PORTAL_DOMAIN}}.key;
|
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{PORTAL_DOMAIN}}/wildcard_.hns.{{PORTAL_DOMAIN}}.key;
|
||||||
|
|
||||||
|
@ -31,6 +34,9 @@ server {
|
||||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{SERVER_DOMAIN}}/wildcard_.hns.{{SERVER_DOMAIN}}.crt;
|
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{SERVER_DOMAIN}}/wildcard_.hns.{{SERVER_DOMAIN}}.crt;
|
||||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{SERVER_DOMAIN}}/wildcard_.hns.{{SERVER_DOMAIN}}.key;
|
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{SERVER_DOMAIN}}/wildcard_.hns.{{SERVER_DOMAIN}}.key;
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
||||||
|
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
||||||
|
|
||||||
proxy_set_header Host {{SERVER_DOMAIN}};
|
proxy_set_header Host {{SERVER_DOMAIN}};
|
||||||
include /etc/nginx/conf.d/server/server.hns;
|
include /etc/nginx/conf.d/server/server.hns;
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,9 @@ server {
|
||||||
server {
|
server {
|
||||||
server_name *.{{PORTAL_DOMAIN}}; # example: *.siasky.net
|
server_name *.{{PORTAL_DOMAIN}}; # example: *.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
||||||
|
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" == "" and "{{PORTAL_DOMAIN}}" or "{{SERVER_DOMAIN}}" }
|
||||||
|
|
||||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.crt;
|
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.crt;
|
||||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.key;
|
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.key;
|
||||||
|
|
||||||
|
@ -27,6 +30,9 @@ server {
|
||||||
server {
|
server {
|
||||||
server_name *.{{SERVER_DOMAIN}}; # example: *.eu-ger-1.siasky.net
|
server_name *.{{SERVER_DOMAIN}}; # example: *.eu-ger-1.siasky.net
|
||||||
|
|
||||||
|
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
||||||
|
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
||||||
|
|
||||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.crt;
|
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.crt;
|
||||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.key;
|
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.key;
|
||||||
|
|
||||||
|
|
|
@ -81,8 +81,8 @@ proxy_pass https://127.0.0.1/$skylink$path$is_args$args;
|
||||||
|
|
||||||
# in case siad returns location header, we need to replace the skylink with the domain name
|
# in case siad returns location header, we need to replace the skylink with the domain name
|
||||||
header_filter_by_lua_block {
|
header_filter_by_lua_block {
|
||||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||||
|
|
||||||
if ngx.header.location then
|
if ngx.header.location then
|
||||||
-- match location redirect part after the skylink
|
-- match location redirect part after the skylink
|
||||||
|
|
|
@ -85,8 +85,8 @@ access_by_lua_block {
|
||||||
}
|
}
|
||||||
|
|
||||||
header_filter_by_lua_block {
|
header_filter_by_lua_block {
|
||||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||||
|
|
||||||
-- the block below only makes sense if we are using nginx cache
|
-- the block below only makes sense if we are using nginx cache
|
||||||
if not ngx.var.skyd_disk_cache_enabled then
|
if not ngx.var.skyd_disk_cache_enabled then
|
||||||
|
|
|
@ -247,8 +247,7 @@ location /skynet/tus {
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
|
||||||
# rewrite proxy request to use correct host uri from env variable (required to return correct location header)
|
# rewrite proxy request to use correct host uri from env variable (required to return correct location header)
|
||||||
set_by_lua_block $server_domain { return os.getenv("SERVER_DOMAIN") }
|
proxy_redirect $scheme://$host $scheme://$skynet_server_domain;
|
||||||
proxy_redirect $scheme://$host $scheme://$server_domain;
|
|
||||||
|
|
||||||
# proxy /skynet/tus requests to siad endpoint with all arguments
|
# proxy /skynet/tus requests to siad endpoint with all arguments
|
||||||
proxy_pass http://sia:9980;
|
proxy_pass http://sia:9980;
|
||||||
|
@ -275,8 +274,8 @@ location /skynet/tus {
|
||||||
|
|
||||||
# extract skylink from base64 encoded upload metadata and assign to a proper header
|
# extract skylink from base64 encoded upload metadata and assign to a proper header
|
||||||
header_filter_by_lua_block {
|
header_filter_by_lua_block {
|
||||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||||
|
|
||||||
if ngx.header["Upload-Metadata"] then
|
if ngx.header["Upload-Metadata"] then
|
||||||
local encodedSkylink = string.match(ngx.header["Upload-Metadata"], "Skylink ([^,?]+)")
|
local encodedSkylink = string.match(ngx.header["Upload-Metadata"], "Skylink ([^,?]+)")
|
||||||
|
@ -310,8 +309,8 @@ location /skynet/metadata {
|
||||||
include /etc/nginx/conf.d/include/portal-access-check;
|
include /etc/nginx/conf.d/include/portal-access-check;
|
||||||
|
|
||||||
header_filter_by_lua_block {
|
header_filter_by_lua_block {
|
||||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||||
}
|
}
|
||||||
|
|
||||||
proxy_set_header User-Agent: Sia-Agent;
|
proxy_set_header User-Agent: Sia-Agent;
|
||||||
|
@ -323,8 +322,8 @@ location /skynet/resolve {
|
||||||
include /etc/nginx/conf.d/include/portal-access-check;
|
include /etc/nginx/conf.d/include/portal-access-check;
|
||||||
|
|
||||||
header_filter_by_lua_block {
|
header_filter_by_lua_block {
|
||||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||||
}
|
}
|
||||||
|
|
||||||
proxy_set_header User-Agent: Sia-Agent;
|
proxy_set_header User-Agent: Sia-Agent;
|
||||||
|
|
|
@ -95,8 +95,8 @@ http {
|
||||||
|
|
||||||
# include skynet-portal-api and skynet-server-api header on every request
|
# include skynet-portal-api and skynet-server-api header on every request
|
||||||
header_filter_by_lua_block {
|
header_filter_by_lua_block {
|
||||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||||
}
|
}
|
||||||
|
|
||||||
# ratelimit specified IPs
|
# ratelimit specified IPs
|
||||||
|
|
Reference in New Issue