This commit is contained in:
Karol Wypchlo 2020-07-27 17:04:21 +02:00
parent af1f4896f0
commit 1dbc842c55
3 changed files with 52 additions and 1 deletions

View File

@ -42,10 +42,14 @@ server {
client_max_body_size 128k;
location / {
include /etc/nginx/conf.d/include/cors;
root /var/www/webportal;
}
location /blacklist {
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
proxy_cache_valid any 1m; # cache blacklist for 1 minute
proxy_set_header Access-Control-Allow-Origin: *;
@ -54,6 +58,8 @@ server {
}
location /portals {
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
proxy_cache_valid any 1m; # cache portals for 1 minute
proxy_set_header Access-Control-Allow-Origin: *;
@ -62,6 +68,8 @@ server {
}
location /stats {
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
proxy_cache_valid any 1m; # cache stats for 1 minute
proxy_set_header Access-Control-Allow-Origin: *;
@ -70,6 +78,8 @@ server {
}
location /statsdown {
include /etc/nginx/conf.d/include/cors;
proxy_cache skynet;
proxy_cache_valid any 1m; # cache stats for 1 minute
proxy_set_header Access-Control-Allow-Origin: *;
@ -78,21 +88,29 @@ server {
}
location /health-check {
include /etc/nginx/conf.d/include/cors;
proxy_set_header Access-Control-Allow-Origin: *;
proxy_pass http://health-check:3100;
}
location /hns {
include /etc/nginx/conf.d/include/cors;
proxy_set_header Access-Control-Allow-Origin: *;
proxy_pass http://handshake-api:3100;
}
location /hnsres {
include /etc/nginx/conf.d/include/cors;
proxy_set_header Access-Control-Allow-Origin: *;
proxy_pass http://handshake-api:3100;
}
location /skynet/skyfile {
include /etc/nginx/conf.d/include/cors;
limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
proxy_read_timeout 600;
@ -135,6 +153,8 @@ server {
}
location ~ "/skynet/skyfile/(.+)" {
include /etc/nginx/conf.d/include/cors;
limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
proxy_read_timeout 600;
@ -152,6 +172,8 @@ server {
}
location ~ "^/([a-zA-Z0-9-_]{46}(/.*)?)$" {
include /etc/nginx/conf.d/include/cors;
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
# we need to explicitly use set directive here because $1 will contain the skylink with
@ -176,6 +198,8 @@ server {
}
location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" {
include /etc/nginx/conf.d/include/cors;
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
# we need to explicitly use set directive here because $1 will contain the skylink with

View File

@ -0,0 +1,27 @@
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}

View File

@ -24,7 +24,7 @@ docker-compose --version # sanity check
# CLOUDFLARE_AUTH_TOKEN - cloudflare auth token for ssl generation (just for siasky.net)
if ! [ -f /home/user/skynet-webportal/.env ]; then
HSD_API_KEY=$(openssl rand -base64 32) # generate safe random key for handshake
printf "DOMAIN_NAME=example.com\nEMAIL_ADDRESS=email@example.com\nSIA_API_AUTHORIZATION=\nCLOUDFLARE_AUTH_TOKEN=\nHSD_API_KEY=${HSD_API_KEY}\n" > /home/user/skynet-webportal/.env
printf "DOMAIN_NAME=example.com\nEMAIL_ADDRESS=email@example.com\nSIA_API_AUTHORIZATION=\nCLOUDFLARE_AUTH_TOKEN=\nHSD_API_KEY=${HSD_API_KEY}\nAWS_ACCESS_KEY_ID=\nAWS_SECRET_ACCESS_KEY=\n" > /home/user/skynet-webportal/.env
fi
# Start docker container with nginx and client