add portal_subdomain to nginx regex and fill documentation (#435)
This commit is contained in:
parent
10a251c081
commit
468527c22d
|
@ -22,8 +22,8 @@ server {
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
|
|
||||||
# understand the regex https://regex101.com/r/BGQvi6/2/
|
# understand the regex https://regex101.com/r/BGQvi6/6
|
||||||
server_name "~^(((?<base32_subdomain>([a-z0-9]{55}))|(?<hns_domain>[^\.]+)\.hns)\.)?(?<domain>[^.]+)\.(?<tld>[^.]+)$";
|
server_name "~^(((?<base32_subdomain>([a-z0-9]{55}))|(?<hns_domain>[^\.]+)\.hns)\.)?((?<portal_domain>[^.]+)\.)?(?<domain>[^.]+)\.(?<tld>[^.]+)$";
|
||||||
|
|
||||||
# ddos protection: closing slow connections
|
# ddos protection: closing slow connections
|
||||||
client_body_timeout 5s;
|
client_body_timeout 5s;
|
||||||
|
@ -40,15 +40,15 @@ server {
|
||||||
recursive_error_pages on;
|
recursive_error_pages on;
|
||||||
|
|
||||||
# redirect links with base32 encoded skylink in subdomain
|
# redirect links with base32 encoded skylink in subdomain
|
||||||
error_page 418 = @base32_subdomain;
|
error_page 460 = @base32_subdomain;
|
||||||
if ($base32_subdomain != "") {
|
if ($base32_subdomain != "") {
|
||||||
return 418;
|
return 460;
|
||||||
}
|
}
|
||||||
|
|
||||||
# redirect links with handshake domain on hns subdomain
|
# redirect links with handshake domain on hns subdomain
|
||||||
error_page 419 = @hns_domain;
|
error_page 461 = @hns_domain;
|
||||||
if ($hns_domain != "") {
|
if ($hns_domain != "") {
|
||||||
return 419;
|
return 461;
|
||||||
}
|
}
|
||||||
|
|
||||||
include /etc/nginx/conf.d/include/cors;
|
include /etc/nginx/conf.d/include/cors;
|
||||||
|
|
|
@ -90,18 +90,11 @@ At this point we have almost everything running, we just need to set up your wal
|
||||||
|
|
||||||
## Subdomains
|
## Subdomains
|
||||||
|
|
||||||
It might prove useful for certain skapps to be accessible through a custom
|
It might prove useful for certain skapps to be accessible through a custom subdomain. So instead of being accessed through `https://portal.com/[skylink]`, it would be accessible through `https://[skylink_base32].portal.com`. We call this "subdomain access" and it is made possible by encoding Skylinks using a base32 encoding. We have to use a base32 encoding scheme because subdomains have to be all lower case and the base64 encoded Skylink is case sensitive and thus might contain uppercase characters.
|
||||||
subdomain. So instead of being accessed through `https://portal/[skylink]`, it
|
|
||||||
would be accessible through `https://[skylink_base32].portal`. We call this
|
|
||||||
subdomains and it is made possible by encoding Skylinks using a base32 encoding.
|
|
||||||
We have to use a base32 encoding scheme because subdomains have to be all lower
|
|
||||||
case and the base64 encoded Skylink is case sensitive and thus might contain
|
|
||||||
uppercase characters.
|
|
||||||
|
|
||||||
You can convert Skylinks using this [converter
|
You can convert Skylinks using this [converter skapp](https://convert-skylink.hns.siasky.net). To see how the encoding and decoding works, please follow the link to the repo in the application itself.
|
||||||
skapp](https://siasky.net/hns/convert-skylink/), to
|
|
||||||
see how the encoding and decoding works, please follow the link to the repo in
|
There is also an option to access handshake domain through the subdomain using `https://[domain_name].hns.portal.com`.
|
||||||
the application itself.
|
|
||||||
|
|
||||||
To configure this on your portal, you have to make sure to configure the following:
|
To configure this on your portal, you have to make sure to configure the following:
|
||||||
|
|
||||||
|
@ -113,44 +106,68 @@ achieved using Caddy.
|
||||||
|
|
||||||
```
|
```
|
||||||
(siasky.net) {
|
(siasky.net) {
|
||||||
siasky.net, *.siasky.net {
|
siasky.net, *.siasky.net, *.hns.siasky.net {
|
||||||
tls {
|
...
|
||||||
|
}
|
||||||
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
(see `../docker/caddy/Caddyfile`)
|
(see [docker/caddy/Caddyfile](../docker/Caddy/Caddyfile))
|
||||||
|
|
||||||
### Nginx configuration
|
### Nginx configuration
|
||||||
|
|
||||||
In Nginx two things need to happen:
|
In Nginx two things need to happen:
|
||||||
|
|
||||||
- parse the subdomain from the url
|
#### Match the specific parts of the uri
|
||||||
- proxy_pass the request to the appropriate location
|
|
||||||
|
|
||||||
Siad is able to make the conversion and treat this as a regular Skylink.
|
|
||||||
|
|
||||||
```
|
```
|
||||||
# parse subdomain (a base32 encoded Skylink) into custom variable
|
# understand the regex https://regex101.com/r/BGQvi6/6
|
||||||
server_name "~^([a-z0-9]{55})\..*$";
|
server_name "~^(((?<base32_subdomain>([a-z0-9]{55}))|(?<hns_domain>[^\.]+)\.hns)\.)?((?<portal_domain>[^.]+)\.)?(?<domain>[^.]+)\.(?<tld>[^.]+)$";
|
||||||
set $subdomain $1;
|
```
|
||||||
|
|
||||||
...
|
#### Redirect the requests to the appropriate location
|
||||||
|
|
||||||
|
First you need to redirect the requests based on the regex above matching either `base32_subdomain` or `hns_domain`.
|
||||||
|
|
||||||
|
```
|
||||||
location / {
|
location / {
|
||||||
...
|
# This is the only safe workaround to reroute based on some conditions
|
||||||
error_page 418 = @subdomain;
|
# See https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
|
||||||
recursive_error_pages on;
|
recursive_error_pages on;
|
||||||
if ($subdomain != "") {
|
|
||||||
|
# redirect links with base32 encoded skylink in subdomain
|
||||||
|
error_page 418 = @base32_subdomain;
|
||||||
|
if ($base32_subdomain != "") {
|
||||||
return 418;
|
return 418;
|
||||||
}
|
}
|
||||||
...
|
|
||||||
|
# redirect links with handshake domain on hns subdomain
|
||||||
|
error_page 419 = @hns_domain;
|
||||||
|
if ($hns_domain != "") {
|
||||||
|
return 419;
|
||||||
}
|
}
|
||||||
...
|
|
||||||
location @subdomain {
|
|
||||||
...
|
...
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
(see `../docker/nginx/nginx.conf`)
|
Define locations for `@base32_subdomain` and `@hns_domain` redirects.
|
||||||
|
|
||||||
|
```
|
||||||
|
location @base32_subdomain {
|
||||||
|
include /etc/nginx/conf.d/include/proxy-buffer;
|
||||||
|
|
||||||
|
proxy_pass http://127.0.0.1/$base32_subdomain/$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location @hns_domain {
|
||||||
|
include /etc/nginx/conf.d/include/proxy-buffer;
|
||||||
|
|
||||||
|
proxy_pass http://127.0.0.1/hns/$hns_domain/$request_uri;
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
(see [docker/nginx/nginx.conf](../docker/nginx/nginx.conf))
|
||||||
|
|
||||||
## Useful Commands
|
## Useful Commands
|
||||||
|
|
||||||
|
|
Reference in New Issue