Merge pull request #1771 from SkynetLabs/set-portal-domain-as-server-domain-when-accessing-through-server-domain
set portal domain header to server domain when accessing through server domain
This commit is contained in:
commit
4c5acb8221
|
@ -9,6 +9,15 @@
|
|||
server {
|
||||
server_name account.{{PORTAL_DOMAIN}}; # example: account.siasky.net
|
||||
|
||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
||||
set_by_lua_block $skynet_server_domain {
|
||||
-- fall back to portal domain if server domain is not defined
|
||||
if "{{SERVER_DOMAIN}}" == "" then
|
||||
return "{{PORTAL_DOMAIN}}"
|
||||
end
|
||||
return "{{SERVER_DOMAIN}}"
|
||||
}
|
||||
|
||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.crt;
|
||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.key;
|
||||
|
||||
|
@ -31,6 +40,9 @@
|
|||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.crt;
|
||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.key;
|
||||
|
||||
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
||||
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
||||
|
||||
include /etc/nginx/conf.d/server/server.account;
|
||||
|
||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
||||
|
|
|
@ -8,6 +8,15 @@ server {
|
|||
server {
|
||||
server_name {{PORTAL_DOMAIN}}; # example: siasky.net
|
||||
|
||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
||||
set_by_lua_block $skynet_server_domain {
|
||||
-- fall back to portal domain if server domain is not defined
|
||||
if "{{SERVER_DOMAIN}}" == "" then
|
||||
return "{{PORTAL_DOMAIN}}"
|
||||
end
|
||||
return "{{SERVER_DOMAIN}}"
|
||||
}
|
||||
|
||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{PORTAL_DOMAIN}}/{{PORTAL_DOMAIN}}.crt;
|
||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{PORTAL_DOMAIN}}/{{PORTAL_DOMAIN}}.key;
|
||||
|
||||
|
@ -30,6 +39,9 @@ server {
|
|||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{SERVER_DOMAIN}}/{{SERVER_DOMAIN}}.crt;
|
||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/{{SERVER_DOMAIN}}/{{SERVER_DOMAIN}}.key;
|
||||
|
||||
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
||||
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
||||
|
||||
include /etc/nginx/conf.d/server/server.api;
|
||||
|
||||
set_by_lua_block $server_alias { return string.match("{{SERVER_DOMAIN}}", "^([^.]+)") }
|
||||
|
|
|
@ -8,6 +8,15 @@ server {
|
|||
server {
|
||||
server_name *.hns.{{PORTAL_DOMAIN}}; # example: *.hns.siasky.net
|
||||
|
||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
||||
set_by_lua_block $skynet_server_domain {
|
||||
-- fall back to portal domain if server domain is not defined
|
||||
if "{{SERVER_DOMAIN}}" == "" then
|
||||
return "{{PORTAL_DOMAIN}}"
|
||||
end
|
||||
return "{{SERVER_DOMAIN}}"
|
||||
}
|
||||
|
||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{PORTAL_DOMAIN}}/wildcard_.hns.{{PORTAL_DOMAIN}}.crt;
|
||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{PORTAL_DOMAIN}}/wildcard_.hns.{{PORTAL_DOMAIN}}.key;
|
||||
|
||||
|
@ -30,6 +39,9 @@ server {
|
|||
|
||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{SERVER_DOMAIN}}/wildcard_.hns.{{SERVER_DOMAIN}}.crt;
|
||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.hns.{{SERVER_DOMAIN}}/wildcard_.hns.{{SERVER_DOMAIN}}.key;
|
||||
|
||||
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
||||
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
||||
|
||||
proxy_set_header Host {{SERVER_DOMAIN}};
|
||||
include /etc/nginx/conf.d/server/server.hns;
|
||||
|
|
|
@ -7,6 +7,15 @@ server {
|
|||
|
||||
server {
|
||||
server_name *.{{PORTAL_DOMAIN}}; # example: *.siasky.net
|
||||
|
||||
set_by_lua_block $skynet_portal_domain { return "{{PORTAL_DOMAIN}}" }
|
||||
set_by_lua_block $skynet_server_domain {
|
||||
-- fall back to portal domain if server domain is not defined
|
||||
if "{{SERVER_DOMAIN}}" == "" then
|
||||
return "{{PORTAL_DOMAIN}}"
|
||||
end
|
||||
return "{{SERVER_DOMAIN}}"
|
||||
}
|
||||
|
||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.crt;
|
||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{PORTAL_DOMAIN}}/wildcard_.{{PORTAL_DOMAIN}}.key;
|
||||
|
@ -26,6 +35,9 @@ server {
|
|||
|
||||
server {
|
||||
server_name *.{{SERVER_DOMAIN}}; # example: *.eu-ger-1.siasky.net
|
||||
|
||||
set_by_lua_block $skynet_portal_domain { return "{{SERVER_DOMAIN}}" }
|
||||
set_by_lua_block $skynet_server_domain { return "{{SERVER_DOMAIN}}" }
|
||||
|
||||
ssl_certificate /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.crt;
|
||||
ssl_certificate_key /data/caddy/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.{{SERVER_DOMAIN}}/wildcard_.{{SERVER_DOMAIN}}.key;
|
||||
|
|
|
@ -81,8 +81,8 @@ proxy_pass https://127.0.0.1/$skylink$path$is_args$args;
|
|||
|
||||
# in case siad returns location header, we need to replace the skylink with the domain name
|
||||
header_filter_by_lua_block {
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||
|
||||
if ngx.header.location then
|
||||
-- match location redirect part after the skylink
|
||||
|
|
|
@ -85,8 +85,8 @@ access_by_lua_block {
|
|||
}
|
||||
|
||||
header_filter_by_lua_block {
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||
|
||||
-- the block below only makes sense if we are using nginx cache
|
||||
if not ngx.var.skyd_disk_cache_enabled then
|
||||
|
|
|
@ -247,8 +247,7 @@ location /skynet/tus {
|
|||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
# rewrite proxy request to use correct host uri from env variable (required to return correct location header)
|
||||
set_by_lua_block $server_domain { return os.getenv("SERVER_DOMAIN") }
|
||||
proxy_redirect $scheme://$host $scheme://$server_domain;
|
||||
proxy_redirect $scheme://$host $scheme://$skynet_server_domain;
|
||||
|
||||
# proxy /skynet/tus requests to siad endpoint with all arguments
|
||||
proxy_pass http://sia:9980;
|
||||
|
@ -275,8 +274,8 @@ location /skynet/tus {
|
|||
|
||||
# extract skylink from base64 encoded upload metadata and assign to a proper header
|
||||
header_filter_by_lua_block {
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||
|
||||
if ngx.header["Upload-Metadata"] then
|
||||
local encodedSkylink = string.match(ngx.header["Upload-Metadata"], "Skylink ([^,?]+)")
|
||||
|
@ -310,8 +309,8 @@ location /skynet/metadata {
|
|||
include /etc/nginx/conf.d/include/portal-access-check;
|
||||
|
||||
header_filter_by_lua_block {
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||
}
|
||||
|
||||
proxy_set_header User-Agent: Sia-Agent;
|
||||
|
@ -323,8 +322,8 @@ location /skynet/resolve {
|
|||
include /etc/nginx/conf.d/include/portal-access-check;
|
||||
|
||||
header_filter_by_lua_block {
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||
}
|
||||
|
||||
proxy_set_header User-Agent: Sia-Agent;
|
||||
|
|
|
@ -95,8 +95,8 @@ http {
|
|||
|
||||
# include skynet-portal-api and skynet-server-api header on every request
|
||||
header_filter_by_lua_block {
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN")
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN")
|
||||
ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain
|
||||
ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain
|
||||
}
|
||||
|
||||
# ratelimit specified IPs
|
||||
|
|
Reference in New Issue