include /etc/nginx/conf.d/include/cors; include /etc/nginx/conf.d/include/proxy-buffer; #include /etc/nginx/conf.d/include/proxy-cache-downloads; include /etc/nginx/conf.d/include/track-download; # ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones) # this is important because we want only one format in cache keys and logs set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) } # variable for Skynet-Proof header that we need to inject # into a response if the request was for skylink v2 set $skynet_proof ''; access_by_lua_block { # -- the block below only makes sense if we are using nginx cache # if not ngx.var.skyd_disk_cache_enabled then # local httpc = require("resty.http").new() # # -- detect whether requested skylink is v2 # local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04" # local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ" # # if isBase32v2 or isBase64v2 then # -- 10.10.10.10 points to sia service (alias not available when using resty-http) # local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, { # headers = { ["User-Agent"] = "Sia-Agent" } # }) # # -- print error and exit with 500 or exit with response if status is not 200 # if err or (res and res.status ~= ngx.HTTP_OK) then # ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status # ngx.header["content-type"] = "text/plain" # ngx.say(err or res.body) # return ngx.exit(ngx.status) # end # # local json = require('cjson') # local resolve = json.decode(res.body) # ngx.var.skylink_v1 = resolve.skylink # ngx.var.skynet_proof = res.headers["Skynet-Proof"] # end # # -- check if skylink v1 is present on blocklist (compare hashes) # if require("skynet.blocklist").is_blocked(ngx.var.skylink_v1) then # return require("skynet.blocklist").exit_illegal() # end # # -- if skylink is found on nocache list then set internal nocache variable # -- to tell nginx that it should not try and cache this file (too large) # if ngx.shared.nocache:get(ngx.var.skylink_v1) then # ngx.var.nocache = "1" # end # end if require("skynet.account").accounts_enabled() then -- check if portal is in authenticated only mode if require("skynet.account").is_access_unauthorized() then return require("skynet.account").exit_access_unauthorized() end -- check if portal is in subscription only mode if require("skynet.account").is_access_forbidden() then return require("skynet.account").exit_access_forbidden() end -- get account limits of currently authenticated user local limits = require("skynet.account").get_account_limits() end } header_filter_by_lua_block { ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain -- the block below only makes sense if we are using nginx cache if not ngx.var.skyd_disk_cache_enabled then -- not empty skynet_proof means this is a skylink v2 request -- so we should replace the Skynet-Proof header with the one -- we got from /skynet/resolve/ endpoint, otherwise we would -- be serving cached empty v1 skylink Skynet-Proof header if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then ngx.header["Skynet-Proof"] = ngx.var.skynet_proof end -- add skylink to nocache list if it exceeds 1GB (1e+9 bytes) threshold -- (content length can be nil for already cached files - we can ignore them) if ngx.header["Content-Length"] and tonumber(ngx.header["Content-Length"]) > 1e+9 then ngx.shared.nocache:set(ngx.var.skylink_v1, ngx.header["Content-Length"]) end end } proxy_read_timeout 600; proxy_set_header User-Agent: Sia-Agent; proxy_pass http://sia:9980/skynet/skylink/$skylink$path$is_args$args;