include /etc/nginx/conf.d/include/cors; include /etc/nginx/conf.d/include/proxy-buffer; include /etc/nginx/conf.d/include/proxy-cache-downloads; include /etc/nginx/conf.d/include/track-download; limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time # ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones) # this is important because we want only one format in cache keys and logs set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) } # variable for Skynet-Proof header that we need to inject # into a response if the request was for skylink v2 set $skynet_proof ''; # default download rate to unlimited set $limit_rate 0; access_by_lua_block { local accounts = require("skynet.account") if accounts.accounts_enabled() then -- check if portal is in authenticated only mode if accounts.is_access_unauthorized() then return accounts.exit_access_unauthorized() end -- check if portal is in subscription only mode if accounts.is_access_forbidden() then return accounts.exit_access_forbidden() end end } header_filter_by_lua_block { ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain } limit_rate_after 512k; limit_rate $limit_rate; proxy_read_timeout 600; proxy_set_header User-Agent: Sia-Agent; # in case the requested skylink was v2 and we already resolved it to skylink v1, we are going to pass resolved # skylink v1 to skyd to save that extra skylink v2 lookup in skyd but in turn, in case skyd returns a redirect # we need to rewrite the skylink v1 to skylink v2 in the location header with proxy_redirect proxy_pass http://sia:9980/skynet/skylink/$skylink$path$is_args$args;