limit_req_zone $binary_remote_addr zone=stats_by_ip:10m rate=10r/m; limit_conn_zone $binary_remote_addr zone=uploads_by_ip:10m; limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m; limit_req_status 429; limit_conn_status 429; server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name siasky.net www.siasky.net; # replace with actual server names # ddos protection: closing slow connections client_body_timeout 5s; client_header_timeout 5s; # Auto generate a uuid for each file. This means users are able to upload # Skyfiles without having to provide a uuid rewrite ^/skynet/skyfile/?$ /skynet/skyfile/$request_id$1; # NOTE: make sure to enable any additional configuration you might need like gzip location / { root /home/user/skynet-webportal/public; # path to root of index.html } location /stats { limit_req zone=stats_by_ip; # ddos protection: max 10 requests per minute proxy_set_header Access-Control-Allow-Origin: *; proxy_set_header User-Agent: Sia-Agent; # replace BASE64_AUTHENTICATION with base64 encoded : # for sia user is empty so it's just : # to generate the passcode use https://www.base64encode.org or any other base64 encoder proxy_set_header Authorization "Basic BASE64_AUTHENTICATION"; proxy_pass http://127.0.0.1:9970/skynet/stats; } location /statsdown { limit_req zone=stats_by_ip; # ddos protection: max 10 requests per minute proxy_set_header Access-Control-Allow-Origin: *; proxy_set_header User-Agent: Sia-Agent; # replace BASE64_AUTHENTICATION with base64 encoded : # for sia user is empty so it's just : # to generate the passcode use https://www.base64encode.org or any other base64 encoder proxy_set_header Authorization "Basic BASE64_AUTHENTICATION"; proxy_pass http://127.0.0.1:9980/skynet/stats; } location /skynet/skyfile/ { limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time client_max_body_size 1000M; # make sure to limit the size of upload to a sane value proxy_read_timeout 600; # proxy this call to siad endpoint (make sure the ip is correct) # # note that we point uploads to port '9970', do this when you want to # run in a configuration where you have two siad instances, one for # downloads and one for uploads. This drastically improves the up - and # download speed of your portal. When running your portal in this double # siad setup, make sure only the download portal runs in 'portal mode'. # The upload siad can be run in normal mode. Set the port to '9980' if # you do not want to run your portal in the double siad setup. proxy_pass http://127.0.0.1:9970; proxy_set_header Expect $http_expect; add_header Access-Control-Allow-Origin *; proxy_hide_header Access-Control-Allow-Origin; # make sure to override user agent header - siad requirement proxy_set_header User-Agent: Sia-Agent; # replace BASE64_AUTHENTICATION with base64 encoded : # for sia user is empty so it's just : # to generate the passcode use https://www.base64encode.org or any other base64 encoder proxy_set_header Authorization "Basic BASE64_AUTHENTICATION"; } location ~ "^/([a-zA-Z0-9-_]{46}(/.*)?)$" { limit_conn downloads_by_ip 10; # ddos protection: max 10 downloads at a time # we need to explicitly use set directive here because $1 will contain the skylink with # decoded whitespaces and set will re-encode it for us before passing it to proxy_pass set $skylink $1; proxy_read_timeout 600; # proxy this call to siad /skynet/skylink/ endpoint (make sure the ip is correct) proxy_pass http://127.0.0.1:9980/skynet/skylink/$skylink$is_args$args; proxy_set_header Access-Control-Allow-Origin: *; # make sure to override user agent header - siad requirement proxy_set_header User-Agent: Sia-Agent; # make sure the Skynet-File-Metadata header gets exposed in the response add_header Access-Control-Expose-Headers skynet-file-metadata; # if you are expecting large headers (ie. Skynet-Skyfile-Metadata), tune these values to your needs #proxy_buffer_size 128k; #proxy_buffers 4 128k; # cache frequent (> 10) downloads for 24 hours proxy_cache skynet; proxy_cache_key $uri; proxy_cache_min_uses 10; proxy_cache_valid 200 1440m; } location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" { limit_conn downloads_by_ip 10; # ddos protection: max 10 downloads at a time # we need to explicitly use set directive here because $1 will contain the skylink with # decoded whitespaces and set will re-encode it for us before passing it to proxy_pass set $skylink $1; proxy_read_timeout 600; # proxy this call to siad /skynet/skylink/ endpoint (make sure the ip is correct) # this alias also adds attachment=true url param to force download the file proxy_pass http://127.0.0.1:9980/skynet/skylink/$skylink?attachment=true&$args; proxy_set_header Access-Control-Allow-Origin: *; # make sure to override user agent header - siad requirement proxy_set_header User-Agent: Sia-Agent; # make sure the Skynet-File-Metadata header gets exposed in the response add_header Access-Control-Expose-Headers skynet-file-metadata; # if you are expecting large headers (ie. Skynet-Skyfile-Metadata), tune these values to your needs #proxy_buffer_size 128k; #proxy_buffers 4 128k; # cache frequent (> 10) downloads for 24 hours proxy_cache skynet; proxy_cache_key $uri; proxy_cache_min_uses 10; proxy_cache_valid 200 1440m; } # SLL CERTIFICATES BELOW THIS LINE }