156 lines
6.1 KiB
Plaintext
156 lines
6.1 KiB
Plaintext
limit_req_zone $binary_remote_addr zone=stats_by_ip:10m rate=10r/m;
|
|
limit_conn_zone $binary_remote_addr zone=uploads_by_ip:10m;
|
|
limit_conn_zone $binary_remote_addr zone=downloads_by_ip:10m;
|
|
limit_req_status 429;
|
|
limit_conn_status 429;
|
|
|
|
proxy_cache_path /temp/nginx keys_zone=skynet:10m inactive=1d;
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name _;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name siasky.net www.siasky.net; # replace with actual server names
|
|
|
|
# ddos protection: closing slow connections
|
|
client_body_timeout 5s;
|
|
client_header_timeout 5s;
|
|
|
|
# NOTE: make sure to enable any additional configuration you might need like gzip
|
|
|
|
location / {
|
|
root /home/user/skynet-webportal/public; # path to root of index.html
|
|
}
|
|
|
|
location /stats {
|
|
limit_req zone=stats_by_ip; # ddos protection: max 10 requests per minute
|
|
|
|
proxy_set_header Access-Control-Allow-Origin: *;
|
|
proxy_set_header User-Agent: Sia-Agent;
|
|
|
|
# replace BASE64_AUTHENTICATION with base64 encoded <user>:<password>
|
|
# for sia user is empty so it's just :<password>
|
|
# to generate the passcode use https://www.base64encode.org or any other base64 encoder
|
|
proxy_set_header Authorization "Basic BASE64_AUTHENTICATION";
|
|
proxy_pass http://127.0.0.1:9970/skynet/stats;
|
|
}
|
|
|
|
location /statsdown {
|
|
limit_req zone=stats_by_ip; # ddos protection: max 10 requests per minute
|
|
|
|
proxy_set_header Access-Control-Allow-Origin: *;
|
|
proxy_set_header User-Agent: Sia-Agent;
|
|
|
|
# replace BASE64_AUTHENTICATION with base64 encoded <user>:<password>
|
|
# for sia user is empty so it's just :<password>
|
|
# to generate the passcode use https://www.base64encode.org or any other base64 encoder
|
|
proxy_set_header Authorization "Basic BASE64_AUTHENTICATION";
|
|
proxy_pass http://127.0.0.1:9980/skynet/stats;
|
|
}
|
|
|
|
location /skynet/skyfile {
|
|
limit_conn uploads_by_ip 10; # ddos protection: max 10 uploads at a time
|
|
client_max_body_size 1000M; # make sure to limit the size of upload to a sane value
|
|
proxy_read_timeout 600;
|
|
|
|
# Extract 3 sets of 2 characters from $request_id and assign to $dir1, $dir2, $dir3
|
|
# respectfully. The rest of the $request_id is going to be assigned to $dir4.
|
|
# We use those variables to automatically generate a unique path for the uploaded file.
|
|
# This ensures that not all uploaded files end up in the same directory, which is something
|
|
# that causes performance issues in the renter.
|
|
# Example path result: /af/24/9b/c5ec894920ccc45634dc9a8065
|
|
if ($request_id ~* "(\w{2})(\w{2})(\w{2})(\w+)") {
|
|
set $dir1 $1;
|
|
set $dir2 $2;
|
|
set $dir3 $3;
|
|
set $dir4 $4;
|
|
}
|
|
|
|
# proxy this call to siad endpoint (make sure the ip is correct)
|
|
#
|
|
# note that we point uploads to port '9970', do this when you want to
|
|
# run in a configuration where you have two siad instances, one for
|
|
# downloads and one for uploads. This drastically improves the up - and
|
|
# download speed of your portal. When running your portal in this double
|
|
# siad setup, make sure only the download portal runs in 'portal mode'.
|
|
# The upload siad can be run in normal mode. Set the port to '9980' if
|
|
# you do not want to run your portal in the double siad setup.
|
|
proxy_pass http://127.0.0.1:9970/skynet/skyfile/$dir1/$dir2/$dir3/$dir4$is_args$args;
|
|
|
|
proxy_set_header Expect $http_expect;
|
|
add_header Access-Control-Allow-Origin *;
|
|
proxy_hide_header Access-Control-Allow-Origin;
|
|
# make sure to override user agent header - siad requirement
|
|
proxy_set_header User-Agent: Sia-Agent;
|
|
# replace BASE64_AUTHENTICATION with base64 encoded <user>:<password>
|
|
# for sia user is empty so it's just :<password>
|
|
# to generate the passcode use https://www.base64encode.org or any other base64 encoder
|
|
proxy_set_header Authorization "Basic BASE64_AUTHENTICATION";
|
|
}
|
|
|
|
location ~ "^/([a-zA-Z0-9-_]{46}(/.*)?)$" {
|
|
limit_conn downloads_by_ip 10; # ddos protection: max 10 downloads at a time
|
|
|
|
# we need to explicitly use set directive here because $1 will contain the skylink with
|
|
# decoded whitespaces and set will re-encode it for us before passing it to proxy_pass
|
|
set $skylink $1;
|
|
|
|
proxy_read_timeout 600;
|
|
# proxy this call to siad /skynet/skylink/ endpoint (make sure the ip is correct)
|
|
proxy_pass http://127.0.0.1:9980/skynet/skylink/$skylink$is_args$args;
|
|
proxy_set_header Access-Control-Allow-Origin: *;
|
|
# make sure to override user agent header - siad requirement
|
|
proxy_set_header User-Agent: Sia-Agent;
|
|
|
|
# make sure the Skynet-File-Metadata header gets exposed in the response
|
|
add_header Access-Control-Expose-Headers skynet-file-metadata;
|
|
|
|
# if you are expecting large headers (ie. Skynet-Skyfile-Metadata), tune these values to your needs
|
|
#proxy_buffer_size 128k;
|
|
#proxy_buffers 4 128k;
|
|
|
|
# cache frequent (> 10) downloads for 24 hours
|
|
proxy_cache skynet;
|
|
proxy_cache_key $uri;
|
|
proxy_cache_min_uses 10;
|
|
proxy_cache_valid 200 1440m;
|
|
}
|
|
|
|
location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" {
|
|
limit_conn downloads_by_ip 10; # ddos protection: max 10 downloads at a time
|
|
|
|
# we need to explicitly use set directive here because $1 will contain the skylink with
|
|
# decoded whitespaces and set will re-encode it for us before passing it to proxy_pass
|
|
set $skylink $1;
|
|
|
|
proxy_read_timeout 600;
|
|
# proxy this call to siad /skynet/skylink/ endpoint (make sure the ip is correct)
|
|
# this alias also adds attachment=true url param to force download the file
|
|
proxy_pass http://127.0.0.1:9980/skynet/skylink/$skylink?attachment=true&$args;
|
|
proxy_set_header Access-Control-Allow-Origin: *;
|
|
# make sure to override user agent header - siad requirement
|
|
proxy_set_header User-Agent: Sia-Agent;
|
|
|
|
# make sure the Skynet-File-Metadata header gets exposed in the response
|
|
add_header Access-Control-Expose-Headers skynet-file-metadata;
|
|
|
|
# if you are expecting large headers (ie. Skynet-Skyfile-Metadata), tune these values to your needs
|
|
#proxy_buffer_size 128k;
|
|
#proxy_buffers 4 128k;
|
|
|
|
# cache frequent (> 10) downloads for 24 hours
|
|
proxy_cache skynet;
|
|
proxy_cache_key $uri;
|
|
proxy_cache_min_uses 10;
|
|
proxy_cache_valid 200 1440m;
|
|
}
|
|
|
|
# SLL CERTIFICATES BELOW THIS LINE
|
|
}
|