Last active
August 25, 2018 19:00
-
-
Save aaroncox/216394ad480d8c960c138e99f89b6cb5 to your computer and use it in GitHub Desktop.
nodeosd / nginx configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes auto; | |
worker_rlimit_nofile 65535; | |
pid /run/nginx.pid; | |
# include /etc/nginx/modules-enabled/*.conf; | |
events { | |
worker_connections 10000; | |
multi_accept off; | |
use epoll; | |
} | |
http { | |
client_body_timeout 32; | |
client_header_timeout 32; | |
keepalive_timeout 90; | |
keepalive_requests 100000; | |
send_timeout 120; | |
reset_timedout_connection on; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
types_hash_max_size 2048; | |
server_tokens off; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE | |
ssl_prefer_server_ciphers on; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
access_log off; | |
error_log /var/log/nginx/error.log; | |
gzip on; | |
gzip_min_length 10240; | |
gzip_proxied expired no-cache no-store private auth; | |
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml; | |
gzip_disable msie6; | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
proxy_cache_path /ramdisk/nginx/core keys_zone=nodeos:1000m levels=1:2 inactive=600s max_size=100m; | |
proxy_cache_path /ramdisk/nginx/full keys_zone=fullnodeos:1000m levels=1:2 inactive=600s max_size=100m; | |
upstream nodeos { | |
server 8.26.94.31 fail_timeout=15s; | |
server 127.0.0.1:8888 badckup; # localhost backup | |
server 18.231.174.29 backup; # api.eosrio.io | |
server 35.190.58.19 backup; # api.eosnewyork.io | |
} | |
upstream fullnodeos { | |
server 127.0.0.1:8888 fail_timeout=15s; | |
server 18.231.174.29 backup; # api.eosrio.io | |
server 35.190.58.19 backup; # api.eosnewyork.io | |
} | |
log_format rt_cache '$remote_addr - $upstream_cache_status $upstream_addr [$time_local] ' | |
'"$request" $status $body_bytes_sent ' | |
'"$http_referer" "$http_user_agent"'; | |
log_format rt_mini '$remote_addr - $upstream_cache_status $upstream_addr [$time_local] ' | |
'"$request" $status $body_bytes_sent ' | |
'"$http_referer"'; | |
server { | |
listen 80; | |
#listen 443 ssl http2; | |
server_name _; | |
root /var/www/html/; | |
#access_log off; | |
#access_log /var/log/nginx/access.log; | |
#access_log /var/log/nginx/cache.log rt_cache; | |
#access_log /var/log/nginx/cache.log rt_mini; | |
keepalive_timeout 120; | |
keepalive_requests 100000; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
include /etc/nginx/proxy_headers.conf; | |
location ~ /.well-known { | |
allow all; | |
} | |
location /stub_status { | |
stub_status; | |
allow 127.0.0.1; | |
deny all; | |
} | |
location / { | |
include /etc/nginx/proxy_headers.conf; | |
proxy_pass http://nodeos; | |
proxy_http_version 1.1; | |
proxy_connect_timeout 15s; | |
proxy_next_upstream error timeout invalid_header http_500; | |
location ~* v1\/history\/get_(actions|controlled_accounts|key_accounts|transaction)$ { | |
include /etc/nginx/proxy_headers.conf; | |
proxy_cache_lock on; | |
proxy_cache_methods POST; | |
proxy_cache fullnodeos; | |
proxy_cache_key "$request_uri|$request_body"; | |
proxy_cache_valid 200 1s; | |
proxy_cache_use_stale updating; | |
proxy_pass http://fullnodeos; | |
} | |
location ~* v1\/chain\/get_(info|table_rows)$ { | |
include /etc/nginx/proxy_headers.conf; | |
proxy_cache_lock on; | |
proxy_cache_methods POST; | |
proxy_cache nodeos; | |
proxy_cache_key "$request_uri|$request_body"; | |
proxy_cache_valid 200 1s; | |
proxy_cache_use_stale updating; | |
proxy_pass http://nodeos; | |
} | |
} | |
#ssl_certificate /etc/letsencrypt/live/eos.greymass.com/fullchain.pem; # managed by Certbot | |
#ssl_certificate_key /etc/letsencrypt/live/eos.greymass.com/privkey.pem; # managed by Certbot | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
proxy_cache_path /ramdisk/nginx/core keys_zone=nodeos:1000m levels=1:2 inactive=600s max_size=100m; | |
proxy_cache_path /ramdisk/nginx/full keys_zone=fullnodeos:1000m levels=1:2 inactive=600s max_size=100m; | |
upstream nodeos { | |
server 127.0.0.1:8888 fail_timeout=15s; | |
server 18.231.174.29 backup; # api.eosrio.io | |
server 35.190.58.19 backup; # api.eosnewyork.io | |
} | |
upstream fullnodeos { | |
server 158.69.23.184 fail_timeout=15s; | |
server 18.231.174.29 backup; # api.eosrio.io | |
server 35.190.58.19 backup; # api.eosnewyork.io | |
} | |
log_format rt_cache '$remote_addr - $upstream_cache_status $upstream_addr [$time_local] ' | |
'"$request" $status $body_bytes_sent ' | |
'"$http_referer" "$http_user_agent"'; | |
log_format rt_mini '$remote_addr - $upstream_cache_status $upstream_addr [$time_local] ' | |
'"$request" $status $body_bytes_sent ' | |
'"$http_referer"'; | |
server { | |
listen 80; | |
#listen 443 ssl http2; | |
server_name _; | |
root /var/www/html/; | |
#access_log off; | |
#access_log /var/log/nginx/access.log; | |
#access_log /var/log/nginx/cache.log rt_cache; | |
#access_log /var/log/nginx/cache.log rt_mini; | |
keepalive_timeout 120; | |
keepalive_requests 100000; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
include /etc/nginx/proxy_headers.conf; | |
location ~ /.well-known { | |
allow all; | |
} | |
location /stub_status { | |
stub_status; | |
allow 127.0.0.1; | |
deny all; | |
} | |
location / { | |
include /etc/nginx/proxy_headers.conf; | |
proxy_pass http://nodeos; | |
proxy_http_version 1.1; | |
proxy_connect_timeout 15s; | |
proxy_next_upstream error timeout invalid_header http_500; | |
location ~* v1\/history\/get_(actions|controlled_accounts|key_accounts|transaction)$ { | |
include /etc/nginx/proxy_headers.conf; | |
proxy_cache_lock on; | |
proxy_cache_methods POST; | |
proxy_cache fullnodeos; | |
proxy_cache_key "$request_uri|$request_body"; | |
proxy_cache_valid 200 1s; | |
proxy_cache_use_stale updating; | |
proxy_pass http://fullnodeos; | |
} | |
location ~* v1\/chain\/get_(info|table_rows)$ { | |
include /etc/nginx/proxy_headers.conf; | |
proxy_cache_lock on; | |
proxy_cache_methods POST; | |
proxy_cache nodeos; | |
proxy_cache_key "$request_uri|$request_body"; | |
proxy_cache_valid 200 1s; | |
proxy_cache_use_stale updating; | |
proxy_pass http://nodeos; | |
} | |
} | |
#ssl_certificate /etc/letsencrypt/live/eos.greymass.com/fullchain.pem; # managed by Certbot | |
#ssl_certificate_key /etc/letsencrypt/live/eos.greymass.com/privkey.pem; # managed by Certbot | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
proxy_hide_header 'Access-Control-Allow-Origin'; | |
proxy_hide_header 'Access-Control-Allow-Headers'; | |
proxy_hide_header 'Via'; | |
add_header 'Access-Control-Allow-Origin' '*'; | |
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; | |
add_header 'Access-Control-Allow-Headers' 'X-Requested-With,Accept,Content-Type,Origin'; | |
add_header Host $host; | |
add_header Upgrade $http_upgrade; | |
add_header X-Cached $upstream_cache_status; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment