everstake/solana_api.conf

## solana_api.conf
#Nginx config used for api.solana-tds.everstake.one


# Tune timeouts for proxy
proxy_buffering off;
proxy_connect_timeout  360s;
proxy_send_timeout     360s;
proxy_read_timeout     700s;

proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_next_upstream_timeout 200s;
proxy_next_upstream_tries 5;

# Define zones for limiting
limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
limit_req_zone $binary_remote_addr zone=req_limit:10m rate=10r/s;


# Extensive log format used with Nginx Amplify, handy for analysis
log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
					  '$status $body_bytes_sent "$http_referer" '
					  '"$http_user_agent" "$http_x_forwarded_for" '
					  '"$host" sn="$server_name" '
					  'rt=$request_time '
					  'ua="$upstream_addr" us="$upstream_status" '
					  'ut="$upstream_response_time" ul="$upstream_response_length" '
					  'cs=$upstream_cache_status' ;


# Load balancing, fault tolerance
upstream solana-proxy {
	server 127.0.0.1:10899 weight=3 max_conns=1000 max_fails=1000 fail_timeout=360s;
	# server solana_node1 .....
	# server solana_node2 .....
	# server solana_node3 .....
}

server {
	listen 8899;
	server_name api.solana-tds.everstake.one;

	# Enable logging, set log format
	access_log /var/log/nginx/access.log main_ext;
	error_log /var/log/nginx/error.log warn;

	# Disable favicon and robots error messages
	location ~ ^/(favicon.ico|robots.txt) {
		log_not_found off;
	}

	# Simple self-monitoring - connection statistics
	location = /status {
		stub_status;
		access_log off;
		allow 127.0.0.0/24;
		deny all;
	}


	# Allowed requests we want to forward to upstream
	location  / {

		# Configure basic authentification
		#auth_basic "SOLANA RPC API";
		#auth_basic_user_file /etc/nginx/.htpasswd;

		# IP's restriction
		#allow x.x.x.x/32;
		#allow y.y.y.y/32;
		#deny all;

		proxy_pass http://solana-proxy;
	}


	# Forbidden requests
	location ~ ^/(errors|network|workers) {
		return 403;
	}

	# Forbiddent IP's
	location ~ ^/forbidden {
		allow 127.0.0.0/24;
		#allow x.x.x.x/32;
		#allow y.y.y.y/32;
		deny all;
	}


	location ~ /(snapshot.tar.bz2|genesis.tar.bz2|other-rate-limited.bin) {
		limit_req zone=req_limit;
		limit_conn conn_limit 10;
		limit_rate 1m;
		limit_rate_after 20m;
		limit_req_status 429;

		proxy_pass http://solana-proxy;
	}
}


# Proper headers mapping for websocket endpoint
map $http_upgrade $connection_upgrade {
		default upgrade;
		'' close;
}

upstream solana-proxy-ws {
    server 127.0.0.1:10900 weight=3 max_conns=1000 max_fails=1000 fail_timeout=360s;
}


server {
	listen 8900;
	server_name api.solana-tds.everstake.one;

	access_log /var/log/nginx/access_ws.log main_ext;
	error_log /var/log/nginx/error_ws.log warn;

	# This location is a catch-all regexp used to disable logging
	location ~* .* {
		return 400;
		log_not_found off;
	}

	# Exact location for websocket
	location = / {

		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		proxy_set_header Host $host;

		proxy_pass http://solana-proxy-ws;
	}
}


###### HTTP to HTTPS redirect
# server {
# 	listen 80;
# 	server_name api.solana-tds.everstake.one;
# 	return 301 https://api.solana-tds.everstake.one$request_uri;
# }

# server {

# 	listen 443 ssl;
# 	server_name api.solana-tds.everstake.one;
#	ssl_certificate /etc/nginx/certs/solana_api.crt;
#	ssl_certificate_key /etc/nginx/certs/solana_api.key;
# 	ssl on;
# 	...
#	...
#	proxy_pass http://solana-proxy;
# }
######
	#Nginx config used for api.solana-tds.everstake.one


	# Tune timeouts for proxy
	proxy_buffering off;
	proxy_connect_timeout 360s;
	proxy_send_timeout 360s;
	proxy_read_timeout 700s;

	proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
	proxy_next_upstream_timeout 200s;
	proxy_next_upstream_tries 5;

	# Define zones for limiting
	limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
	limit_req_zone $binary_remote_addr zone=req_limit:10m rate=10r/s;


	# Extensive log format used with Nginx Amplify, handy for analysis
	log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for" '
	'"$host" sn="$server_name" '
	'rt=$request_time '
	'ua="$upstream_addr" us="$upstream_status" '
	'ut="$upstream_response_time" ul="$upstream_response_length" '
	'cs=$upstream_cache_status' ;


	# Load balancing, fault tolerance
	upstream solana-proxy {
	server 127.0.0.1:10899 weight=3 max_conns=1000 max_fails=1000 fail_timeout=360s;
	# server solana_node1 .....
	# server solana_node2 .....
	# server solana_node3 .....
	}

	server {
	listen 8899;
	server_name api.solana-tds.everstake.one;

	# Enable logging, set log format
	access_log /var/log/nginx/access.log main_ext;
	error_log /var/log/nginx/error.log warn;

	# Disable favicon and robots error messages
	location ~ ^/(favicon.ico\|robots.txt) {
	log_not_found off;
	}

	# Simple self-monitoring - connection statistics
	location = /status {
	stub_status;
	access_log off;
	allow 127.0.0.0/24;
	deny all;
	}


	# Allowed requests we want to forward to upstream
	location / {

	# Configure basic authentification
	#auth_basic "SOLANA RPC API";
	#auth_basic_user_file /etc/nginx/.htpasswd;

	# IP's restriction
	#allow x.x.x.x/32;
	#allow y.y.y.y/32;
	#deny all;

	proxy_pass http://solana-proxy;
	}


	# Forbidden requests
	location ~ ^/(errors\|network\|workers) {
	return 403;
	}

	# Forbiddent IP's
	location ~ ^/forbidden {
	allow 127.0.0.0/24;
	#allow x.x.x.x/32;
	#allow y.y.y.y/32;
	deny all;
	}


	location ~ /(snapshot.tar.bz2\|genesis.tar.bz2\|other-rate-limited.bin) {
	limit_req zone=req_limit;
	limit_conn conn_limit 10;
	limit_rate 1m;
	limit_rate_after 20m;
	limit_req_status 429;

	proxy_pass http://solana-proxy;
	}
	}






	# Proper headers mapping for websocket endpoint
	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	upstream solana-proxy-ws {
	server 127.0.0.1:10900 weight=3 max_conns=1000 max_fails=1000 fail_timeout=360s;
	}


	server {
	listen 8900;
	server_name api.solana-tds.everstake.one;

	access_log /var/log/nginx/access_ws.log main_ext;
	error_log /var/log/nginx/error_ws.log warn;

	# This location is a catch-all regexp used to disable logging
	location ~* .* {
	return 400;
	log_not_found off;
	}

	# Exact location for websocket
	location = / {

	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_set_header Host $host;

	proxy_pass http://solana-proxy-ws;
	}
	}











	###### HTTP to HTTPS redirect
	# server {
	# listen 80;
	# server_name api.solana-tds.everstake.one;
	# return 301 https://api.solana-tds.everstake.one$request_uri;
	# }

	# server {

	# listen 443 ssl;
	# server_name api.solana-tds.everstake.one;
	# ssl_certificate /etc/nginx/certs/solana_api.crt;
	# ssl_certificate_key /etc/nginx/certs/solana_api.key;
	# ssl on;
	# ...
	# ...
	# proxy_pass http://solana-proxy;
	# }
	######