Created
April 16, 2020 20:52
-
-
Save nuriel77/12fd2c4fc90e03d9da11fcf6a3667018 to your computer and use it in GitHub Desktop.
hornet nginx configs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream hornet_dashboard { | |
| server 127.0.0.1:8087; | |
| } | |
| # Rate limit requestsi | |
| limit_req_zone $binary_remote_addr zone=hornet_dashboard:2m rate=10r/s; | |
| server { | |
| limit_req zone=hornet_dashboard burst=25; | |
| listen 8081 default_server ssl http2; | |
| server_name _; | |
| server_tokens off; | |
| # Redirect same port from http to https | |
| # This directive is only used when using any | |
| # port other than 80 | |
| error_page 497 https://$host:$server_port$request_uri; | |
| # Here you would include the SSL directives | |
| # or include a file containing the SSL directives | |
| include /etc/nginx/conf.d/ssl.cfg; | |
| # For password authentication use a htpasswd file | |
| auth_basic "Restricted"; | |
| auth_basic_user_file /etc/nginx/.htpasswd; | |
| location /ws { | |
| proxy_pass http://hornet_dashboard/ws; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| proxy_read_timeout 86400; | |
| } | |
| location / { | |
| proxy_pass http://hornet_dashboard; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssl_certificate /etc/ssl/certs/fullnode.crt; | |
| ssl_certificate_key /etc/ssl/private/fullnode.key; | |
| ssl_protocols TLSv1.2; | |
| # If you choose to add dhparam, run this command and | |
| # remove # from the line beginning with `ssl_dhparam`: | |
| # `cd /etc/ssl/private && openssl dhparam -out dhparam.pem 4096` | |
| #ssl_dhparam /etc/ssl/private/dhparam.pem; | |
| ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL'; | |
| ssl_session_timeout 1d; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_ecdh_curve secp384r1; | |
| resolver 8.8.8.8 8.8.4.4 valid=300s; | |
| resolver_timeout 10s; | |
| ssl_stapling off; | |
| ssl_stapling_verify off; | |
| #ssl_trusted_certificate dummy_ssl_bundle.crt; | |
| add_header Strict-Transport-Security max-age=15768000; | |
| add_header X-Frame-Options DENY; | |
| add_header X-Content-Type-Options nosniff; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream tanglemonitor { | |
| server 127.0.0.1:14434; | |
| } | |
| # Rate limit requestsi | |
| limit_req_zone $binary_remote_addr zone=tanglemonitor:2m rate=50r/s; | |
| map $http_upgrade $connection_upgrade { | |
| default upgrade; | |
| '' close; | |
| } | |
| server { | |
| limit_req zone=tanglemonitor burst=2500; | |
| listen 4434 default_server ssl http2; | |
| server_name _; | |
| server_tokens off; | |
| # Redirect same port from http to https | |
| # This directive is only used when using any | |
| # port other than 80 | |
| error_page 497 https://$host:$server_port$request_uri; | |
| # Here you would include the SSL directives | |
| # or include a file containing the SSL directives | |
| include /etc/nginx/conf.d/ssl.cfg; | |
| # For password authentication use a htpasswd file | |
| auth_basic "Restricted"; | |
| auth_basic_user_file /etc/nginx/.htpasswd; | |
| location / { | |
| proxy_pass http://tanglemonitor; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection $connection_upgrade; | |
| proxy_set_header Connection keep-alive; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Host $remote_addr; | |
| proxy_cache_bypass $http_upgrade; | |
| proxy_read_timeout 86400; | |
| add_header Referrer-Policy "same-origin" always; | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; | |
| } | |
| } | |
| upstream tanglemonitor_api { | |
| server 127.0.0.1:14433; | |
| } | |
| server { | |
| limit_req zone=tanglemonitor burst=25; | |
| listen 4433 default_server ssl http2; | |
| server_name _; | |
| server_tokens off; | |
| # Redirect same port from http to https | |
| # This directive is only used when using any | |
| # port other than 80 | |
| error_page 497 https://$host:$server_port$request_uri; | |
| # Here you would include the SSL directives | |
| # or include a file containing the SSL directives | |
| include /etc/nginx/conf.d/ssl.cfg; | |
| # For password authentication use a htpasswd file | |
| # FIXME: Would have to tell user to open & login | |
| # to the API too, else the above frontend cannot | |
| # access it. Alternative is setting IP whitelist | |
| #auth_basic "Restricted"; | |
| #auth_basic_user_file /etc/nginx/.htpasswd; | |
| location / { | |
| proxy_pass http://tanglemonitor_api; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream tanglevisualiser { | |
| server 127.0.0.1:18083; | |
| } | |
| # Rate limit requestsi | |
| limit_req_zone $binary_remote_addr zone=tanglevisualiser:2m rate=10r/s; | |
| server { | |
| limit_req zone=tanglevisualiser burst=25; | |
| listen 8083 default_server ssl http2; | |
| server_name _; | |
| server_tokens off; | |
| # Redirect same port from http to https | |
| # This directive is only used when using any | |
| # port other than 80 | |
| error_page 497 https://$host:$server_port$request_uri; | |
| # Here you would include the SSL directives | |
| # or include a file containing the SSL directives | |
| include /etc/nginx/conf.d/ssl.cfg; | |
| # For password authentication use a htpasswd file | |
| auth_basic "Restricted"; | |
| auth_basic_user_file /etc/nginx/.htpasswd; | |
| location / { | |
| proxy_pass http://tanglevisualiser; | |
| } | |
| location /ws { | |
| proxy_pass http://tanglevisualiser; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-Proto https; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-Host $remote_addr; | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | |
| proxy_read_timeout 86400; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment