From 96e8f45e5b0d90081c0f42d3b5f467c93f8a6ec0 Mon Sep 17 00:00:00 2001 From: wiz Date: Tue, 28 Dec 2021 15:20:11 +0900 Subject: [PATCH] Add support for liquidtestnet in production backend and nginx --- production/electrs-start-liquidtestnet | 30 ++ production/mempool-config.liquidtestnet.json | 39 +++ production/mempool-frontend-config.json | 1 + production/mempool-install-all | 2 +- production/mempool-start-all | 2 +- production/mempool-update-assets | 7 +- production/nginx-liquid.conf | 167 +++++++++++ production/nginx.conf | 286 +++++++++++-------- 8 files changed, 412 insertions(+), 122 deletions(-) create mode 100644 production/electrs-start-liquidtestnet create mode 100644 production/mempool-config.liquidtestnet.json create mode 100644 production/nginx-liquid.conf diff --git a/production/electrs-start-liquidtestnet b/production/electrs-start-liquidtestnet new file mode 100644 index 000000000..771669e11 --- /dev/null +++ b/production/electrs-start-liquidtestnet @@ -0,0 +1,30 @@ +#!/usr/local/bin/zsh +cd "$HOME/electrs" +#source $HOME/.cargo/env +#export PATH=$HOME/.cargo/bin:$PATH + +until false +do + # patch code for FreeBSD + if grep XBS5 "$HOME/.cargo/registry/src/github.com-1ecc6299db9ec823/sysconf-0.3.4/src/raw.rs" ; then + grep -v XBS5 $HOME/.cargo/registry/src/github.com-1ecc6299db9ec823/sysconf-0.3.4/src/raw.rs > /tmp/foo && \ + mv /tmp/foo $HOME/.cargo/registry/src/github.com-1ecc6299db9ec823/sysconf-0.3.4/src/raw.rs + fi + + cargo run \ + --release \ + --features liquid \ + --bin electrs \ + -- \ + -vv \ + --asset-db-path "$HOME/asset_registry_testnet_db" \ + --address-search \ + --cors '*' \ + --db-dir /electrs \ + --network liquidtestnet \ + --daemon-dir $HOME \ + --http-addr '[::]:3004' \ + --cookie 'foo:bar' \ + --precache-scripts $HOME/electrs/contrib/popular-scripts.txt + sleep 1 +done diff --git a/production/mempool-config.liquidtestnet.json b/production/mempool-config.liquidtestnet.json new file mode 100644 index 000000000..17081a8ea --- /dev/null +++ b/production/mempool-config.liquidtestnet.json @@ -0,0 +1,39 @@ +{ + "MEMPOOL": { + "NETWORK": "liquid", + "BACKEND": "esplora", + "HTTP_PORT": 8994, + "MINED_BLOCKS_CACHE": 144, + "SPAWN_CLUSTER_PROCS": 0, + "API_URL_PREFIX": "/api/v1/", + "WEBSOCKET_REFRESH_RATE_MS": 2000 + }, + "SYSLOG" : { + "MIN_PRIORITY": "debug" + }, + "CORE_RPC": { + "PORT": 7040, + "USERNAME": "foo", + "PASSWORD": "bar" + }, + "SECOND_CORE_RPC": { + "PORT": 8332, + "USERNAME": "foo", + "PASSWORD": "bar" + }, + "ESPLORA": { + "REST_API_URL": "http://127.0.0.1:4004" + }, + "DATABASE": { + "ENABLED": true, + "HOST": "127.0.0.1", + "PORT": 3306, + "USERNAME": "mempool_liquidtestnet", + "PASSWORD": "mempool_liquidtestnet", + "DATABASE": "mempool_liquidtestnet" + }, + "STATISTICS": { + "ENABLED": true, + "TX_PER_SECOND_SAMPLE_PERIOD": 150 + } +} diff --git a/production/mempool-frontend-config.json b/production/mempool-frontend-config.json index 00f625b10..1a5849f52 100644 --- a/production/mempool-frontend-config.json +++ b/production/mempool-frontend-config.json @@ -1,6 +1,7 @@ { "TESTNET_ENABLED": true, "LIQUID_ENABLED": true, + "LIQUID_TESTNET_ENABLED": true, "BISQ_ENABLED": true, "BISQ_SEPARATE_BACKEND": true, "SIGNET_ENABLED": true, diff --git a/production/mempool-install-all b/production/mempool-install-all index f56d7fd95..9a143d9b3 100755 --- a/production/mempool-install-all +++ b/production/mempool-install-all @@ -1,7 +1,7 @@ #!/usr/local/bin/zsh export NVM_DIR="$HOME/.nvm" source "$NVM_DIR/nvm.sh" -for site in mainnet liquid testnet bisq signet +for site in mainnet liquid testnet bisq signet liquidtestnet do git clone https://github.com/mempool/mempool "${HOME}/${site}" mkdir -p "${HOME}/public_html/${site}/" diff --git a/production/mempool-start-all b/production/mempool-start-all index a6633f834..5d5199166 100755 --- a/production/mempool-start-all +++ b/production/mempool-start-all @@ -1,7 +1,7 @@ #!/usr/local/bin/zsh export NVM_DIR="$HOME/.nvm" source "$NVM_DIR/nvm.sh" -for site in mainnet liquid testnet bisq signet +for site in mainnet liquid testnet bisq signet liquidtestnet do cd "${HOME}/${site}/backend/" && \ screen -dmS "${site}" sh -c 'while true;do npm run start-production;sleep 1;done' diff --git a/production/mempool-update-assets b/production/mempool-update-assets index 04ef6faec..10debd09b 100755 --- a/production/mempool-update-assets +++ b/production/mempool-update-assets @@ -1,7 +1,10 @@ #!/usr/bin/env zsh set -e -wget -O /mempool/public_html/mainnet/resources/assets.json https://raw.githubusercontent.com/mempool/asset_registry_db/master/index.json -wget -O /mempool/public_html/mainnet/resources/assets.minimal.json https://raw.githubusercontent.com/mempool/asset_registry_db/master/index.minimal.json +wget -O /mempool/public_html/mainnet/resources/assets.json https://raw.githubusercontent.com/blockstream/asset_registry_db/master/index.json +wget -O /mempool/public_html/mainnet/resources/assets.minimal.json https://raw.githubusercontent.com/blockstream/asset_registry_db/master/index.minimal.json + +wget -O /mempool/public_html/mainnet/resources/assets.json https://raw.githubusercontent.com/blockstream/asset_registry_testnet_db/master/index.json +wget -O /mempool/public_html/mainnet/resources/assets.minimal.json https://raw.githubusercontent.com/blockstream/asset_registry_testnet_db/master/index.minimal.json exit 0 diff --git a/production/nginx-liquid.conf b/production/nginx-liquid.conf new file mode 100644 index 000000000..37451fdb7 --- /dev/null +++ b/production/nginx-liquid.conf @@ -0,0 +1,167 @@ +root /mempool/public_html/liquid/; + +index index.html; + +set $frameOptions "DENY"; +set $contentSecurityPolicy "frame-ancestors 'none'"; +if ($http_referer ~ ^https://mempool.space/) +{ + set $frameOptions "ALLOW-FROM https://mempool.space"; + set $contentSecurityPolicy "frame-ancestors https://mempool.space"; +} +if ($http_referer ~ ^https://mempool.ninja/) +{ + set $frameOptions "ALLOW-FROM https://mempool.ninja"; + set $contentSecurityPolicy "frame-ancestors https://mempool.ninja"; +} +if ($http_referer ~ ^https://wiz.biz/) +{ + set $frameOptions "ALLOW-FROM https://wiz.biz"; + set $contentSecurityPolicy "frame-ancestors https://wiz.biz"; +} + +add_header X-Frame-Options $frameOptions; +add_header Content-Security-Policy $contentSecurityPolicy; +add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri; +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + +# fallback for all URLs i.e. /address/foo /tx/foo /block/000 +location / { + try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect; + add_header Cache-Control "public, no-transform"; + add_header X-Frame-Options $frameOptions; + add_header Content-Security-Policy $contentSecurityPolicy; + add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + expires 10m; +} +location /resources { + try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect; + add_header Cache-Control "public, no-transform"; + add_header X-Frame-Options $frameOptions; + add_header Content-Security-Policy $contentSecurityPolicy; + add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + expires 1h; +} +location @index-redirect { + add_header Vary accept-language; + add_header X-Frame-Options $frameOptions; + add_header Content-Security-Policy $contentSecurityPolicy; + add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + rewrite (.*) /$lang/index.html; +} + +# location block using regex are matched in order + +# used to rewrite resources from // to /en-US/ +location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/resources/ { + rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1; +} +# used for cookie override +location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ { + try_files $uri $uri/ /$1/index.html =404; +} + +# static API docs +location = /api { + #return 302 https://mempool.space/$request_uri; + try_files $uri $uri/ /en-US/index.html =404; +} +location = /api/ { + #return 302 https://mempool.space/$request_uri; + try_files $uri $uri/ /en-US/index.html =404; +} +location = /liquid/api { + #return 302 https://mempool.space/$request_uri; + try_files $uri $uri/ /en-US/index.html =404; +} +location = /liquid/api/ { + #return 302 https://mempool.space/$request_uri; + try_files $uri $uri/ /en-US/index.html =404; +} +location = /testnet/api { + #return 302 https://mempool.space/$request_uri; + try_files $uri $uri/ /en-US/index.html =404; +} +location = /testnet/api/ { + #return 302 https://mempool.space/$request_uri; + try_files $uri $uri/ /en-US/index.html =404; +} + +# mainnet API +location /api/v1/contributors { + proxy_pass https://mempool.space; + proxy_hide_header onion-location; + proxy_hide_header strict-transport-security; + proxy_hide_header content-security-policy; + proxy_hide_header x-frame-options; +} +location /api/v1/donations { + proxy_pass https://mempool.space; + proxy_hide_header onion-location; + proxy_hide_header strict-transport-security; + proxy_hide_header content-security-policy; + proxy_hide_header x-frame-options; +} +location /api/v1/donations/images { + proxy_pass https://mempool.space; + proxy_cache services; + proxy_cache_valid 200 1d; + expires 7d; + add_header Cache-Control "public, no-transform"; + proxy_hide_header onion-location; + proxy_hide_header strict-transport-security; + proxy_hide_header content-security-policy; + proxy_hide_header x-frame-options; +} +location /api/v1/ws { + proxy_pass http://127.0.0.1:8998/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; +} +location /api/v1 { + proxy_pass http://127.0.0.1:8998/api/v1; +} +location /api/address { + proxy_pass http://electrs-liquid/address; +} +location /api/tx { + proxy_pass http://electrs-liquid/tx; +} +location /api/block { + proxy_pass http://electrs-liquid/block; +} +location /api/ { + proxy_pass http://electrs-liquid/; +} + +# liquid API +location /liquid/api/v1/ws { + proxy_pass http://127.0.0.1:8998/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; +} +location /liquid/api/v1 { + proxy_pass http://127.0.0.1:8998/api/v1; +} +location /liquid/api/ { + proxy_pass http://electrs-liquid/; +} + +# liquidtestnet API +location /liquidtestnet/api/v1/ws { + proxy_pass http://127.0.0.1:8994/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; +} +location /liquidtestnet/api/v1 { + proxy_pass http://127.0.0.1:8994/api/v1; +} +location /liquidtestnet/api/ { + proxy_pass http://electrs-liquidtestnet/; +} diff --git a/production/nginx.conf b/production/nginx.conf index 163f25135..7a00580dc 100644 --- a/production/nginx.conf +++ b/production/nginx.conf @@ -52,113 +52,106 @@ http { # proxy cache proxy_cache off; proxy_cache_path /var/cache/nginx/services keys_zone=services:20m levels=1:2 inactive=600s max_size=100m; + proxy_cache_path /var/cache/nginx/markets keys_zone=markets:20m levels=1:2 inactive=600s max_size=100m; proxy_cache_path /var/cache/nginx/mainnet keys_zone=mainnet:20m levels=1:2 inactive=600s max_size=100m; proxy_cache_path /var/cache/nginx/testnet keys_zone=testnet:20m levels=1:2 inactive=600s max_size=100m; proxy_cache_path /var/cache/nginx/liquid keys_zone=liquid:20m levels=1:2 inactive=600s max_size=100m; proxy_cache_path /var/cache/nginx/signet keys_zone=signet:20m levels=1:2 inactive=600s max_size=100m; types_hash_max_size 2048; - # exempt localhost from rate limit - geo $limited_ip { - default 1; - 127.0.0.1 0; - 103.99.170.201 0; - 103.99.170.202 0; - 2401:b140:1::92:201 0; - 2401:b140:1::92:202 0; - } - map $limited_ip $limited_ip_key { - 1 $binary_remote_addr; - 0 ''; - } - - # rate limit requests - limit_req_zone $limited_ip_key zone=api:10m rate=200r/m; - limit_req_zone $limited_ip_key zone=electrs-address:10m rate=100r/m; - limit_req_zone $limited_ip_key zone=electrs-block:10m rate=200r/m; - limit_req_zone $limited_ip_key zone=electrs-tx:10m rate=2000r/m; - limit_req_zone $limited_ip_key zone=electrs:10m rate=2000r/m; - limit_req_status 429; - - # rate limit connections - limit_conn_zone $limited_ip_key zone=websocket:10m; - limit_conn_status 429; - map $http_accept_language $header_lang { default en-US; ~*^en-US en-US; ~*^en en-US; - ~*^ar ar; - ~*^ca ca; - ~*^cs cs; - ~*^de de; - ~*^es es; - ~*^fa fa; - ~*^fr fr; - ~*^ko ko; - ~*^it it; - ~*^he he; - ~*^ka ka; - ~*^hu hu; - ~*^mk mk; - ~*^nl nl; - ~*^ja ja; - ~*^nb nb; - ~*^pl pl; - ~*^pt pt; - ~*^ro ro; - ~*^ru ru; - ~*^sl sl; - ~*^fi fi; - ~*^sv sv; - ~*^th th; - ~*^tr tr; - ~*^uk uk; - ~*^vi vi; - ~*^zh zh; - ~*^hi hi; + ~*^ar ar; + ~*^cs cs; + ~*^de de; + ~*^es es; + ~*^fa fa; + ~*^fr fr; + ~*^ko ko; + ~*^hi hi; + ~*^it it; + ~*^ka ka; + ~*^hu hu; + ~*^nl nl; + ~*^ja ja; + ~*^nb nb; + ~*^pl pl; + ~*^pt pt; + ~*^sl sl; + ~*^fi fi; + ~*^sv sv; + ~*^tr tr; + ~*^uk uk; + ~*^vi vi; + ~*^zh zh; } map $cookie_lang $lang { default $header_lang; ~*^en-US en-US; ~*^en en-US; - ~*^ar ar; - ~*^ca ca; - ~*^cs cs; - ~*^de de; - ~*^es es; - ~*^fa fa; - ~*^fr fr; - ~*^ko ko; - ~*^it it; - ~*^he he; - ~*^ka ka; - ~*^hu hu; - ~*^mk mk; - ~*^nl nl; - ~*^ja ja; - ~*^nb nb; - ~*^pl pl; - ~*^pt pt; - ~*^ro ro; - ~*^ru ru; - ~*^sl sl; - ~*^fi fi; - ~*^sv sv; - ~*^th th; - ~*^tr tr; - ~*^uk uk; - ~*^vi vi; - ~*^zh zh; - ~*^hi hi; + ~*^ar ar; + ~*^cs cs; + ~*^de de; + ~*^es es; + ~*^fa fa; + ~*^fr fr; + ~*^hi hi; + ~*^it it; + ~*^ka ka; + ~*^hu hu; + ~*^ja ja; + ~*^ko ko; + ~*^nb nb; + ~*^nl nl; + ~*^pl pl; + ~*^pt pt; + ~*^sl sl; + ~*^fi fi; + ~*^sv sv; + ~*^tr tr; + ~*^uk uk; + ~*^vi vi; + ~*^zh zh; + } + + server { + listen 80; + listen [::]:80; + server_name node206.mempool.space mempool.space mempool.ninja bisq.markets liquid.network; + + if ($host = mempool.space) + { + return 301 https://$host$request_uri; + } + if ($host = mempool.ninja) + { + return 301 https://$host$request_uri; + } + if ($host = bisq.markets) + { + return 301 https://$host$request_uri; + } + if ($host = liquid.network) + { + return 301 https://$host$request_uri; + } + if ($host = node206.mempool.space) + { + return 301 https://$host$request_uri; + } + return 503; } upstream electrs-mainnet { - server [2401:b140:1::92:201]:3000 weight=999 fail_timeout=10s max_fails=10; - server [2401:b140:1::92:202]:3000 weight=1 fail_timeout=10s max_fails=10; - server [2401:b140:1::100:220]:3000 backup; - server [2401:b140:1::100:210]:3000 backup; + server [2401:b140:1::92:201]:3000 backup; + server [2401:b140:1::92:202]:3000 backup; + server [2401:b140:1::92:203]:3000 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:204]:3000 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:205]:3000 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:206]:3000 weight=9999 fail_timeout=10s max_fails=10; } server { listen 127.0.0.1:4000; @@ -169,10 +162,12 @@ http { } upstream electrs-liquid { - server [2401:b140:1::92:201]:3001 weight=999 fail_timeout=10s max_fails=10; - server [2401:b140:1::92:202]:3001 weight=1 fail_timeout=10s max_fails=10; - server [2401:b140:1::100:220]:3001 backup; - server [2401:b140:1::100:210]:3001 backup; + server [2401:b140:1::92:201]:3001 backup; + server [2401:b140:1::92:202]:3001 backup; + server [2401:b140:1::92:203]:3001 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:204]:3001 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:205]:3001 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:206]:3001 weight=9999 fail_timeout=10s max_fails=10; } server { listen 127.0.0.1:4001; @@ -183,10 +178,12 @@ http { } upstream electrs-testnet { - server [2401:b140:1::92:201]:3002 weight=999 fail_timeout=10s max_fails=10; - server [2401:b140:1::92:202]:3002 weight=1 fail_timeout=10s max_fails=10; - server [2401:b140:1::100:220]:3002 backup; - server [2401:b140:1::100:210]:3002 backup; + server [2401:b140:1::92:201]:3002 backup; + server [2401:b140:1::92:202]:3002 backup; + server [2401:b140:1::92:203]:3002 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:204]:3002 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:205]:3002 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:206]:3002 weight=9999 fail_timeout=10s max_fails=10; } server { listen 127.0.0.1:4002; @@ -197,9 +194,12 @@ http { } upstream electrs-signet { - server [2401:b140:1::92:201]:3003 weight=999 fail_timeout=10s max_fails=10; - server [2401:b140:1::92:202]:3003 weight=1 fail_timeout=10s max_fails=10; - server [2401:b140:1::100:220]:3003 backup; + server [2401:b140:1::92:201]:3003 backup; + server [2401:b140:1::92:202]:3003 backup; + server [2401:b140:1::92:203]:3003 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:204]:3003 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:205]:3003 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:206]:3003 weight=9999 fail_timeout=10s max_fails=10; } server { listen 127.0.0.1:4003; @@ -209,27 +209,64 @@ http { } } + upstream electrs-liquidtestnet { + server [2401:b140:1::92:201]:3004 backup; + server [2401:b140:1::92:202]:3004 backup; + server [2401:b140:1::92:203]:3004 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:204]:3004 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:205]:3004 weight=1 fail_timeout=10s max_fails=10; + server [2401:b140:1::92:206]:3004 weight=9999 fail_timeout=10s max_fails=10; + } server { - listen 80; - server_name mempool.space node100.mempool.space; - if ($host = mempool.space) - { - return 301 https://$host$request_uri; + listen 127.0.0.1:4004; + access_log /dev/null; + location / { + proxy_pass http://electrs-liquidtestnet; } - if ($host = node100.mempool.space) - { - return 301 https://$host$request_uri; - } - return 503; } server { listen 127.0.0.1:80; listen 443 ssl http2; listen [::]:443 ssl http2; - server_name node100.mempool.space; - ssl_certificate /usr/local/etc/letsencrypt/live/node100.mempool.space/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/node100.mempool.space/privkey.pem; + server_name mempool.space node206.mempool.space; + + include /usr/local/etc/nginx/ssl/mempool.conf; + include /usr/local/etc/nginx/nginx-mempool.conf; + access_log /var/log/nginx/mempool-access.log; + error_log /var/log/nginx/mempool-error.log; + } + + server { + listen 127.0.0.1:80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name liquid.network; + include /usr/local/etc/nginx/ssl/mempool.conf; + include /usr/local/etc/nginx/nginx-liquid.conf; + access_log /var/log/nginx/liquid-access.log; + error_log /var/log/nginx/liquid-error.log; + } + + server { + listen 127.0.0.1:80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name bisq.markets; + include /usr/local/etc/nginx/ssl/mempool.conf; + include /usr/local/etc/nginx/nginx-bisq.conf; + access_log /var/log/nginx/bisq-access.log; + error_log /var/log/nginx/bisq-error.log; + + } + + server { + listen 127.0.0.1:80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name mempool.ninja; + ssl_certificate /usr/local/etc/letsencrypt/live/mempool.ninja/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/mempool.ninja/privkey.pem; include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; @@ -238,14 +275,27 @@ http { server { listen 127.0.0.1:80; - listen 443 ssl default http2 backlog=1024; - listen [::]:443 ssl default http2 backlog=1024; - server_name mempool.space; - ssl_certificate /usr/local/etc/letsencrypt/live/mempool.space/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/mempool.space/privkey.pem; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name liquid.place; + ssl_certificate /usr/local/etc/letsencrypt/live/liquid.place/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/liquid.place/privkey.pem; include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; - include /usr/local/etc/nginx/nginx-mempool.conf; + include /usr/local/etc/nginx/nginx-liquid.conf; + } + + server { + listen 127.0.0.1:80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name bisq.ninja; + ssl_certificate /usr/local/etc/letsencrypt/live/bisq.ninja/fullchain.pem; + ssl_certificate_key /usr/local/etc/letsencrypt/live/bisq.ninja/privkey.pem; + include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; + + include /usr/local/etc/nginx/nginx-bisq.conf; } }