Add support for liquidtestnet in production backend and nginx

This commit is contained in:
wiz 2021-12-28 15:20:11 +09:00
parent 5d360d4156
commit 96e8f45e5b
No known key found for this signature in database
GPG Key ID: A394E332255A6173
8 changed files with 412 additions and 122 deletions

View File

@ -0,0 +1,30 @@
#!/usr/local/bin/zsh
cd "$HOME/electrs"
#source $HOME/.cargo/env
#export PATH=$HOME/.cargo/bin:$PATH
until false
do
# patch code for FreeBSD
if grep XBS5 "$HOME/.cargo/registry/src/github.com-1ecc6299db9ec823/sysconf-0.3.4/src/raw.rs" ; then
grep -v XBS5 $HOME/.cargo/registry/src/github.com-1ecc6299db9ec823/sysconf-0.3.4/src/raw.rs > /tmp/foo && \
mv /tmp/foo $HOME/.cargo/registry/src/github.com-1ecc6299db9ec823/sysconf-0.3.4/src/raw.rs
fi
cargo run \
--release \
--features liquid \
--bin electrs \
-- \
-vv \
--asset-db-path "$HOME/asset_registry_testnet_db" \
--address-search \
--cors '*' \
--db-dir /electrs \
--network liquidtestnet \
--daemon-dir $HOME \
--http-addr '[::]:3004' \
--cookie 'foo:bar' \
--precache-scripts $HOME/electrs/contrib/popular-scripts.txt
sleep 1
done

View File

@ -0,0 +1,39 @@
{
"MEMPOOL": {
"NETWORK": "liquid",
"BACKEND": "esplora",
"HTTP_PORT": 8994,
"MINED_BLOCKS_CACHE": 144,
"SPAWN_CLUSTER_PROCS": 0,
"API_URL_PREFIX": "/api/v1/",
"WEBSOCKET_REFRESH_RATE_MS": 2000
},
"SYSLOG" : {
"MIN_PRIORITY": "debug"
},
"CORE_RPC": {
"PORT": 7040,
"USERNAME": "foo",
"PASSWORD": "bar"
},
"SECOND_CORE_RPC": {
"PORT": 8332,
"USERNAME": "foo",
"PASSWORD": "bar"
},
"ESPLORA": {
"REST_API_URL": "http://127.0.0.1:4004"
},
"DATABASE": {
"ENABLED": true,
"HOST": "127.0.0.1",
"PORT": 3306,
"USERNAME": "mempool_liquidtestnet",
"PASSWORD": "mempool_liquidtestnet",
"DATABASE": "mempool_liquidtestnet"
},
"STATISTICS": {
"ENABLED": true,
"TX_PER_SECOND_SAMPLE_PERIOD": 150
}
}

View File

@ -1,6 +1,7 @@
{
"TESTNET_ENABLED": true,
"LIQUID_ENABLED": true,
"LIQUID_TESTNET_ENABLED": true,
"BISQ_ENABLED": true,
"BISQ_SEPARATE_BACKEND": true,
"SIGNET_ENABLED": true,

View File

@ -1,7 +1,7 @@
#!/usr/local/bin/zsh
export NVM_DIR="$HOME/.nvm"
source "$NVM_DIR/nvm.sh"
for site in mainnet liquid testnet bisq signet
for site in mainnet liquid testnet bisq signet liquidtestnet
do
git clone https://github.com/mempool/mempool "${HOME}/${site}"
mkdir -p "${HOME}/public_html/${site}/"

View File

@ -1,7 +1,7 @@
#!/usr/local/bin/zsh
export NVM_DIR="$HOME/.nvm"
source "$NVM_DIR/nvm.sh"
for site in mainnet liquid testnet bisq signet
for site in mainnet liquid testnet bisq signet liquidtestnet
do
cd "${HOME}/${site}/backend/" && \
screen -dmS "${site}" sh -c 'while true;do npm run start-production;sleep 1;done'

View File

@ -1,7 +1,10 @@
#!/usr/bin/env zsh
set -e
wget -O /mempool/public_html/mainnet/resources/assets.json https://raw.githubusercontent.com/mempool/asset_registry_db/master/index.json
wget -O /mempool/public_html/mainnet/resources/assets.minimal.json https://raw.githubusercontent.com/mempool/asset_registry_db/master/index.minimal.json
wget -O /mempool/public_html/mainnet/resources/assets.json https://raw.githubusercontent.com/blockstream/asset_registry_db/master/index.json
wget -O /mempool/public_html/mainnet/resources/assets.minimal.json https://raw.githubusercontent.com/blockstream/asset_registry_db/master/index.minimal.json
wget -O /mempool/public_html/mainnet/resources/assets.json https://raw.githubusercontent.com/blockstream/asset_registry_testnet_db/master/index.json
wget -O /mempool/public_html/mainnet/resources/assets.minimal.json https://raw.githubusercontent.com/blockstream/asset_registry_testnet_db/master/index.minimal.json
exit 0

View File

@ -0,0 +1,167 @@
root /mempool/public_html/liquid/;
index index.html;
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
if ($http_referer ~ ^https://mempool.space/)
{
set $frameOptions "ALLOW-FROM https://mempool.space";
set $contentSecurityPolicy "frame-ancestors https://mempool.space";
}
if ($http_referer ~ ^https://mempool.ninja/)
{
set $frameOptions "ALLOW-FROM https://mempool.ninja";
set $contentSecurityPolicy "frame-ancestors https://mempool.ninja";
}
if ($http_referer ~ ^https://wiz.biz/)
{
set $frameOptions "ALLOW-FROM https://wiz.biz";
set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
}
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# fallback for all URLs i.e. /address/foo /tx/foo /block/000
location / {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
add_header Cache-Control "public, no-transform";
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
expires 10m;
}
location /resources {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
add_header Cache-Control "public, no-transform";
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
expires 1h;
}
location @index-redirect {
add_header Vary accept-language;
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
rewrite (.*) /$lang/index.html;
}
# location block using regex are matched in order
# used to rewrite resources from /<lang>/ to /en-US/
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/resources/ {
rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1;
}
# used for cookie override
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ {
try_files $uri $uri/ /$1/index.html =404;
}
# static API docs
location = /api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /liquid/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /liquid/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /testnet/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /testnet/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
# mainnet API
location /api/v1/contributors {
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/donations {
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/donations/images {
proxy_pass https://mempool.space;
proxy_cache services;
proxy_cache_valid 200 1d;
expires 7d;
add_header Cache-Control "public, no-transform";
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/ws {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api/v1 {
proxy_pass http://127.0.0.1:8998/api/v1;
}
location /api/address {
proxy_pass http://electrs-liquid/address;
}
location /api/tx {
proxy_pass http://electrs-liquid/tx;
}
location /api/block {
proxy_pass http://electrs-liquid/block;
}
location /api/ {
proxy_pass http://electrs-liquid/;
}
# liquid API
location /liquid/api/v1/ws {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquid/api/v1 {
proxy_pass http://127.0.0.1:8998/api/v1;
}
location /liquid/api/ {
proxy_pass http://electrs-liquid/;
}
# liquidtestnet API
location /liquidtestnet/api/v1/ws {
proxy_pass http://127.0.0.1:8994/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquidtestnet/api/v1 {
proxy_pass http://127.0.0.1:8994/api/v1;
}
location /liquidtestnet/api/ {
proxy_pass http://electrs-liquidtestnet/;
}

View File

@ -52,113 +52,106 @@ http {
# proxy cache
proxy_cache off;
proxy_cache_path /var/cache/nginx/services keys_zone=services:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/markets keys_zone=markets:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/mainnet keys_zone=mainnet:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/testnet keys_zone=testnet:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/liquid keys_zone=liquid:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/signet keys_zone=signet:20m levels=1:2 inactive=600s max_size=100m;
types_hash_max_size 2048;
# exempt localhost from rate limit
geo $limited_ip {
default 1;
127.0.0.1 0;
103.99.170.201 0;
103.99.170.202 0;
2401:b140:1::92:201 0;
2401:b140:1::92:202 0;
}
map $limited_ip $limited_ip_key {
1 $binary_remote_addr;
0 '';
}
# rate limit requests
limit_req_zone $limited_ip_key zone=api:10m rate=200r/m;
limit_req_zone $limited_ip_key zone=electrs-address:10m rate=100r/m;
limit_req_zone $limited_ip_key zone=electrs-block:10m rate=200r/m;
limit_req_zone $limited_ip_key zone=electrs-tx:10m rate=2000r/m;
limit_req_zone $limited_ip_key zone=electrs:10m rate=2000r/m;
limit_req_status 429;
# rate limit connections
limit_conn_zone $limited_ip_key zone=websocket:10m;
limit_conn_status 429;
map $http_accept_language $header_lang {
default en-US;
~*^en-US en-US;
~*^en en-US;
~*^ar ar;
~*^ca ca;
~*^cs cs;
~*^de de;
~*^es es;
~*^fa fa;
~*^fr fr;
~*^ko ko;
~*^it it;
~*^he he;
~*^ka ka;
~*^hu hu;
~*^mk mk;
~*^nl nl;
~*^ja ja;
~*^nb nb;
~*^pl pl;
~*^pt pt;
~*^ro ro;
~*^ru ru;
~*^sl sl;
~*^fi fi;
~*^sv sv;
~*^th th;
~*^tr tr;
~*^uk uk;
~*^vi vi;
~*^zh zh;
~*^hi hi;
~*^ar ar;
~*^cs cs;
~*^de de;
~*^es es;
~*^fa fa;
~*^fr fr;
~*^ko ko;
~*^hi hi;
~*^it it;
~*^ka ka;
~*^hu hu;
~*^nl nl;
~*^ja ja;
~*^nb nb;
~*^pl pl;
~*^pt pt;
~*^sl sl;
~*^fi fi;
~*^sv sv;
~*^tr tr;
~*^uk uk;
~*^vi vi;
~*^zh zh;
}
map $cookie_lang $lang {
default $header_lang;
~*^en-US en-US;
~*^en en-US;
~*^ar ar;
~*^ca ca;
~*^cs cs;
~*^de de;
~*^es es;
~*^fa fa;
~*^fr fr;
~*^ko ko;
~*^it it;
~*^he he;
~*^ka ka;
~*^hu hu;
~*^mk mk;
~*^nl nl;
~*^ja ja;
~*^nb nb;
~*^pl pl;
~*^pt pt;
~*^ro ro;
~*^ru ru;
~*^sl sl;
~*^fi fi;
~*^sv sv;
~*^th th;
~*^tr tr;
~*^uk uk;
~*^vi vi;
~*^zh zh;
~*^hi hi;
~*^ar ar;
~*^cs cs;
~*^de de;
~*^es es;
~*^fa fa;
~*^fr fr;
~*^hi hi;
~*^it it;
~*^ka ka;
~*^hu hu;
~*^ja ja;
~*^ko ko;
~*^nb nb;
~*^nl nl;
~*^pl pl;
~*^pt pt;
~*^sl sl;
~*^fi fi;
~*^sv sv;
~*^tr tr;
~*^uk uk;
~*^vi vi;
~*^zh zh;
}
server {
listen 80;
listen [::]:80;
server_name node206.mempool.space mempool.space mempool.ninja bisq.markets liquid.network;
if ($host = mempool.space)
{
return 301 https://$host$request_uri;
}
if ($host = mempool.ninja)
{
return 301 https://$host$request_uri;
}
if ($host = bisq.markets)
{
return 301 https://$host$request_uri;
}
if ($host = liquid.network)
{
return 301 https://$host$request_uri;
}
if ($host = node206.mempool.space)
{
return 301 https://$host$request_uri;
}
return 503;
}
upstream electrs-mainnet {
server [2401:b140:1::92:201]:3000 weight=999 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:202]:3000 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::100:220]:3000 backup;
server [2401:b140:1::100:210]:3000 backup;
server [2401:b140:1::92:201]:3000 backup;
server [2401:b140:1::92:202]:3000 backup;
server [2401:b140:1::92:203]:3000 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3000 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3000 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3000 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4000;
@ -169,10 +162,12 @@ http {
}
upstream electrs-liquid {
server [2401:b140:1::92:201]:3001 weight=999 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:202]:3001 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::100:220]:3001 backup;
server [2401:b140:1::100:210]:3001 backup;
server [2401:b140:1::92:201]:3001 backup;
server [2401:b140:1::92:202]:3001 backup;
server [2401:b140:1::92:203]:3001 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3001 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3001 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3001 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4001;
@ -183,10 +178,12 @@ http {
}
upstream electrs-testnet {
server [2401:b140:1::92:201]:3002 weight=999 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:202]:3002 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::100:220]:3002 backup;
server [2401:b140:1::100:210]:3002 backup;
server [2401:b140:1::92:201]:3002 backup;
server [2401:b140:1::92:202]:3002 backup;
server [2401:b140:1::92:203]:3002 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3002 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3002 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3002 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4002;
@ -197,9 +194,12 @@ http {
}
upstream electrs-signet {
server [2401:b140:1::92:201]:3003 weight=999 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:202]:3003 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::100:220]:3003 backup;
server [2401:b140:1::92:201]:3003 backup;
server [2401:b140:1::92:202]:3003 backup;
server [2401:b140:1::92:203]:3003 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3003 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3003 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3003 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4003;
@ -209,27 +209,64 @@ http {
}
}
upstream electrs-liquidtestnet {
server [2401:b140:1::92:201]:3004 backup;
server [2401:b140:1::92:202]:3004 backup;
server [2401:b140:1::92:203]:3004 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3004 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3004 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3004 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 80;
server_name mempool.space node100.mempool.space;
if ($host = mempool.space)
{
return 301 https://$host$request_uri;
listen 127.0.0.1:4004;
access_log /dev/null;
location / {
proxy_pass http://electrs-liquidtestnet;
}
if ($host = node100.mempool.space)
{
return 301 https://$host$request_uri;
}
return 503;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name node100.mempool.space;
ssl_certificate /usr/local/etc/letsencrypt/live/node100.mempool.space/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/node100.mempool.space/privkey.pem;
server_name mempool.space node206.mempool.space;
include /usr/local/etc/nginx/ssl/mempool.conf;
include /usr/local/etc/nginx/nginx-mempool.conf;
access_log /var/log/nginx/mempool-access.log;
error_log /var/log/nginx/mempool-error.log;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name liquid.network;
include /usr/local/etc/nginx/ssl/mempool.conf;
include /usr/local/etc/nginx/nginx-liquid.conf;
access_log /var/log/nginx/liquid-access.log;
error_log /var/log/nginx/liquid-error.log;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bisq.markets;
include /usr/local/etc/nginx/ssl/mempool.conf;
include /usr/local/etc/nginx/nginx-bisq.conf;
access_log /var/log/nginx/bisq-access.log;
error_log /var/log/nginx/bisq-error.log;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mempool.ninja;
ssl_certificate /usr/local/etc/letsencrypt/live/mempool.ninja/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/mempool.ninja/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
@ -238,14 +275,27 @@ http {
server {
listen 127.0.0.1:80;
listen 443 ssl default http2 backlog=1024;
listen [::]:443 ssl default http2 backlog=1024;
server_name mempool.space;
ssl_certificate /usr/local/etc/letsencrypt/live/mempool.space/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/mempool.space/privkey.pem;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name liquid.place;
ssl_certificate /usr/local/etc/letsencrypt/live/liquid.place/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/liquid.place/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
include /usr/local/etc/nginx/nginx-mempool.conf;
include /usr/local/etc/nginx/nginx-liquid.conf;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bisq.ninja;
ssl_certificate /usr/local/etc/letsencrypt/live/bisq.ninja/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/bisq.ninja/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
include /usr/local/etc/nginx/nginx-bisq.conf;
}
}