Merge pull request #1081 from mempool/wiz/update-production-configuration-for-v2.3

Update production configurations + README for v2.3
This commit is contained in:
wiz 2022-01-05 09:45:57 +00:00 committed by GitHub
commit ad36d53bb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 752 additions and 1099 deletions

View File

@ -1,80 +1,88 @@
# mempool.space v2 production website hosting
# mempool enterprise production instance
These instructions are for setting up a serious production mempool website for Mainnet, Testnet, and Liquid. For home users, follow the main instructions instead.
These instructions are for setting up a serious production mempool website for Bitcoin mainnet, testnet, signet, Liquid mainnet and testnet, and Bisq. For home users, you should use one-click installation methods instead, and for advanced manual deployments of mainnet only see the top-level installation instructions.
### Server Hardware
Mempool V2 is powered by electrs, which is a beast. I recommend a beefy server:
Mempool V2 is powered by blockstream/electrs, which is a beast. I recommend a beefy server:
* 16C CPU (more is better)
* 20C CPU (more is better)
* 64G RAM (more is better)
* 2TB SSD (NVMe is better)
* 4TB SSD (NVMe is better)
### HDD vs SSD vs NVMe
If you don't have a fast SSD or NVMe backed disk, that's fine. What you do is, go online and buy some fast new NVMe drives and wait for them to arrive. After you install them, throw away your old HDDs and then proceed with the rest of this guide.
## FreeBSD 12
## FreeBSD 13
The mempool.space site is powered by FreeBSD with ZFS root and ARC cache for maximum performance. Linux probably works fine too, but why settle?
### Filesystem
For maximum performance, I use 2x 1TB NVMe SSDs in a RAID 0 using ZFS with lots of RAM for the ARC L2 cache.
For maximum performance, I use 2x 2TB NVMe SSDs in a RAID 0 using ZFS with lots of RAM for the ARC L2 cache.
```
# zpool list -v nvmraid
% zpool list -v
NAME SIZE ALLOC FREE CKPOINT EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
nvmraid 1.81T 1.04T 787G - - 0% 57% 1.00x ONLINE -
nvd0 928G 535G 393G - - 0% 57%
nvd1 928G 534G 394G - - 0% 57%
nvm 3.62T 1.25T 2.38T - - 2% 34% 1.00x ONLINE -
nvd0p3 1.81T 629G 1.20T - - 2% 33.9% - ONLINE
nvd1p3 1.81T 646G 1.18T - - 2% 34.8% - ONLINE
```
For maximum flexibility of configuration, I configure the partitions separately for each data folder:
For maximum flexibility of configuration, I recommend partitions separately for each data folder:
```
Filesystem Size Used Avail Capacity Mounted on
nvmraid/mempool 732G 3.0G 729G 0% /mempool
nvmraid/mysql 730G 618M 729G 0% /mysql
nvmraid/bisq 729G 88K 729G 0% /bisq
nvmraid/elements 731G 1.8G 729G 0% /elements
nvmraid/elements/liquidv1 737G 7.2G 729G 1% /elements/liquidv1
nvmraid/elements/electrs 730G 434M 729G 0% /elements/electrs
nvmraid/bitcoin 730G 694M 729G 0% /bitcoin
nvmraid/bitcoin/chainstate 733G 3.9G 729G 1% /bitcoin/chainstate
nvmraid/bitcoin/indexes 757G 27G 729G 4% /bitcoin/indexes
nvmraid/bitcoin/electrs 730G 853M 729G 0% /bitcoin/electrs
nvmraid/bitcoin/blocks 1.0T 306G 729G 30% /bitcoin/blocks
nvmraid/bitcoin/testnet3 729G 13M 729G 0% /bitcoin/testnet3
nvmraid/bitcoin/testnet3/blocks 756G 26G 729G 3% /bitcoin/testnet3/blocks
nvmraid/bitcoin/testnet3/chainstate 731G 1.3G 729G 0% /bitcoin/testnet3/chainstate
nvmraid/bitcoin/testnet3/indexes 733G 3.8G 729G 1% /bitcoin/testnet3/indexes
nvmraid/electrs/liquid/cache 729G 39M 729G 0% /electrs/liquid/newindex/cache
nvmraid/electrs/liquid/history 730G 737M 729G 0% /electrs/liquid/newindex/history
nvmraid/electrs/liquid/txstore 736G 6.2G 729G 1% /electrs/liquid/newindex/txstore
nvmraid/electrs/mainnet/cache 729G 44M 729G 0% /electrs/mainnet/newindex/cache
nvmraid/electrs/mainnet/history 964G 234G 729G 24% /electrs/mainnet/newindex/history
nvmraid/electrs/mainnet/txstore 1.1T 392G 729G 35% /electrs/mainnet/newindex/txstore
nvmraid/electrs/testnet/cache 729G 40M 729G 0% /electrs/testnet/newindex/cache
nvmraid/electrs/testnet/history 747G 18G 729G 2% /electrs/testnet/newindex/history
nvmraid/electrs/testnet/txstore 764G 34G 729G 4% /electrs/testnet/newindex/txstore
nvm/bisq 766G 1.1G 765G 0% /bisq
nvm/bitcoin 766G 648M 765G 0% /bitcoin
nvm/bitcoin/blocks 1.1T 375G 765G 33% /bitcoin/blocks
nvm/bitcoin/chainstate 770G 4.5G 765G 1% /bitcoin/chainstate
nvm/bitcoin/electrs 772G 7.3G 765G 1% /bitcoin/electrs
nvm/bitcoin/indexes 799G 34G 765G 4% /bitcoin/indexes
nvm/bitcoin/testnet3 765G 5.0M 765G 0% /bitcoin/testnet3
nvm/bitcoin/testnet3/blocks 786G 21G 765G 3% /bitcoin/testnet3/blocks
nvm/bitcoin/testnet3/chainstate 766G 1.1G 765G 0% /bitcoin/testnet3/chainstate
nvm/bitcoin/testnet3/indexes 768G 2.9G 765G 0% /bitcoin/testnet3/indexes
nvm/electrs 765G 128K 765G 0% /electrs
nvm/electrs/liquid 765G 104K 765G 0% /electrs/liquid
nvm/electrs/liquid/cache 765G 7.8M 765G 0% /electrs/liquid/newindex/cache
nvm/electrs/liquid/history 766G 886M 765G 0% /electrs/liquid/newindex/history
nvm/electrs/liquid/txstore 775G 10G 765G 1% /electrs/liquid/newindex/txstore
nvm/electrs/liquidtestnet 765G 112K 765G 0% /electrs/liquidtestnet
nvm/electrs/liquidtestnet/cache 765G 96K 765G 0% /electrs/liquidtestnet/newindex/cache
nvm/electrs/liquidtestnet/history 765G 96K 765G 0% /electrs/liquidtestnet/newindex/history
nvm/electrs/liquidtestnet/txstore 765G 96K 765G 0% /electrs/liquidtestnet/newindex/txstore
nvm/electrs/mainnet 765G 112K 765G 0% /electrs/mainnet
nvm/electrs/mainnet/cache 765G 4.4M 765G 0% /electrs/mainnet/newindex/cache
nvm/electrs/mainnet/history 1.0T 300G 765G 28% /electrs/mainnet/newindex/history
nvm/electrs/mainnet/txstore 1.3T 530G 765G 41% /electrs/mainnet/newindex/txstore
nvm/electrs/signet 766G 522M 765G 0% /electrs/signet
nvm/electrs/testnet 765G 104K 765G 0% /electrs/testnet
nvm/electrs/testnet/cache 765G 1.6M 765G 0% /electrs/testnet/newindex/cache
nvm/electrs/testnet/history 784G 19G 765G 2% /electrs/testnet/newindex/history
nvm/electrs/testnet/txstore 803G 38G 765G 5% /electrs/testnet/newindex/txstore
nvm/elements 766G 927M 765G 0% /elements
nvm/elements/electrs 766G 716M 765G 0% /elements/electrs
nvm/elements/liquidv1 777G 11G 765G 1% /elements/liquidv1
nvm/mempool 789G 24G 765G 3% /mempool
nvm/mysql 766G 648M 765G 0% /mysql
tmpfs 1.0G 1.3M 1.0G 0% /var/cache/nginx
tmpfs 3.0G 1.9G 1.1G 63% /bisq/statsnode-data/btc_mainnet/db/json
```
### Build Dependencies
You'll probably need these:
```
pkg install -y zsh sudo git screen vim-console curl wget neovim rsync
pkg install -y openssl openssh-portable open-vm-tools-nox11 py37-pip
pkg install -y boost-libs autoconf automake gmake gcc libevent libtool pkgconf
pkg install -y mariadb55-server mariadb55-client nginx py37-certbot-nginx npm
pkg install -y zsh sudo git screen curl wget neovim rsync nginx openssl openssh-portable py38-pip py38-certbot-nginx boost-libs autoconf automake gmake gcc libevent libtool pkgconf mariadb105-server mariadb105-client
```
### NodeJS / npm
I recommend to build nodejs / npm from source using nvm:
```
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | zsh
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | zsh
source $HOME/.zshrc
nvm install node
nvm install v16.10.0
nvm alias default node
```
@ -107,11 +115,18 @@ DataDirectory /var/db/tor
DataDirectoryGroupReadable 1
HiddenServiceDir /var/db/tor/mempool
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 80 127.0.0.1:81
HiddenServiceVersion 3
HiddenServiceDir /var/db/tor/bisq
HiddenServicePort 80 127.0.0.1:82
HiddenServiceVersion 3
HiddenServiceDir /var/db/tor/liquid
HiddenServicePort 80 127.0.0.1:83
HiddenServiceVersion 3
```
### Bitcoin
Build [Bitcoin Core](https://github.com/bitcoin/bitcoin) from source. Alternatively, install the OS packages:
@ -121,25 +136,35 @@ pkg install -y bitcoin-daemon bitcoin-utils
Configure your bitcoin.conf like this:
```
datadir=/bitcoin
server=1
daemon=1
txindex=1
listen=1
discover=1
txindex=1
dbcache=3700
maxconnections=1337
par=16
dbcache=4096
maxmempool=1337
mempoolexpiry=999999
maxconnections=42
onion=127.0.0.1:9050
rpcallowip=127.0.0.1
rpcuser=0cd862dce678b830bd2aa36f10b9b6b2
rpcpassword=2d89d36cac4a13c87b5d19ef8f577e37
rpcuser=foo
rpcpassword=bar
[main]
bind=127.0.0.1:8333
rpcbind=127.0.0.1:8332
whitelist=bloomfilter@127.0.0.1
[test]
daemon=1
bind=127.0.0.1:18333
rpcbind=127.0.0.1:18332
[signet]
daemon=1
bind=127.0.0.1:38333
rpcbind=127.0.0.1:38332
```
### Elements
@ -158,15 +183,39 @@ Configure your elements.conf like this:
server=1
daemon=1
listen=1
chain=liquidv1
rpcuser=liquiduser
rpcpassword=liquidpass
validatepegin=1
rpcuser=foo
rpcpassword=bar
mainchainrpchost=127.0.0.1
mainchainrpcport=8332
mainchainrpcuser=user
mainchainrpcpassword=pass
mainchainrpcuser=foo
mainchainrpcpassword=bar
txindex=1
[liquidv1]
validatepegin=1
mainchainrpcport=8332
[liquidtestnet]
validatepegin=0
anyonecanspendaremine=0
initialfreecoins=2100000000000000
con_dyna_deploy_start=0
con_max_block_sig_size=150
checkblockindex=0
fallbackfee=0.00000100
con_has_parent_chain=0
parentgenesisblockhash=NULL
pubkeyprefix=36
scriptprefix=19
blindedprefix=23
bech32_hrp=tex
blech32_hrp=tlq
pchmessagestart=410edd62
dynamic_epoch_length=1000
signblockscript=51210217e403ddb181872c32a0cd468c710040b2f53d8cac69f18dad07985ee37e9a7151ae
evbparams=dynafed:0:::
addnode=liquid-testnet.blockstream.com:18892
addnode=liquidtestnet.com:18891
addnode=liquid.network:18444
```
Start elementsd and wait for it to sync the Liquid blockchain.
@ -180,11 +229,13 @@ cd electrs
git checkout new-index
```
You'll need 3 instances, one for each network. Build one at a time:
You'll need one instance per network. Build and run them one at a time:
```
./electrs-start-mainnet
./electrs-start-testnet
./electrs-start-signet
./electrs-start-liquid
./electrs-start-liquidtestnet
```
### MariaDB
@ -194,19 +245,25 @@ Import historical mempool fee database snapshot, or the blank mariadb structure
mysql -u root
create database mempool;
grant all on mempool.* to 'mempool'@'localhost' identified by 'mempool';
create database tmempool;
grant all on tmempool.* to 'tmempool'@'localhost' identified by 'tmempool';
create database lmempool;
grant all on lmempool.* to 'lmempool'@'localhost' identified by 'lmempool';
create database mempool_testnet;
grant all on mempool_testnet.* to 'mempool_testnet'@'localhost' identified by 'mempool_testnet';
create database mempool_signet;
grant all on mempool_signet.* to 'mempool_signet'@'localhost' identified by 'mempool_signet';
create database mempool_liquid;
grant all on mempool_liquid.* to 'mempool_liquid'@'localhost' identified by 'mempool_liquid';
create database mempool_liquidtestnet;
grant all on mempool_liquidtestnet.* to 'mempool_liquidtestnet'@'localhost' identified by 'mempool_liquidtestnet';
```
Then import
### Bisq
Build bisq-statsnode normally and run using options like this:
```
mysql -u mempool -p mempool < /mempool/mempool/mariadb-structure.sql
mysql -u tmempool -p tmempool < /mempool/mempool/mariadb-structure.sql
mysql -u lmempool -p lmempool < /mempool/mempool/mariadb-structure.sql
./bisq-statsnode --dumpBlockchainData=true --dumpStatistics=true
```
If bisq is happy, it should dump JSON files for Bisq Markets and BSQ data into /bisq that the mempool backend will use.
### Mempool
After all 3 electrs instances are fully indexed, install your 3 mempool nodes:
@ -224,13 +281,15 @@ Finally, start your 3 mempool backends:
Get SSL certificate using certbot:
```
certbot --nginx -d mempool.space
certbot --nginx -d mempool.ninja
```
Install nginx.conf from this repo, edit as necessary:
Make a symlink from /usr/local/etc/nginx/mempool to /mempool/mempool, and copy the nginx.conf and edit as necessary. You probably only need to edit the top-level nginx.conf file.
```
cp nginx.conf /usr/local/etc/nginx/nginx.conf
vi /usr/local/etc/nginx/nginx.conf
cd /usr/local/etc/nginx
ln -s /mempool/mempool
cp /mempool/mempool/nginx.conf .
vi nginx.conf
```
Restart nginx
@ -241,4 +300,3 @@ service nginx restart
### Done
Your site should look like https://mempool.space/
If it doesn't ask wiz on Keybase DM or Twitter for help.

View File

@ -1,75 +0,0 @@
root /mempool/public_html/markets/en-US;
index index.html;
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
if ($http_referer ~ ^https://bisq.markets/)
{
set $frameOptions "ALLOW-FROM https://bisq.markets";
set $contentSecurityPolicy "frame-ancestors https://bisq.markets";
}
if ($http_referer ~ ^https://bisq.network/)
{
set $frameOptions "ALLOW-FROM https://bisq.network";
set $contentSecurityPolicy "frame-ancestors https://bisq.network";
}
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Link "<https://bisq.markets$request_uri>; rel=\"canonical\"";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
#add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
proxy_cache markets;
proxy_cache_valid 200 30s;
location / {
try_files $uri $uri/ /index.html;
}
location /api {
rewrite ^/api$ / break;
rewrite ^/api/$ / break;
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool;
}
location /bisq/api/markets {
rewrite ^/bisq/api/markets/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool;
}
location /bisq/api/v1/markets {
rewrite ^/bisq/api/v1/markets/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool;
}
location /bisq/api/v1/ws {
proxy_pass http://127.0.0.1:8996/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api/markets {
rewrite ^/api/markets/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool;
}
location /api/v1/markets {
rewrite ^/api/v1/markets/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool;
}
location /api/v1/ws {
proxy_pass http://127.0.0.1:8996/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location @mempool {
proxy_pass http://127.0.0.1:8996;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}

View File

@ -1,167 +0,0 @@
root /mempool/public_html/liquid/;
index index.html;
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
if ($http_referer ~ ^https://mempool.space/)
{
set $frameOptions "ALLOW-FROM https://mempool.space";
set $contentSecurityPolicy "frame-ancestors https://mempool.space";
}
if ($http_referer ~ ^https://mempool.ninja/)
{
set $frameOptions "ALLOW-FROM https://mempool.ninja";
set $contentSecurityPolicy "frame-ancestors https://mempool.ninja";
}
if ($http_referer ~ ^https://wiz.biz/)
{
set $frameOptions "ALLOW-FROM https://wiz.biz";
set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
}
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# fallback for all URLs i.e. /address/foo /tx/foo /block/000
location / {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
add_header Cache-Control "public, no-transform";
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
expires 10m;
}
location /resources {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
add_header Cache-Control "public, no-transform";
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
expires 1h;
}
location @index-redirect {
add_header Vary accept-language;
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
rewrite (.*) /$lang/index.html;
}
# location block using regex are matched in order
# used to rewrite resources from /<lang>/ to /en-US/
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/resources/ {
rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1;
}
# used for cookie override
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ {
try_files $uri $uri/ /$1/index.html =404;
}
# static API docs
location = /api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /liquid/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /liquid/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /testnet/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /testnet/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
# mainnet API
location /api/v1/contributors {
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/donations {
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/donations/images {
proxy_pass https://mempool.space;
proxy_cache services;
proxy_cache_valid 200 1d;
expires 7d;
add_header Cache-Control "public, no-transform";
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/ws {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api/v1 {
proxy_pass http://127.0.0.1:8998/api/v1;
}
location /api/address {
proxy_pass http://electrs-liquid/address;
}
location /api/tx {
proxy_pass http://electrs-liquid/tx;
}
location /api/block {
proxy_pass http://electrs-liquid/block;
}
location /api/ {
proxy_pass http://electrs-liquid/;
}
# liquid API
location /liquid/api/v1/ws {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquid/api/v1 {
proxy_pass http://127.0.0.1:8998/api/v1;
}
location /liquid/api/ {
proxy_pass http://electrs-liquid/;
}
# liquidtestnet API
location /liquidtestnet/api/v1/ws {
proxy_pass http://127.0.0.1:8994/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquidtestnet/api/v1 {
proxy_pass http://127.0.0.1:8994/api/v1;
}
location /liquidtestnet/api/ {
proxy_pass http://electrs-liquidtestnet/;
}

View File

@ -1,212 +0,0 @@
root /mempool/public_html/mainnet/;
index index.html;
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
if ($http_referer ~ ^https://mempool.space/)
{
set $frameOptions "ALLOW-FROM https://mempool.space";
set $contentSecurityPolicy "frame-ancestors https://mempool.space";
}
if ($http_referer ~ ^https://mempool.ninja/)
{
set $frameOptions "ALLOW-FROM https://mempool.ninja";
set $contentSecurityPolicy "frame-ancestors https://mempool.ninja";
}
if ($http_referer ~ ^https://node100.bitcoin.wiz.biz/)
{
set $frameOptions "ALLOW-FROM https://node100.bitcoin.wiz.biz";
set $contentSecurityPolicy "frame-ancestors https://node100.bitcoin.wiz.biz";
}
if ($http_referer ~ ^https://wiz.biz/)
{
set $frameOptions "ALLOW-FROM https://wiz.biz";
set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
}
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
# fallback for all URLs i.e. /address/foo /tx/foo /block/000
location / {
#try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
proxy_pass http://127.0.0.1:4000;
}
location @index-redirect {
add_header vary accept-language;
rewrite (.*) /$lang/index.html;
}
# location block using regex are matched in order
# used to rewrite resources from /<lang>/ to /en-US/
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/resources/ {
#rewrite ^/[a-zA-Z-]*/resources/(.*) /resources/$1;
try_files $uri /en-US/$uri =404;
}
location /resources/ {
try_files $uri /en-US/$uri =404;
}
# used for cookie override
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ {
#try_files $uri $uri/ /$1/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
# add /sitemap for production SEO
location /sitemap {
try_files $uri =410;
}
# old /explorer redirect from v1 days
location /explorer {
rewrite /explorer/(.*) https://$host/$1 permanent;
}
# static API docs
location = /api {
#return 302 https://mempool.space/$request_uri;
#try_files $uri $uri/ /en-US/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
location = /api/ {
#return 302 https://mempool.space/$request_uri;
#try_files $uri $uri/ /en-US/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
location = /liquid/api {
#return 302 https://mempool.space/$request_uri;
#try_files $uri $uri/ /en-US/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
location = /liquid/api/ {
#return 302 https://mempool.space/$request_uri;
#try_files $uri $uri/ /en-US/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
location = /testnet/api {
#return 302 https://mempool.space/$request_uri;
#try_files $uri $uri/ /en-US/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
location = /testnet/api/ {
#return 302 https://mempool.space/$request_uri;
#try_files $uri $uri/ /en-US/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
location = /bisq/api {
#return 302 https://mempool.space/$request_uri;
#try_files $uri $uri/ /en-US/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
location = /bisq/api/ {
#return 302 https://mempool.space/$request_uri;
#try_files $uri $uri/ /en-US/index.html =404;
proxy_pass http://127.0.0.1:4000;
}
# mainnet API
location /api/v1/donations {
proxy_pass http://127.0.0.1:8999;
# don't rate limit this API prefix
}
location /api/v1/donations/images {
proxy_pass http://127.0.0.1:8999;
proxy_cache services;
proxy_cache_valid 200 1d;
}
location /api/v1/ws {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api/v1 {
proxy_pass http://127.0.0.1:8999/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /api/ {
proxy_pass http://[::1]:3000/;
limit_req burst=50 nodelay zone=electrs;
}
# liquid API
location /liquid/api/v1/ws {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquid/api/v1 {
proxy_pass http://127.0.0.1:8998/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /liquid/api/ {
proxy_pass http://[::1]:3001/;
limit_req burst=50 nodelay zone=electrs;
}
# testnet API
location /testnet/api/v1/ws {
proxy_pass http://127.0.0.1:8997/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /testnet/api/v1 {
proxy_pass http://127.0.0.1:8997/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /testnet/api/ {
proxy_pass http://[::1]:3002/;
limit_req burst=50 nodelay zone=electrs;
}
# bisq API
location /bisq/api/v1/ws {
proxy_pass http://127.0.0.1:8996/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /bisq/api/v1/markets {
proxy_pass http://127.0.0.1:8996/api/v1/bisq/markets;
#limit_req burst=50 nodelay zone=api;
}
location /bisq/api/v1 {
proxy_pass http://127.0.0.1:8996/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /bisq/api {
proxy_pass http://127.0.0.1:8996/api/v1/bisq;
limit_req burst=50 nodelay zone=api;
}
# mainnet API
location /ws {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/mainnet {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/liquid {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/testnet {
proxy_pass http://127.0.0.1:8997/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}

View File

@ -1,272 +0,0 @@
root /mempool/public_html/mainnet/;
index index.html;
# tor onion redirect
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
# HSTS preload enable
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# generate frame configuration from origin header
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
if ($http_referer ~ ^https://mempool.space/)
{
set $frameOptions "ALLOW-FROM https://mempool.space";
set $contentSecurityPolicy "frame-ancestors https://mempool.space";
}
if ($http_referer ~ ^https://mempool.ninja/)
{
set $frameOptions "ALLOW-FROM https://mempool.ninja";
set $contentSecurityPolicy "frame-ancestors https://mempool.ninja";
}
if ($http_referer ~ ^https://wiz.biz/)
{
set $frameOptions "ALLOW-FROM https://wiz.biz";
set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
}
# restrict usage of frames
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
# enable browser and proxy caching
add_header Cache-Control "public, no-transform";
# vary cache if user changes language preference
add_header Vary Accept-Language;
add_header Vary Cookie;
# fallback for all URLs i.e. /address/foo /tx/foo /block/000
location / {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
expires 10m;
}
location /resources {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
expires 1h;
}
location @index-redirect {
rewrite (.*) /$lang/index.html;
}
# location block using regex are matched in order
# used to rewrite resources from /<lang>/ to /en-US/
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh|hi)/resources/ {
rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1;
}
# used for cookie override
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh|hi)/ {
try_files $uri $uri/ /$1/index.html =404;
}
# add /sitemap for production SEO
location /sitemap {
try_files $uri =410;
}
# old /explorer redirect from v1 days
location /explorer {
rewrite /explorer/(.*) https://$host/$1 permanent;
}
# static API docs
location = /api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /liquid/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /liquid/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /testnet/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /testnet/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /bisq/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /bisq/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /signet/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /signet/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
# serivces API
location /api/v1/contributors {
# don't rate limit this API prefix
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/donations {
# don't rate limit this API prefix
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/donations/images {
# don't rate limit this API prefix
proxy_pass https://mempool.space;
proxy_cache services;
proxy_cache_valid 200 1d;
expires 7d;
add_header Cache-Control "public, no-transform";
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
# mainnet API
location /api/v1/ws {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api/v1 {
proxy_pass http://127.0.0.1:8999/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /api/address {
proxy_pass http://electrs-mainnet/address;
limit_req burst=50 nodelay zone=electrs-address;
}
location /api/tx {
proxy_pass http://electrs-mainnet/tx;
limit_req burst=50 nodelay zone=electrs-tx;
}
location /api/block {
proxy_pass http://electrs-mainnet/block;
limit_req burst=50 nodelay zone=electrs-block;
}
location /api/ {
proxy_pass http://electrs-mainnet/;
limit_req burst=50 nodelay zone=electrs;
}
# liquid API
location /liquid/api/v1/ws {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquid/api/v1 {
proxy_pass http://127.0.0.1:8998/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /liquid/api/ {
proxy_pass http://electrs-liquid/;
limit_req burst=50 nodelay zone=electrs;
}
# testnet API
location /testnet/api/v1/ws {
proxy_pass http://127.0.0.1:8997/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /testnet/api/v1 {
proxy_pass http://127.0.0.1:8997/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /testnet/api/ {
proxy_pass http://electrs-testnet/;
limit_req burst=50 nodelay zone=electrs;
}
# bisq API
location /bisq/api/v1/ws {
proxy_pass http://127.0.0.1:8996/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /bisq/api/v1/markets {
proxy_pass http://127.0.0.1:8996/api/v1/bisq/markets;
#limit_req burst=50 nodelay zone=api;
}
location /bisq/api/v1 {
proxy_pass http://127.0.0.1:8996/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /bisq/api {
proxy_pass http://127.0.0.1:8996/api/v1/bisq;
limit_req burst=50 nodelay zone=api;
}
# signet API
location /signet/api/v1/ws {
proxy_pass http://127.0.0.1:8995/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /signet/api/v1 {
proxy_pass http://127.0.0.1:8995/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /signet/api/ {
proxy_pass http://electrs-signet/;
limit_req burst=50 nodelay zone=electrs;
}
# websockets
location /ws {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/mainnet {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/liquid {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/testnet {
proxy_pass http://127.0.0.1:8997/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/signet {
proxy_pass http://127.0.0.1:8995/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}

View File

@ -1,301 +0,0 @@
user nobody;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 100000;
events {
worker_connections 9000;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
server_name_in_redirect off;
include /usr/local/etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
client_body_timeout 10s;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 69s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
# number of requests per connection, does not affect SPDY
keepalive_requests 100;
# enable gzip compression
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
# text/html is always compressed by gzip module
gzip_types application/javascript application/json application/ld+json application/manifest+json application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard;
# limit request body size
client_max_body_size 10m;
# proxy cache
proxy_cache off;
proxy_cache_path /var/cache/nginx/services keys_zone=services:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/markets keys_zone=markets:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/mainnet keys_zone=mainnet:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/testnet keys_zone=testnet:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/liquid keys_zone=liquid:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/signet keys_zone=signet:20m levels=1:2 inactive=600s max_size=100m;
types_hash_max_size 2048;
map $http_accept_language $header_lang {
default en-US;
~*^en-US en-US;
~*^en en-US;
~*^ar ar;
~*^cs cs;
~*^de de;
~*^es es;
~*^fa fa;
~*^fr fr;
~*^ko ko;
~*^hi hi;
~*^it it;
~*^ka ka;
~*^hu hu;
~*^nl nl;
~*^ja ja;
~*^nb nb;
~*^pl pl;
~*^pt pt;
~*^sl sl;
~*^fi fi;
~*^sv sv;
~*^tr tr;
~*^uk uk;
~*^vi vi;
~*^zh zh;
}
map $cookie_lang $lang {
default $header_lang;
~*^en-US en-US;
~*^en en-US;
~*^ar ar;
~*^cs cs;
~*^de de;
~*^es es;
~*^fa fa;
~*^fr fr;
~*^hi hi;
~*^it it;
~*^ka ka;
~*^hu hu;
~*^ja ja;
~*^ko ko;
~*^nb nb;
~*^nl nl;
~*^pl pl;
~*^pt pt;
~*^sl sl;
~*^fi fi;
~*^sv sv;
~*^tr tr;
~*^uk uk;
~*^vi vi;
~*^zh zh;
}
server {
listen 80;
listen [::]:80;
server_name node206.mempool.space mempool.space mempool.ninja bisq.markets liquid.network;
if ($host = mempool.space)
{
return 301 https://$host$request_uri;
}
if ($host = mempool.ninja)
{
return 301 https://$host$request_uri;
}
if ($host = bisq.markets)
{
return 301 https://$host$request_uri;
}
if ($host = liquid.network)
{
return 301 https://$host$request_uri;
}
if ($host = node206.mempool.space)
{
return 301 https://$host$request_uri;
}
return 503;
}
upstream electrs-mainnet {
server [2401:b140:1::92:201]:3000 backup;
server [2401:b140:1::92:202]:3000 backup;
server [2401:b140:1::92:203]:3000 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3000 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3000 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3000 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4000;
access_log /dev/null;
location / {
proxy_pass http://electrs-mainnet;
}
}
upstream electrs-liquid {
server [2401:b140:1::92:201]:3001 backup;
server [2401:b140:1::92:202]:3001 backup;
server [2401:b140:1::92:203]:3001 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3001 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3001 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3001 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4001;
access_log /dev/null;
location / {
proxy_pass http://electrs-liquid;
}
}
upstream electrs-testnet {
server [2401:b140:1::92:201]:3002 backup;
server [2401:b140:1::92:202]:3002 backup;
server [2401:b140:1::92:203]:3002 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3002 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3002 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3002 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4002;
access_log /dev/null;
location / {
proxy_pass http://electrs-testnet;
}
}
upstream electrs-signet {
server [2401:b140:1::92:201]:3003 backup;
server [2401:b140:1::92:202]:3003 backup;
server [2401:b140:1::92:203]:3003 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3003 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3003 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3003 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4003;
access_log /dev/null;
location / {
proxy_pass http://electrs-signet;
}
}
upstream electrs-liquidtestnet {
server [2401:b140:1::92:201]:3004 backup;
server [2401:b140:1::92:202]:3004 backup;
server [2401:b140:1::92:203]:3004 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:204]:3004 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:205]:3004 weight=1 fail_timeout=10s max_fails=10;
server [2401:b140:1::92:206]:3004 weight=9999 fail_timeout=10s max_fails=10;
}
server {
listen 127.0.0.1:4004;
access_log /dev/null;
location / {
proxy_pass http://electrs-liquidtestnet;
}
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mempool.space node206.mempool.space;
include /usr/local/etc/nginx/ssl/mempool.conf;
include /usr/local/etc/nginx/nginx-mempool.conf;
access_log /var/log/nginx/mempool-access.log;
error_log /var/log/nginx/mempool-error.log;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name liquid.network;
include /usr/local/etc/nginx/ssl/mempool.conf;
include /usr/local/etc/nginx/nginx-liquid.conf;
access_log /var/log/nginx/liquid-access.log;
error_log /var/log/nginx/liquid-error.log;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bisq.markets;
include /usr/local/etc/nginx/ssl/mempool.conf;
include /usr/local/etc/nginx/nginx-bisq.conf;
access_log /var/log/nginx/bisq-access.log;
error_log /var/log/nginx/bisq-error.log;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mempool.ninja;
ssl_certificate /usr/local/etc/letsencrypt/live/mempool.ninja/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/mempool.ninja/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
include /usr/local/etc/nginx/nginx-mempool.conf;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name liquid.place;
ssl_certificate /usr/local/etc/letsencrypt/live/liquid.place/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/liquid.place/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
include /usr/local/etc/nginx/nginx-liquid.conf;
}
server {
listen 127.0.0.1:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bisq.ninja;
ssl_certificate /usr/local/etc/letsencrypt/live/bisq.ninja/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/bisq.ninja/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
include /usr/local/etc/nginx/nginx-bisq.conf;
}
}

View File

@ -0,0 +1,39 @@
# basics
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
server_name_in_redirect off;
include /usr/local/etc/nginx/mime.types;
default_type application/octet-stream;
# default logs
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
client_body_timeout 10s;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 69s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
# number of requests per connection, does not affect SPDY
keepalive_requests 100;
# enable gzip compression
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
# text/html is always compressed by gzip module
gzip_types application/javascript application/json application/ld+json application/manifest+json application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard;
# limit request body size
client_max_body_size 10m;

View File

@ -0,0 +1,57 @@
map $http_accept_language $header_lang {
default en-US;
~*^en-US en-US;
~*^en en-US;
~*^ar ar;
~*^cs cs;
~*^de de;
~*^es es;
~*^fa fa;
~*^fr fr;
~*^ko ko;
~*^hi hi;
~*^it it;
~*^ka ka;
~*^hu hu;
~*^nl nl;
~*^ja ja;
~*^nb nb;
~*^pl pl;
~*^pt pt;
~*^sl sl;
~*^fi fi;
~*^sv sv;
~*^tr tr;
~*^uk uk;
~*^vi vi;
~*^zh zh;
}
map $cookie_lang $lang {
default $header_lang;
~*^en-US en-US;
~*^en en-US;
~*^ar ar;
~*^cs cs;
~*^de de;
~*^es es;
~*^fa fa;
~*^fr fr;
~*^hi hi;
~*^it it;
~*^ka ka;
~*^hu hu;
~*^ja ja;
~*^ko ko;
~*^nb nb;
~*^nl nl;
~*^pl pl;
~*^pt pt;
~*^sl sl;
~*^fi fi;
~*^sv sv;
~*^tr tr;
~*^uk uk;
~*^vi vi;
~*^zh zh;
}

View File

@ -0,0 +1,4 @@
# proxy cache
proxy_cache_path /var/cache/nginx/services keys_zone=services:20m levels=1:2 inactive=600s max_size=100m;
proxy_cache_path /var/cache/nginx/markets keys_zone=markets:20m levels=1:2 inactive=600s max_size=100m;
types_hash_max_size 2048;

View File

@ -0,0 +1,8 @@
location /api/v1/contributors {
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
# don't rate limit this API prefix
}

View File

@ -0,0 +1,11 @@
location /api/v1/donations/images {
proxy_pass https://mempool.space;
proxy_cache services;
proxy_cache_valid 200 1d;
expires 7d;
add_header Cache-Control "public, no-transform";
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}

View File

@ -0,0 +1,8 @@
location /api/v1/donations {
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
# don't rate limit this API prefix
}

View File

@ -0,0 +1,43 @@
location /api/v1/ws {
proxy_pass $mempoolBackend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api/v1 {
try_files /dev/null @mempool-api-v1;
}
location /api/ {
rewrite ^/api/(.*) /$1 break;
try_files /dev/null @electrs-api;
}
location @mempool-api-v1 {
proxy_pass $mempoolBackend;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}
location @electrs-api {
proxy_pass $electrsBackend;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}

View File

@ -0,0 +1,12 @@
location /liquid/api/v1/ws {
proxy_pass http://mempool-liquid-mainnet/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquid/api/v1 {
proxy_pass http://mempool-liquid-mainnet/api/v1;
}
location /liquid/api/ {
proxy_pass http://electrs-liquid-mainnet/;
}

View File

@ -0,0 +1,12 @@
location /liquidtestnet/api/v1/ws {
proxy_pass http://mempool-liquid-testnet/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquidtestnet/api/v1 {
proxy_pass http://mempool-liquid-testnet/api/v1;
}
location /liquidtestnet/api/ {
proxy_pass http://electrs-liquid-testnet/;
}

View File

@ -0,0 +1,46 @@
# redirect mempool.space/liquid to liquid.network
location /liquid {
rewrite /liquid/(.*) https://liquid.network/$1;
rewrite /liquid https://liquid.network/;
return 308;
}
# redirect mempool.space/liquidtestnet to liquid.network/testnet
location /liquidtestnet {
rewrite /liquidtestnet/(.*) https://liquid.network/testnet/$1;
rewrite /liquidtestnet/ https://liquid.network/testnet/;
rewrite /liquidtestnet https://liquid.network/testnet;
return 308;
}
# redirect mempool.space/bisq to bisq.markets
location /bisq {
rewrite /bisq/(.*) https://bisq.markets/$1;
rewrite /bisq https://bisq.markets/;
return 308;
}
# redirect /api to /docs/api
location = /api {
return 308 https://$host/docs/api;
}
location = /api/ {
return 308 https://$host/docs/api;
}
# redirect /testnet/api to /testnet/docs/api
location = /testnet/api {
return 308 https://$host/testnet/docs/api;
}
location = /testnet/api/ {
return 308 https://$host/testnet/docs/api;
}
# redirect /signet/api to /signet/docs/api
location = /signet/api {
return 308 https://$host/signet/docs/api;
}
location = /signet/api/ {
return 308 https://$host/signet/docs/api;
}

View File

@ -0,0 +1,12 @@
location /signet/api/v1/ws {
proxy_pass http://mempool-bitcoin-signet/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /signet/api/v1 {
proxy_pass http://mempool-bitcoin-signet/api/v1;
}
location /signet/api/ {
proxy_pass http://electrs-bitcoin-signet/;
}

View File

@ -0,0 +1,12 @@
location /testnet/api/v1/ws {
proxy_pass http://mempool-bitcoin-testnet/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /testnet/api/v1 {
proxy_pass http://mempool-bitcoin-testnet/api/v1;
}
location /testnet/api/ {
proxy_pass http://electrs-bitcoin-testnet/;
}

124
production/nginx/nginx.conf Normal file
View File

@ -0,0 +1,124 @@
# FreeBSD configuration
user nobody;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 100000;
events {
worker_connections 9000;
multi_accept on;
}
http {
# DNS servers for on-demand recursive resolver
resolver 8.8.8.8;
# HTTP basic configuration
include mempool/production/nginx/http-basic.conf;
include mempool/production/nginx/http-proxy-cache.conf;
include mempool/production/nginx/http-language.conf;
# mempool backend configuration
include mempool/production/nginx/upstream-mempool.conf;
# electrs backend configuration
include mempool/production/nginx/upstream-electrs.conf;
include mempool/production/nginx/server-electrs.conf;
# MEMPOOL.NINJA
server {
# clearnet v4/v6
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mempool.ninja;
set $mempoolBackend "http://mempool-bitcoin-mainnet";
set $electrsBackend "http://electrs-bitcoin-mainnet";
# tor v3
listen 127.0.0.1:81;
set $onion "mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad";
# filesystem paths
root /mempool/public_html/mainnet/;
access_log /var/log/nginx/mempool-access.log;
error_log /var/log/nginx/mempool-error.log;
# ssl configuration
ssl_certificate /usr/local/etc/letsencrypt/live/mempool.ninja/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/mempool.ninja/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
# site configuration
include mempool/production/nginx/server-mempool.conf;
}
# BISQ.NINJA
server {
# clearnet v4/v6
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bisq.ninja;
set $mempoolBackend "http://mempool-bisq-mainnet";
set $electrsBackend "http://electrs-bitcoin-mainnet";
# tor v3
listen 127.0.0.1:82;
set $onion "mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad";
# filesystem paths
root /mempool/public_html/bisq/;
access_log /var/log/nginx/bisq-access.log;
error_log /var/log/nginx/bisq-error.log;
# ssl configuration
ssl_certificate /usr/local/etc/letsencrypt/live/bisq.ninja/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/bisq.ninja/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
# site configuration
include mempool/production/nginx/server-bisq.conf;
}
# LIQUID.PLACE
server {
# clearnet v4/v6
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name liquid.place;
set $mempoolBackend "http://mempool-liquid-mainnet";
set $electrsBackend "http://electrs-liquid-mainnet";
# tor v3
listen 127.0.0.1:83;
set $onion "mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad";
# filesystem paths
root /mempool/public_html/liquid/;
access_log /var/log/nginx/liquid-access.log;
error_log /var/log/nginx/liquid-error.log;
# ssl configuration
ssl_certificate /usr/local/etc/letsencrypt/live/liquid.place/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/liquid.place/privkey.pem;
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
# site configuration
include mempool/production/nginx/server-liquid.conf;
}
# HTTP to HTTPS redirect
server {
# clearnet v4/v6
listen 80;
listen [::]:80;
server_name _;
# only redirect for our hosted domains
if ($host ~ "^(mempool.ninja|bisq.ninja|liquid.place)$")
{
return 301 https://$host$request_uri;
}
return 503;
}
}

View File

@ -0,0 +1,85 @@
include mempool/production/nginx/server-common.conf;
include mempool/production/nginx/location-api-v1-contributors.conf;
include mempool/production/nginx/location-api-v1-donations.conf;
include mempool/production/nginx/location-api-v1-donations-images.conf;
proxy_cache markets;
proxy_cache_valid 200 30s;
# route electrs APIs to electrs
location /api/tx/ {
proxy_pass http://electrs-bitcoin-mainnet/tx/;
}
# rewrite APIs to match what backend expects
location /api/currencies {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api/depth {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api/hloc {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api/offers {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api/ticker {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api/trades {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api/volumes {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api/markets {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api/v1 {
rewrite ^/api/v1/(.*) /api/v1/bisq/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /api {
rewrite ^/api/(.*) /api/v1/bisq/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /bisq/api/v1 {
rewrite ^/bisq/api/v1/(.*) /api/v1/bisq/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
location /bisq/api {
rewrite ^/bisq/api/(.*) /api/v1/bisq/$1 break;
try_files $uri $uri/ @mempool-bisq;
}
# special handling for websocket
location /api/v1/ws {
proxy_pass http://mempool-bitcoin-bisq/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location @mempool-bisq {
proxy_pass http://mempool-bitcoin-bisq;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}

View File

@ -0,0 +1,66 @@
# angular builds to index.html
index index.html;
# tor onion redirect
add_header Onion-Location http://$onion.onion$request_uri;
# HSTS preload enable
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# generate frame configuration from origin header
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
# used for iframes on https://mempool.space/network
if ($http_referer ~ ^https://mempool.space/)
{
set $frameOptions "ALLOW-FROM https://mempool.space";
set $contentSecurityPolicy "frame-ancestors https://mempool.space";
}
# used for iframes on https://mempool.ninja/network
if ($http_referer ~ ^https://mempool.ninja/)
{
set $frameOptions "ALLOW-FROM https://mempool.ninja";
set $contentSecurityPolicy "frame-ancestors https://mempool.ninja";
}
# used for iframes on https://wiz.biz/bitcoin/nodes
if ($http_referer ~ ^https://wiz.biz/)
{
set $frameOptions "ALLOW-FROM https://wiz.biz";
set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
}
# restrict usage of frames
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
# enable browser and proxy caching
add_header Cache-Control "public, no-transform";
# vary cache if user changes language preference
add_header Vary Accept-Language;
add_header Vary Cookie;
# fallback for all URLs i.e. /address/foo /tx/foo /block/000
location / {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
expires 10m;
}
location /resources {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
expires 1h;
}
location @index-redirect {
rewrite (.*) /$lang/index.html;
}
# location block using regex are matched in order
# used to rewrite resources from /<lang>/ to /en-US/
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/resources/ {
rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1;
}
# used for cookie override
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|ka|no|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh)/ {
try_files $uri $uri/ /$1/index.html =404;
}

View File

@ -0,0 +1,35 @@
server {
listen 127.0.0.1:4000;
access_log /dev/null;
location / {
proxy_pass http://electrs-bitcoin-mainnet;
}
}
server {
listen 127.0.0.1:4001;
access_log /dev/null;
location / {
proxy_pass http://electrs-liquid-mainnet;
}
}
server {
listen 127.0.0.1:4002;
access_log /dev/null;
location / {
proxy_pass http://electrs-bitcoin-testnet;
}
}
server {
listen 127.0.0.1:4003;
access_log /dev/null;
location / {
proxy_pass http://electrs-bitcoin-signet;
}
}
server {
listen 127.0.0.1:4004;
access_log /dev/null;
location / {
proxy_pass http://electrs-liquid-testnet;
}
}

View File

@ -0,0 +1,7 @@
include mempool/production/nginx/server-common.conf;
include mempool/production/nginx/location-api-v1-contributors.conf;
include mempool/production/nginx/location-api-v1-donations-images.conf;
include mempool/production/nginx/location-api-v1-donations.conf;
include mempool/production/nginx/location-api.conf;
include mempool/production/nginx/location-liquid-api.conf;
include mempool/production/nginx/location-liquidtestnet-api.conf;

View File

@ -0,0 +1,8 @@
include mempool/production/nginx/server-common.conf;
include mempool/production/nginx/location-redirects.conf;
include mempool/production/nginx/location-api-v1-contributors.conf;
include mempool/production/nginx/location-api-v1-donations.conf;
include mempool/production/nginx/location-api-v1-donations-images.conf;
include mempool/production/nginx/location-api.conf;
include mempool/production/nginx/location-testnet-api.conf;
include mempool/production/nginx/location-signet-api.conf;

View File

@ -0,0 +1,15 @@
upstream electrs-bitcoin-mainnet {
server [::1]:3000 fail_timeout=10s max_fails=10 weight=99999;
}
upstream electrs-liquid-mainnet {
server [::1]:3001 fail_timeout=10s max_fails=10 weight=99999;
}
upstream electrs-bitcoin-testnet {
server [::1]:3002 fail_timeout=10s max_fails=10 weight=99999;
}
upstream electrs-bitcoin-signet {
server [::1]:3003 fail_timeout=10s max_fails=10 weight=99999;
}
upstream electrs-liquid-testnet {
server [::1]:3004 fail_timeout=10s max_fails=10 weight=99999;
}

View File

@ -0,0 +1,18 @@
upstream mempool-bitcoin-mainnet {
server 127.0.0.1:8999 fail_timeout=10s max_fails=10 weight=99999;
}
upstream mempool-liquid-mainnet {
server 127.0.0.1:8998 fail_timeout=10s max_fails=10 weight=99999;
}
upstream mempool-bitcoin-testnet {
server 127.0.0.1:8997 fail_timeout=10s max_fails=10 weight=99999;
}
upstream mempool-bitcoin-bisq {
server 127.0.0.1:8996 fail_timeout=10s max_fails=10 weight=99999;
}
upstream mempool-bitcoin-signet {
server 127.0.0.1:8995 fail_timeout=10s max_fails=10 weight=99999;
}
upstream mempool-liquid-testnet {
server 127.0.0.1:8994 fail_timeout=10s max_fails=10 weight=99999;
}