mirrors/mempool
1
0
Fork 0
mirror of https://github.com/mempool/mempool.git synced 2024-11-20 02:11:49 +01:00
Code Issues Projects Releases Wiki Activity
07ba2f6ecc
mempool/production/nginx-mempool.conf

273 lines
8.1 KiB
Plaintext
Raw Blame History

root /mempool/public_html/mainnet/;
index index.html;
# tor onion redirect
add_header Onion-Location http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion$request_uri;
# HSTS preload enable
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# generate frame configuration from origin header
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
if ($http_referer ~ ^https://mempool.space/)
{
set $frameOptions "ALLOW-FROM https://mempool.space";
set $contentSecurityPolicy "frame-ancestors https://mempool.space";
}
if ($http_referer ~ ^https://mempool.ninja/)
{
set $frameOptions "ALLOW-FROM https://mempool.ninja";
set $contentSecurityPolicy "frame-ancestors https://mempool.ninja";
}
if ($http_referer ~ ^https://wiz.biz/)
{
set $frameOptions "ALLOW-FROM https://wiz.biz";
set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
}
# restrict usage of frames
add_header X-Frame-Options $frameOptions;
add_header Content-Security-Policy $contentSecurityPolicy;
# enable browser and proxy caching
add_header Cache-Control "public, no-transform";
# vary cache if user changes language preference
add_header Vary Accept-Language;
add_header Vary Cookie;
# fallback for all URLs i.e. /address/foo /tx/foo /block/000
location / {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
expires 10m;
}
location /resources {
try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
expires 1h;
}
location @index-redirect {
rewrite (.*) /$lang/index.html;
}
# location block using regex are matched in order
# used to rewrite resources from /<lang>/ to /en-US/
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh|hi)/resources/ {
rewrite ^/[a-zA-Z-]*/resources/(.*) /en-US/resources/$1;
}
# used for cookie override
location ~ ^/(ar|bg|bs|ca|cs|da|de|et|el|es|eo|eu|fa|fr|gl|ko|hr|id|it|he|ka|lv|lt|hu|mk|ms|nl|ja|nb|nn|pl|pt|pt-BR|ro|ru|sk|sl|sr|sh|fi|sv|th|tr|uk|vi|zh|hi)/ {
try_files $uri $uri/ /$1/index.html =404;
}
# add /sitemap for production SEO
location /sitemap {
try_files $uri =410;
}
# old /explorer redirect from v1 days
location /explorer {
rewrite /explorer/(.*) https://$host/$1 permanent;
}
# static API docs
location = /api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /liquid/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /liquid/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /testnet/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /testnet/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /bisq/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /bisq/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /signet/api {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
location = /signet/api/ {
#return 302 https://mempool.space/$request_uri;
try_files $uri $uri/ /en-US/index.html =404;
}
# serivces API
location /api/v1/contributors {
# don't rate limit this API prefix
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/donations {
# don't rate limit this API prefix
proxy_pass https://mempool.space;
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
location /api/v1/donations/images {
# don't rate limit this API prefix
proxy_pass https://mempool.space;
proxy_cache services;
proxy_cache_valid 200 1d;
expires 7d;
add_header Cache-Control "public, no-transform";
proxy_hide_header onion-location;
proxy_hide_header strict-transport-security;
proxy_hide_header content-security-policy;
proxy_hide_header x-frame-options;
}
# mainnet API
location /api/v1/ws {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api/v1 {
proxy_pass http://127.0.0.1:8999/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /api/address {
proxy_pass http://electrs-mainnet/address;
limit_req burst=50 nodelay zone=electrs-address;
}
location /api/tx {
proxy_pass http://electrs-mainnet/tx;
limit_req burst=50 nodelay zone=electrs-tx;
}
location /api/block {
proxy_pass http://electrs-mainnet/block;
limit_req burst=50 nodelay zone=electrs-block;
}
location /api/ {
proxy_pass http://electrs-mainnet/;
limit_req burst=50 nodelay zone=electrs;
}
# liquid API
location /liquid/api/v1/ws {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /liquid/api/v1 {
proxy_pass http://127.0.0.1:8998/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /liquid/api/ {
proxy_pass http://electrs-liquid/;
limit_req burst=50 nodelay zone=electrs;
}
# testnet API
location /testnet/api/v1/ws {
proxy_pass http://127.0.0.1:8997/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /testnet/api/v1 {
proxy_pass http://127.0.0.1:8997/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /testnet/api/ {
proxy_pass http://electrs-testnet/;
limit_req burst=50 nodelay zone=electrs;
}
# bisq API
location /bisq/api/v1/ws {
proxy_pass http://127.0.0.1:8996/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /bisq/api/v1/markets {
proxy_pass http://127.0.0.1:8996/api/v1/bisq/markets;
#limit_req burst=50 nodelay zone=api;
}
location /bisq/api/v1 {
proxy_pass http://127.0.0.1:8996/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /bisq/api {
proxy_pass http://127.0.0.1:8996/api/v1/bisq;
limit_req burst=50 nodelay zone=api;
}
# signet API
location /signet/api/v1/ws {
proxy_pass http://127.0.0.1:8995/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /signet/api/v1 {
proxy_pass http://127.0.0.1:8995/api/v1;
limit_req burst=50 nodelay zone=api;
}
location /signet/api/ {
proxy_pass http://electrs-signet/;
limit_req burst=50 nodelay zone=electrs;
}
# websockets
location /ws {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/mainnet {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/liquid {
proxy_pass http://127.0.0.1:8998/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/testnet {
proxy_pass http://127.0.0.1:8997/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /ws/signet {
proxy_pass http://127.0.0.1:8995/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
Reference in New Issue View Git Blame Copy Permalink