mempool/production/nginx/server-bisq.conf
Erik Arvstedt 81bc449043
nginx: Fix gixy test host_spoofing
This patch was generated by replacing:
`proxy_set_header Host $http_host` ->
`proxy_set_header Host $host`

Script:
find . -type f -exec sed -i 's|proxy_set_header Host \$http_host|proxy_set_header Host \$host|g' {} \;

Fixes test error:
```
>> Problem: [host_spoofing] The proxied Host header may be spoofed.
Description: In most cases "$host" variable are more appropriate, just use it.
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md
```

`proxy_set_header Host $host` is indeed the recommended default proxy header setting.
2022-07-11 15:32:37 +02:00

102 lines
2.6 KiB
Plaintext

include mempool/production/nginx/server-common.conf;
include mempool/production/nginx/location-api-v1-services.conf;
proxy_cache markets;
proxy_cache_valid 200 30s;
# route esplora APIs to esplora
location /api/tx/ {
rewrite ^/api/(.*) /$1 break;
try_files /dev/null @esplora-api-cache-disabled;
}
# rewrite APIs to match what backend expects
location /api/currencies {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/depth {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/hloc {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/offers {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/ticker {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/trades {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/volumes {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/markets {
rewrite ^/api/(.*) /api/v1/bisq/markets/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/v1 {
rewrite ^/api/v1/(.*) /api/v1/bisq/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api {
rewrite ^/api/(.*) /api/v1/bisq/$1 break;
try_files /dev/null @mempool-bisq;
}
location /api/v1/ws {
rewrite ^/api/(.*) /api/v1/bisq/$1 break;
try_files /dev/null @mempool-bisq-websocket;
}
location /bisq/api/v1/ws {
rewrite ^/bisq/api/v1/(.*) /api/v1/bisq/$1 break;
try_files /dev/null @mempool-bisq-websocket;
}
location /bisq/api/v1 {
rewrite ^/bisq/api/v1/(.*) /api/v1/bisq/$1 break;
try_files /dev/null @mempool-bisq;
}
location /bisq/api {
rewrite ^/bisq/api/(.*) /api/v1/bisq/$1 break;
try_files /dev/null @mempool-bisq;
}
location @mempool-bisq-websocket {
proxy_pass $mempoolBisq;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location @mempool-bisq {
proxy_pass $mempoolBisq;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
location @esplora-api-cache-disabled {
proxy_pass $esploraMainnet;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
expires -1;
}