New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide sample nginx conf #159
Comments
Here's an example of keeping dcrstakepool on the root path, but implementing all of the expected api endpoints and the admin health-check without prepending. The only url changed is the single public vspd web page, to which you would add a link in the dcrstakepool template files. # Declare rate limiting in the http directive
limit_req_zone $binary_remote_addr zone=vspd:10m rate=1r/s;
server {
...
## VSPD
location /api/v3/ {
# Rate limiting
limit_req zone=dcrvsp burst=20 delay=40;
# Trailing slash is required here.
proxy_pass http://127.0.0.1:8800/api/v3/;
}
location /admin/ {
# Use an allowlist instead of rate limiting
allow <your-ip-address>/32;
allow <monitoring-server-ip>/32;
deny all;
proxy_pass http://127.0.0.1:8800/admin/;
}
location /vspd/ {
proxy_pass http://127.0.0.1:8800/;
}
location /vspd {
# trailing slash required here
return 302 /vspd/;
}
# Serve static resources directly.
location /public/ {
limit_req zone=dcrvsp burst=40 delay=80;
alias /opt/vspd/webapi/public/; # change this to the actual folder on disk
# Set the Cache-Control and Expires headers for the static assets.
expires 2d;
}
## DCRSTAKEPOOL
# Serve static resources directly.
location /assets/ {
limit_req zone=dcrvsp burst=40 delay=80;
alias /opt/dcrvsp/public/; # change this to the actual folder on disk
expires 2d;
}
# Everything else is proxied to dcrstakepool.
location / {
limit_req zone=dcrvsp burst=20 delay=40;
proxy_set_header X-Real-IP $realip_remote_addr;
proxy_pass http://127.0.0.1:8000;
}
} |
Just a quick note and some additional thoughts to add. I noticed dcrweb bot is using the wrong url to scrape vspinfo: I'm touching up my testnet config now and added an |
Here is an example of using vspd in the root path and moving the dcrstakepool homepage to a different path. Once again the aim is to keep all of the routes the same except the home page of the legacy dcrstakepool service. You would want to update your vspd template to include a link to dcrstakepool. I'd probably call it the "Legacy Login" or something like that. # Declare rate limiting in the http directive
limit_req_zone $binary_remote_addr zone=vspd:10m rate=1r/s;
server {
...
## DCRSTAKEPOOL
location /api/v2/ {
# Rate limiting
limit_req zone=dcrvsp burst=20 delay=40;
# Trailing slash is required here.
proxy_pass http://127.0.0.1:8000/api/v2/;
}
location ~* /(stats|login|register|admintickets|status|settings|address|tickets|voting|logout|passwordreset|passwordupdate|verifyhuman|captchas) {
proxy_pass http://127.0.0.1:8000;
}
location /dcrstakepool/ {
limit_req zone=dcrvsp burst=20 delay=40;
proxy_pass http://127.0.0.1:8000/;
}
location /dcrstakepool {
# Trailing slash is required here.
return 302 /dcrstakepool/;
}
# Serve static resources directly.
location /public/ {
limit_req zone=dcrvsp burst=40 delay=80;
alias /opt/vspd/webapi/public/; # change this to the actual folder on disk
# Set the Cache-Control and Expires headers for the static assets.
expires 2d;
}
## VSPD
location = /admin/status {
# Use an allowlist instead of rate limiting
allow <your-ip-address>/32;
allow <monitoring-server-ip>/32;
deny all;
proxy_pass http://127.0.0.1:8800/admin/status;
}
# Serve static resources directly.
location /assets/ {
limit_req zone=dcrvsp burst=40 delay=80;
alias /opt/dcrvsp/public/; # change this to the actual folder on disk
expires 2d;
}
# Everything else is proxied to vspd.
location / {
limit_req zone=dcrvsp burst=20 delay=40;
proxy_pass http://127.0.0.1:8800;
}
} |
Here's another iteration, this time keeping it very simple and just having two separate "stats" pages for the two VSP daemons. # Declare rate limiting in the http directive
limit_req_zone $binary_remote_addr zone=vspd:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=dcrstakepool:10m rate=1r/s;
server {
...
## VSPD
location /api/v3/ {
limit_req zone=vspd burst=10 delay=50; # Rate limiting
# Trailing slash is required here.
proxy_pass http://127.0.0.1:8800/api/v3/;
}
location /admin/ {
# Restrict network access
allow x.x.x.x/32; # administrator ip address
allow x.x.x.x/32; # monitoring server ip address
deny all;
proxy_pass http://127.0.0.1:8800/admin/;
}
location /vspd-stats/ {
limit_req zone=vspd burst=10 delay=50;
proxy_pass http://127.0.0.1:8800/;
}
location /vspd-stats {
# trailing slash is required
return 302 /vspd-stats/;
}
location ~* /vspd-stats/(admin|api)/ {
# prevent incorrect location usage. e.g. /vspd-stats/api/v3/vspinfo
return 404;
}
# Serve static resources directly.
location /public/ {
alias /opt/vspd/webapi/public/; # change this to the actual folder on disk
expires 2d;
}
## DCRSTAKEPOOL
# Serve static resources directly.
location /assets/ {
alias /opt/dcrstakepool/public/; # change this to the actual folder on disk
expires 2d;
}
# Everything else is proxied to dcrstakepool.
location / {
limit_req zone=dcrstakepool burst=10 delay=50;
proxy_set_header X-Real-IP $realip_remote_addr;
proxy_pass http://127.0.0.1:8000;
}
# relocate /stats to more descriptive location
location /dcrstakepool-stats/ {
limit_req zone=dcrstakepool burst=10 delay=50;
proxy_pass http://127.0.0.1:8000/stats;
}
}
|
Closing this as all existing VSP operators are now updated to vspd. I don't want to include an nginx config in the vspd repo itself because the precise details of web server config remains a sysadmin decision, not something which is mandated by vspd. |
We probably need two things here:
/v3/
requests to vspd, leave all other requests going to dcrstakepoolThe text was updated successfully, but these errors were encountered: