everstake · November 28, 2022 17:08
diff --git a/solana_api.conf b/solana_api.conf
 #Nginx config used for api.solana-tds.everstake.one


 # Tune timeouts for proxy
 proxy_buffering off;
 proxy_connect_timeout  360s;
 proxy_send_timeout     360s;
 proxy_read_timeout     700s;

 proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
 proxy_next_upstream_timeout 200s;
 proxy_next_upstream_tries 5;

 # Define zones for limiting
 limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
 limit_req_zone $binary_remote_addr zone=req_limit:10m rate=10r/s;


 # Extensive log format used with Nginx Amplify, handy for analysis
 log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
 					  '$status $body_bytes_sent "$http_referer" '
 					  '"$http_user_agent" "$http_x_forwarded_for" '
 					  '"$host" sn="$server_name" '
 					  'rt=$request_time '
 					  'ua="$upstream_addr" us="$upstream_status" '
 					  'ut="$upstream_response_time" ul="$upstream_response_length" '
 					  'cs=$upstream_cache_status' ;


 # Load balancing, fault tolerance
 upstream solana-proxy {
 	server 127.0.0.1:10899 weight=3 max_conns=1000 max_fails=1000 fail_timeout=360s;
 	# server solana_node1 .....
 	# server solana_node2 .....
 	# server solana_node3 .....
 }

 server {
 	listen 8899;
 	server_name api.solana-tds.everstake.one;

 	# Enable logging, set log format
 	access_log /var/log/nginx/access.log main_ext;
 	error_log /var/log/nginx/error.log warn;

 	# Disable favicon and robots error messages
 	location ~ ^/(favicon.ico|robots.txt) {
 		log_not_found off;
 	}

 	# Simple self-monitoring - connection statistics
 	location = /status {
 		stub_status;
 		access_log off;
 		allow 127.0.0.0/24;
 		deny all;
 	}


 	# Allowed requests we want to forward to upstream
 	location  / {
 			
 		# Configure basic authentification
 		#auth_basic "SOLANA RPC API";
 		#auth_basic_user_file /etc/nginx/.htpasswd;

 		# IP's restriction
 		#allow x.x.x.x/32;
 		#allow y.y.y.y/32;
 		#deny all;

 		proxy_pass http://solana-proxy;
 	}


 	# Forbidden requests
 	location ~ ^/(errors|network|workers) {
 		return 403;
 	}

 	# Forbiddent IP's
 	location ~ ^/forbidden {
 		allow 127.0.0.0/24;
 		#allow x.x.x.x/32;
 		#allow y.y.y.y/32;
 		deny all;
 	}


 	location ~ /(snapshot.tar.bz2|genesis.tar.bz2|other-rate-limited.bin) {
 		limit_req zone=req_limit;
 		limit_conn conn_limit 10;
 		limit_rate 1m;
 		limit_rate_after 20m;
 		limit_req_status 429;

 		proxy_pass http://solana-proxy;
 	}
 }






 # Proper headers mapping for websocket endpoint
 map $http_upgrade $connection_upgrade {
 		default upgrade;
 		'' close;
 }

 upstream solana-proxy-ws {
    server 127.0.0.1:10900 weight=3 max_conns=1000 max_fails=1000 fail_timeout=360s;
 }


 server {
 	listen 8900;
 	server_name api.solana-tds.everstake.one;

 	access_log /var/log/nginx/access_ws.log main_ext;
 	error_log /var/log/nginx/error_ws.log warn;

 	# This location is a catch-all regexp used to disable logging
 	location ~* .* {
 		return 400;
 		log_not_found off;
 	}

 	# Exact location for websocket
 	location = / {

 		proxy_http_version 1.1;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection $connection_upgrade;
 		proxy_set_header Host $host;
 		
 		proxy_pass http://solana-proxy-ws;
 	}
 }











 ###### HTTP to HTTPS redirect
 # server {
 # 	listen 80;
 # 	server_name api.solana-tds.everstake.one;
 # 	return 301 https://api.solana-tds.everstake.one$request_uri;
 # }

 # server {

 # 	listen 443 ssl;
 # 	server_name api.solana-tds.everstake.one;
 #	ssl_certificate /etc/nginx/certs/solana_api.crt;
 #	ssl_certificate_key /etc/nginx/certs/solana_api.key;
 # 	ssl on;
 # 	...
 #	...
 #	proxy_pass http://solana-proxy;
 # }
 ######
	#Nginx config used for api.solana-tds.everstake.one


	# Tune timeouts for proxy
	proxy_buffering off;
	proxy_connect_timeout 360s;
	proxy_send_timeout 360s;
	proxy_read_timeout 700s;

	proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
	proxy_next_upstream_timeout 200s;
	proxy_next_upstream_tries 5;

	# Define zones for limiting
	limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
	limit_req_zone $binary_remote_addr zone=req_limit:10m rate=10r/s;


	# Extensive log format used with Nginx Amplify, handy for analysis
	log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for" '
	'"$host" sn="$server_name" '
	'rt=$request_time '
	'ua="$upstream_addr" us="$upstream_status" '
	'ut="$upstream_response_time" ul="$upstream_response_length" '
	'cs=$upstream_cache_status' ;


	# Load balancing, fault tolerance
	upstream solana-proxy {
	server 127.0.0.1:10899 weight=3 max_conns=1000 max_fails=1000 fail_timeout=360s;
	# server solana_node1 .....
	# server solana_node2 .....
	# server solana_node3 .....
	}

	server {
	listen 8899;
	server_name api.solana-tds.everstake.one;

	# Enable logging, set log format
	access_log /var/log/nginx/access.log main_ext;
	error_log /var/log/nginx/error.log warn;

	# Disable favicon and robots error messages
	location ~ ^/(favicon.ico\|robots.txt) {
	log_not_found off;
	}

	# Simple self-monitoring - connection statistics
	location = /status {
	stub_status;
	access_log off;
	allow 127.0.0.0/24;
	deny all;
	}


	# Allowed requests we want to forward to upstream
	location / {

	# Configure basic authentification
	#auth_basic "SOLANA RPC API";
	#auth_basic_user_file /etc/nginx/.htpasswd;

	# IP's restriction
	#allow x.x.x.x/32;
	#allow y.y.y.y/32;
	#deny all;

	proxy_pass http://solana-proxy;
	}


	# Forbidden requests
	location ~ ^/(errors\|network\|workers) {
	return 403;
	}

	# Forbiddent IP's
	location ~ ^/forbidden {
	allow 127.0.0.0/24;
	#allow x.x.x.x/32;
	#allow y.y.y.y/32;
	deny all;
	}


	location ~ /(snapshot.tar.bz2\|genesis.tar.bz2\|other-rate-limited.bin) {
	limit_req zone=req_limit;
	limit_conn conn_limit 10;
	limit_rate 1m;
	limit_rate_after 20m;
	limit_req_status 429;

	proxy_pass http://solana-proxy;
	}
	}






	# Proper headers mapping for websocket endpoint
	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	upstream solana-proxy-ws {
	server 127.0.0.1:10900 weight=3 max_conns=1000 max_fails=1000 fail_timeout=360s;
	}


	server {
	listen 8900;
	server_name api.solana-tds.everstake.one;

	access_log /var/log/nginx/access_ws.log main_ext;
	error_log /var/log/nginx/error_ws.log warn;

	# This location is a catch-all regexp used to disable logging
	location ~* .* {
	return 400;
	log_not_found off;
	}

	# Exact location for websocket
	location = / {

	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;
	proxy_set_header Host $host;

	proxy_pass http://solana-proxy-ws;
	}
	}











	###### HTTP to HTTPS redirect
	# server {
	# listen 80;
	# server_name api.solana-tds.everstake.one;
	# return 301 https://api.solana-tds.everstake.one$request_uri;
	# }

	# server {

	# listen 443 ssl;
	# server_name api.solana-tds.everstake.one;
	# ssl_certificate /etc/nginx/certs/solana_api.crt;
	# ssl_certificate_key /etc/nginx/certs/solana_api.key;
	# ssl on;
	# ...
	# ...
	# proxy_pass http://solana-proxy;
	# }
	######