Robosats/robosats-deploy
1
0
Fork 0
mirror of https://github.com/RoboSats/robosats-deploy.git synced 2025-08-05 17:40:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/source/main'

Browse Source 
Conflicts:
	compose/nginx/mn.conf.d/local.conf
	compose/nginx/tn.conf.d/local.conf
This commit is contained in:
koalasat
2024-09-22 16:58:40 +02:00
parent fa3bae9d92 bb31060cb7
commit 173ae842f7
2 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
compose/nginx/mn.conf.d/local.conf
View File

@ -14,6 +14,11 @@ upstream robosats_daphne_websocket {
server localhost:9000;
}
map $host $allowed_onion {
default 0;
"~*your-robotest-admin-onion-address\.onion" 1; # Allows access for your coordinator onion address
}
# now we declare our main server
server {
@ -42,9 +47,15 @@ server {
}
location /coordinator {
# Blocks admin access from the public onion address
if ($host ~* "satstraoq35jffvkgpfoqld32nzw2siuvowanruindbfojowpwsjdgad.onion") {
return 403; # Forbidden
# Denies any access by default
set $allow_access 0;
if ($allowed_onion = 1) {
set $allow_access 1; # Allows access for your coordinator onion address
}
if ($allow_access = 0){
return 403; # Access is forbidden if none of the above conditions are met.
}
proxy_pass http://robosats_gunicorn_rest;
@ -53,7 +64,6 @@ server {
proxy_redirect off;
# Replace with the onion hidden service of your coordinator
add_header Onion-Location https://satstraoq35jffvkgpfoqld32nzw2siuvowanruindbfojowpwsjdgad.onion$request_uri;
}
location /ws/ {

19
compose/nginx/tn.conf.d/local.conf
View File

@ -14,6 +14,11 @@ upstream robosats_daphne_websocket {
server localhost:9000;
}
map $host $allowed_onion {
default 0;
"~*testraliar7xkhos2gipv2k65obykofb4jqzl5l4danfryacifi4t7qd\.onion" 1; # Allows access for your coordinator onion address
}
# now we declare our main server
server {
@ -41,12 +46,18 @@ server {
}
location /coordinator {
# Blocks admin access from the public onion address
if ($host ~* "testraliar7xkhos2gipv2k65obykofb4jqzl5l4danfryacifi4t7qd.onion") {
return 403; # Forbidden
# Denies any access by default
set $allow_access 0;
if ($allowed_onion = 1) {
set $allow_access 1; # Allows access for your coordinator onion address
}
proxy_pass http://robosats_gunicorn_rest;
if ($allow_access = 0){
return 403; # Access is forbidden if none of the above conditions are met.
}
proxy_pass http://robosats_gunicorn_rest;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;