Robosats/robosats-deploy
1
0
Fork 0
mirror of https://github.com/RoboSats/robosats-deploy.git synced 2025-08-07 18:40:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/source/main'

Browse Source 
Conflicts:
	compose/nginx/mn.conf.d/local.conf
	compose/nginx/tn.conf.d/local.conf
This commit is contained in:
koalasat
2024-09-22 16:58:40 +02:00
parent fa3bae9d92 bb31060cb7
commit 173ae842f7
2 changed files with 29 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
compose/nginx/mn.conf.d/local.conf
View File

@ -14,6 +14,11 @@ upstream robosats_daphne_websocket {
server localhost:9000; server localhost:9000;
} }
map $host $allowed_onion {
default 0;
"~*your-robotest-admin-onion-address\.onion" 1; # Allows access for your coordinator onion address
}
# now we declare our main server # now we declare our main server
server { server {
@ -42,9 +47,15 @@ server {
} }
location /coordinator { location /coordinator {
# Blocks admin access from the public onion address # Denies any access by default
if ($host ~* "satstraoq35jffvkgpfoqld32nzw2siuvowanruindbfojowpwsjdgad.onion") { set $allow_access 0;
return 403; # Forbidden
if ($allowed_onion = 1) {
set $allow_access 1; # Allows access for your coordinator onion address
}
if ($allow_access = 0){
return 403; # Access is forbidden if none of the above conditions are met.
} }
proxy_pass http://robosats_gunicorn_rest; proxy_pass http://robosats_gunicorn_rest;
@ -53,7 +64,6 @@ server {
proxy_redirect off; proxy_redirect off;
# Replace with the onion hidden service of your coordinator # Replace with the onion hidden service of your coordinator
add_header Onion-Location https://satstraoq35jffvkgpfoqld32nzw2siuvowanruindbfojowpwsjdgad.onion$request_uri; add_header Onion-Location https://satstraoq35jffvkgpfoqld32nzw2siuvowanruindbfojowpwsjdgad.onion$request_uri;
} }
location /ws/ { location /ws/ {

17
compose/nginx/tn.conf.d/local.conf
View File

@ -14,6 +14,11 @@ upstream robosats_daphne_websocket {
server localhost:9000; server localhost:9000;
} }
map $host $allowed_onion {
default 0;
"~*testraliar7xkhos2gipv2k65obykofb4jqzl5l4danfryacifi4t7qd\.onion" 1; # Allows access for your coordinator onion address
}
# now we declare our main server # now we declare our main server
server { server {
@ -41,9 +46,15 @@ server {
} }
location /coordinator { location /coordinator {
# Blocks admin access from the public onion address # Denies any access by default
if ($host ~* "testraliar7xkhos2gipv2k65obykofb4jqzl5l4danfryacifi4t7qd.onion") { set $allow_access 0;
return 403; # Forbidden
if ($allowed_onion = 1) {
set $allow_access 1; # Allows access for your coordinator onion address
}
if ($allow_access = 0){
return 403; # Access is forbidden if none of the above conditions are met.
} }
proxy_pass http://robosats_gunicorn_rest; proxy_pass http://robosats_gunicorn_rest;