mirror of
https://github.com/RoboSats/robosats-deploy.git
synced 2025-08-15 06:17:17 +00:00
101 lines
3.1 KiB
Plaintext
101 lines
3.1 KiB
Plaintext
limit_req_zone $binary_remote_addr zone=tenpersec:10m rate=100r/s;
|
|
|
|
# first we declare our upstream server, which is our Gunicorn application
|
|
upstream robosats_gunicorn_rest {
|
|
# docker will automatically resolve this to the correct address
|
|
# because we use the same name as the service: "robosats"
|
|
server localhost:8000;
|
|
|
|
}
|
|
|
|
upstream robosats_daphne_websocket {
|
|
# docker will automatically resolve this to the correct address
|
|
# because we use the same name as the service: "robosats"
|
|
server localhost:9000;
|
|
}
|
|
|
|
# Define a variable for allowed IPs
|
|
geo $allowed_localIP {
|
|
default 0;
|
|
192.168.0.0/16 1; # Allows access for IPs in the range 192.168.0.0/16 (192.168.0.0 ~ 192.168.255.255)
|
|
#192.168.x.x 1; # or use your local IP for more security and remove the above line
|
|
}
|
|
|
|
map $host $allowed_onion {
|
|
default 0;
|
|
"~*your-robotest-admin-onion-address\.onion" 1; # Allows access for your coordinator onion address
|
|
}
|
|
|
|
# now we declare our main server
|
|
server {
|
|
|
|
listen 80;
|
|
server_name robosats.com;
|
|
large_client_header_buffers 4 64k;
|
|
|
|
location /static {
|
|
alias /usr/src/static;
|
|
}
|
|
|
|
# Tor to web providers (identification files)
|
|
location /.well-known {
|
|
alias /usr/src/.well-known;
|
|
}
|
|
|
|
location / {
|
|
# requests are passed to Gunicorn
|
|
proxy_pass http://robosats_gunicorn_rest;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $host;
|
|
proxy_redirect off;
|
|
# Replace with the onion hidden service of your coordinator
|
|
add_header Onion-Location http://robosats6tkf3eva7x2voqso3a5wcorsnw34jveyxfqi2fu7oyheasid.onion$request_uri;
|
|
limit_req zone=tenpersec burst=10;
|
|
}
|
|
|
|
location /coordinator {
|
|
# Denies any access by default
|
|
set $allow_access 0;
|
|
|
|
if ($allowed_localIP = 1) {
|
|
set $allow_access 1; # Allows access for local IPs
|
|
}
|
|
if ($allowed_onion = 1) {
|
|
set $allow_access 1; # Allows access for your coordinator onion address
|
|
}
|
|
|
|
if ($allow_access = 0){
|
|
return 403; # Access is forbidden if none of the above conditions are met.
|
|
}
|
|
|
|
proxy_pass http://robosats_gunicorn_rest;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $host;
|
|
proxy_redirect off;
|
|
# Replace with the onion hidden service of your coordinator
|
|
add_header Onion-Location https://robosats6tkf3eva7x2voqso3a5wcorsnw34jveyxfqi2fu7oyheasid.onion$request_uri;
|
|
|
|
}
|
|
|
|
location /ws/ {
|
|
# websockets are passed to Daphne
|
|
proxy_pass http://robosats_daphne_websocket;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header Host $host;
|
|
limit_req zone=tenpersec burst=10;
|
|
}
|
|
|
|
location /nostr {
|
|
proxy_pass http://127.0.0.1:7777;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
location = /favicon.ico { access_log off; log_not_found off; }
|
|
|
|
}
|