Attempt to merge master into #5376

This commit is contained in:
nymkappa
2024-12-09 08:54:26 +01:00
parent 79e2883ebe
commit 78844f5787
472 changed files with 25806 additions and 13790 deletions

View File

@@ -32,6 +32,7 @@ map $http_accept_language $header_lang {
~*^vi vi;
~*^zh zh;
~*^lt lt;
~*^hr hr;
}
map $cookie_lang $lang {
default $header_lang;
@@ -67,4 +68,5 @@ map $cookie_lang $lang {
~*^vi vi;
~*^zh zh;
~*^lt lt;
~*^hr hr;
}

View File

@@ -2,9 +2,6 @@
# routing #
###########
location /api/v1/accelerations {
try_files /dev/null @mempool-api-v1-services-cache-short;
}
location /api/v1/assets {
try_files /dev/null @mempool-api-v1-services-cache-short;
}
@@ -95,6 +92,7 @@ location @mempool-api-v1-services-cache-disabled-addcors {
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin 'https://mempool.space';
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
set $cors_expose_headers 'X-Total-Count';
set $cors_credentials 'true';
# set CORS for approved hostnames
@@ -103,6 +101,7 @@ location @mempool-api-v1-services-cache-disabled-addcors {
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin "$http_origin";
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
set $cors_expose_headers 'X-Total-Count';
set $cors_credentials 'true';
}
@@ -111,6 +110,7 @@ location @mempool-api-v1-services-cache-disabled-addcors {
add_header Access-Control-Allow-Origin "$cors_origin" always;
add_header Access-Control-Allow-Headers "$cors_headers" always;
add_header Access-Control-Allow-Credentials "$cors_credentials" always;
add_header Access-Control-Expose-Headers "$cors_expose_headers" always;
proxy_redirect off;
proxy_buffering off;
@@ -175,6 +175,7 @@ location @mempool-api-v1-services-cache-short-addcors {
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin 'https://mempool.space';
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
set $cors_expose_headers 'X-Total-Count';
set $cors_credentials 'true';
# set CORS for approved hostnames
@@ -183,6 +184,7 @@ location @mempool-api-v1-services-cache-short-addcors {
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
set $cors_origin "$http_origin";
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
set $cors_expose_headers 'X-Total-Count';
set $cors_credentials 'true';
}
@@ -191,6 +193,7 @@ location @mempool-api-v1-services-cache-short-addcors {
add_header Access-Control-Allow-Origin "$cors_origin" always;
add_header Access-Control-Allow-Headers "$cors_headers" always;
add_header Access-Control-Allow-Credentials "$cors_credentials" always;
add_header Access-Control-Expose-Headers "$cors_expose_headers" always;
# add our own cache headers
add_header 'Pragma' 'public';

View File

@@ -32,6 +32,9 @@ location /api/v1/mining {
location /api/v1/fees/recommended {
try_files /dev/null @mempool-api-v1-cache-hot;
}
location /api/v1/accelerations {
try_files /dev/null @mempool-api-v1-cache-hot;
}
# it's ok to cache blockchain data "forever", so we do 30d
location /api/v1/block/ {
@@ -52,10 +55,10 @@ location /api/block/ {
rewrite ^/api/(.*) /$1 break;
try_files /dev/null @esplora-api-cache-forever;
}
# other API responses cannot be cached
# we cache for 1s to mitigate DoS attacks
location /api/ {
rewrite ^/api/(.*) /$1 break;
try_files /dev/null @esplora-api-cache-disabled;
try_files /dev/null @esplora-api-cache-minimal;
}
###########
@@ -168,6 +171,23 @@ location @esplora-api-cache-disabled {
expires -1;
}
location @esplora-api-cache-minimal {
proxy_pass $esploraMainnet;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_background_update on;
proxy_cache_use_stale updating;
proxy_cache apihot;
proxy_cache_valid 200 1s;
proxy_redirect off;
expires 1s;
}
location @esplora-api-cache-forever {
proxy_pass $esploraMainnet;

View File

@@ -47,10 +47,10 @@ location /testnet/api/block/ {
rewrite ^/testnet/api/(.*) /$1 break;
try_files /dev/null @esplora-testnet-api-cache-forever;
}
# other API responses cannot be cached
# we cache for 1s to mitigate DoS attacks
location /testnet/api/ {
rewrite ^/testnet/api/(.*) /$1 break;
try_files /dev/null @esplora-testnet-api-cache-disabled;
try_files /dev/null @esplora-testnet-api-cache-minimal;
}
###########
@@ -160,3 +160,20 @@ location @esplora-testnet-api-cache-forever {
expires 30d;
}
location @esplora-testnet-api-cache-minimal {
proxy_pass $esploraTestnet;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_background_update off;
proxy_cache_use_stale error;
proxy_cache apihot;
proxy_cache_valid 200 1s;
proxy_redirect off;
expires 1s;
}

View File

@@ -42,6 +42,9 @@ http {
#listen [::]:443 ssl http2;
server_name _;
# set cors headers if necessary
set $cors_approved_origin '';
# tor v3
listen 127.0.0.1:81;
set $onion "__NGINX_MEMPOOL_ONION__";
@@ -80,6 +83,9 @@ http {
#listen [::]:443 ssl http2;
server_name _;
# set cors headers if necessary
set $cors_approved_origin '';
# tor v3
listen 127.0.0.1:83;
set $onion "__NGINX_LIQUID_ONION__";

View File

@@ -8,8 +8,11 @@ add_header Onion-Location http://$onion.onion$request_uri;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# generate frame configuration from origin header
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
if ($frameOptions = '')
{
set $frameOptions "DENY";
set $contentSecurityPolicy "frame-ancestors 'none'";
}
# used for iframes on https://mempool.space/network
if ($http_referer ~ ^https://mempool.space/)