Attempt to merge master into #5376
This commit is contained in:
@@ -32,6 +32,7 @@ map $http_accept_language $header_lang {
|
||||
~*^vi vi;
|
||||
~*^zh zh;
|
||||
~*^lt lt;
|
||||
~*^hr hr;
|
||||
}
|
||||
map $cookie_lang $lang {
|
||||
default $header_lang;
|
||||
@@ -67,4 +68,5 @@ map $cookie_lang $lang {
|
||||
~*^vi vi;
|
||||
~*^zh zh;
|
||||
~*^lt lt;
|
||||
~*^hr hr;
|
||||
}
|
||||
|
||||
@@ -2,9 +2,6 @@
|
||||
# routing #
|
||||
###########
|
||||
|
||||
location /api/v1/accelerations {
|
||||
try_files /dev/null @mempool-api-v1-services-cache-short;
|
||||
}
|
||||
location /api/v1/assets {
|
||||
try_files /dev/null @mempool-api-v1-services-cache-short;
|
||||
}
|
||||
@@ -95,6 +92,7 @@ location @mempool-api-v1-services-cache-disabled-addcors {
|
||||
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
set $cors_origin 'https://mempool.space';
|
||||
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
|
||||
set $cors_expose_headers 'X-Total-Count';
|
||||
set $cors_credentials 'true';
|
||||
|
||||
# set CORS for approved hostnames
|
||||
@@ -103,6 +101,7 @@ location @mempool-api-v1-services-cache-disabled-addcors {
|
||||
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
set $cors_origin "$http_origin";
|
||||
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
|
||||
set $cors_expose_headers 'X-Total-Count';
|
||||
set $cors_credentials 'true';
|
||||
}
|
||||
|
||||
@@ -111,6 +110,7 @@ location @mempool-api-v1-services-cache-disabled-addcors {
|
||||
add_header Access-Control-Allow-Origin "$cors_origin" always;
|
||||
add_header Access-Control-Allow-Headers "$cors_headers" always;
|
||||
add_header Access-Control-Allow-Credentials "$cors_credentials" always;
|
||||
add_header Access-Control-Expose-Headers "$cors_expose_headers" always;
|
||||
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
@@ -175,6 +175,7 @@ location @mempool-api-v1-services-cache-short-addcors {
|
||||
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
set $cors_origin 'https://mempool.space';
|
||||
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
|
||||
set $cors_expose_headers 'X-Total-Count';
|
||||
set $cors_credentials 'true';
|
||||
|
||||
# set CORS for approved hostnames
|
||||
@@ -183,6 +184,7 @@ location @mempool-api-v1-services-cache-short-addcors {
|
||||
set $cors_methods 'GET, POST, PUT, DELETE, OPTIONS';
|
||||
set $cors_origin "$http_origin";
|
||||
set $cors_headers 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With';
|
||||
set $cors_expose_headers 'X-Total-Count';
|
||||
set $cors_credentials 'true';
|
||||
}
|
||||
|
||||
@@ -191,6 +193,7 @@ location @mempool-api-v1-services-cache-short-addcors {
|
||||
add_header Access-Control-Allow-Origin "$cors_origin" always;
|
||||
add_header Access-Control-Allow-Headers "$cors_headers" always;
|
||||
add_header Access-Control-Allow-Credentials "$cors_credentials" always;
|
||||
add_header Access-Control-Expose-Headers "$cors_expose_headers" always;
|
||||
|
||||
# add our own cache headers
|
||||
add_header 'Pragma' 'public';
|
||||
|
||||
@@ -32,6 +32,9 @@ location /api/v1/mining {
|
||||
location /api/v1/fees/recommended {
|
||||
try_files /dev/null @mempool-api-v1-cache-hot;
|
||||
}
|
||||
location /api/v1/accelerations {
|
||||
try_files /dev/null @mempool-api-v1-cache-hot;
|
||||
}
|
||||
|
||||
# it's ok to cache blockchain data "forever", so we do 30d
|
||||
location /api/v1/block/ {
|
||||
@@ -52,10 +55,10 @@ location /api/block/ {
|
||||
rewrite ^/api/(.*) /$1 break;
|
||||
try_files /dev/null @esplora-api-cache-forever;
|
||||
}
|
||||
# other API responses cannot be cached
|
||||
# we cache for 1s to mitigate DoS attacks
|
||||
location /api/ {
|
||||
rewrite ^/api/(.*) /$1 break;
|
||||
try_files /dev/null @esplora-api-cache-disabled;
|
||||
try_files /dev/null @esplora-api-cache-minimal;
|
||||
}
|
||||
|
||||
###########
|
||||
@@ -168,6 +171,23 @@ location @esplora-api-cache-disabled {
|
||||
expires -1;
|
||||
}
|
||||
|
||||
location @esplora-api-cache-minimal {
|
||||
proxy_pass $esploraMainnet;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
proxy_cache_background_update on;
|
||||
proxy_cache_use_stale updating;
|
||||
proxy_cache apihot;
|
||||
proxy_cache_valid 200 1s;
|
||||
proxy_redirect off;
|
||||
|
||||
expires 1s;
|
||||
}
|
||||
|
||||
location @esplora-api-cache-forever {
|
||||
proxy_pass $esploraMainnet;
|
||||
|
||||
|
||||
@@ -47,10 +47,10 @@ location /testnet/api/block/ {
|
||||
rewrite ^/testnet/api/(.*) /$1 break;
|
||||
try_files /dev/null @esplora-testnet-api-cache-forever;
|
||||
}
|
||||
# other API responses cannot be cached
|
||||
# we cache for 1s to mitigate DoS attacks
|
||||
location /testnet/api/ {
|
||||
rewrite ^/testnet/api/(.*) /$1 break;
|
||||
try_files /dev/null @esplora-testnet-api-cache-disabled;
|
||||
try_files /dev/null @esplora-testnet-api-cache-minimal;
|
||||
}
|
||||
|
||||
###########
|
||||
@@ -160,3 +160,20 @@ location @esplora-testnet-api-cache-forever {
|
||||
|
||||
expires 30d;
|
||||
}
|
||||
|
||||
location @esplora-testnet-api-cache-minimal {
|
||||
proxy_pass $esploraTestnet;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
proxy_cache_background_update off;
|
||||
proxy_cache_use_stale error;
|
||||
proxy_cache apihot;
|
||||
proxy_cache_valid 200 1s;
|
||||
proxy_redirect off;
|
||||
|
||||
expires 1s;
|
||||
}
|
||||
|
||||
@@ -42,6 +42,9 @@ http {
|
||||
#listen [::]:443 ssl http2;
|
||||
server_name _;
|
||||
|
||||
# set cors headers if necessary
|
||||
set $cors_approved_origin '';
|
||||
|
||||
# tor v3
|
||||
listen 127.0.0.1:81;
|
||||
set $onion "__NGINX_MEMPOOL_ONION__";
|
||||
@@ -80,6 +83,9 @@ http {
|
||||
#listen [::]:443 ssl http2;
|
||||
server_name _;
|
||||
|
||||
# set cors headers if necessary
|
||||
set $cors_approved_origin '';
|
||||
|
||||
# tor v3
|
||||
listen 127.0.0.1:83;
|
||||
set $onion "__NGINX_LIQUID_ONION__";
|
||||
|
||||
@@ -8,8 +8,11 @@ add_header Onion-Location http://$onion.onion$request_uri;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
||||
|
||||
# generate frame configuration from origin header
|
||||
set $frameOptions "DENY";
|
||||
set $contentSecurityPolicy "frame-ancestors 'none'";
|
||||
if ($frameOptions = '')
|
||||
{
|
||||
set $frameOptions "DENY";
|
||||
set $contentSecurityPolicy "frame-ancestors 'none'";
|
||||
}
|
||||
|
||||
# used for iframes on https://mempool.space/network
|
||||
if ($http_referer ~ ^https://mempool.space/)
|
||||
|
||||
Reference in New Issue
Block a user