Update nginx and mempool backend configuration for active failover HA

2021-02-22 20:22:03 +09:00 · 2021-02-22 20:22:03 +09:00 · c9f2bd4029
commit c9f2bd4029
parent 795fb9342a
7 changed files with 60 additions and 37 deletions
--- a/production/mempool-config.bisq.json
+++ b/production/mempool-config.bisq.json
@ -13,7 +13,7 @@
    "PASSWORD": "bar"
  },
  "ESPLORA": {
-    "REST_API_URL": "http://[::1]:3000"
+    "REST_API_URL": "http://127.0.0.1:4000"
  },
  "DATABASE": {
    "ENABLED": false,
--- a/production/mempool-config.liquid.json
+++ b/production/mempool-config.liquid.json
@ -14,7 +14,7 @@
    "PASSWORD": "bar"
  },
  "ESPLORA": {
-    "REST_API_URL": "http://127.0.0.1:2001"
+    "REST_API_URL": "http://127.0.0.1:4001"
  },
  "DATABASE": {
    "ENABLED": true,
--- a/production/mempool-config.mainnet.json
+++ b/production/mempool-config.mainnet.json
@ -13,7 +13,7 @@
    "PASSWORD": "bar"
  },
  "ESPLORA": {
-    "REST_API_URL": "http://127.0.0.1:2000"
+    "REST_API_URL": "http://127.0.0.1:4000"
  },
  "DATABASE": {
    "ENABLED": true,
--- a/production/mempool-config.signet.json
+++ b/production/mempool-config.signet.json
@ -14,7 +14,7 @@
    "PASSWORD": "bar"
  },
  "ESPLORA": {
-    "REST_API_URL": "http://127.0.0.1:2003"
+    "REST_API_URL": "http://127.0.0.1:4003"
  },
  "DATABASE": {
    "ENABLED": true,
--- a/production/mempool-config.testnet.json
+++ b/production/mempool-config.testnet.json
@ -14,7 +14,7 @@
    "PASSWORD": "bar"
  },
  "ESPLORA": {
-    "REST_API_URL": "http://127.0.0.1:2002"
+    "REST_API_URL": "http://127.0.0.1:4002"
  },
  "DATABASE": {
    "ENABLED": true,
--- a/production/nginx-mempool.conf
+++ b/production/nginx-mempool.conf
@ -33,9 +33,6 @@

 		# fallback for all URLs i.e. /address/foo /tx/foo /block/000
 		location / {
-#			if ($http_user_agent ~* "(Google|Bing|Yandex|Slack|Keybase|Twitter)") {
-#				proxy_pass https://node202.mempool.space;
-#			}
 			try_files /$lang/$uri /$lang/$uri/ $uri $uri/ /en-US/$uri @index-redirect;
 		}
 		location @index-redirect {
@ -60,7 +57,7 @@
 		}
 		# old /explorer redirect from v1 days
 		location /explorer {
-			try_files $uri =410;
+			rewrite /explorer/(.*) https://$host/$1 permanent;
 		}

 		# static API docs
@ -107,11 +104,11 @@

 		# mainnet API
 		location /api/v1/donations {
-			proxy_pass http://127.0.0.1:9001;
+			proxy_pass https://node220.bitcoin.wiz.biz;
 			# don't rate limit this API prefix
 		}
 		location /api/v1/donations/images {
-			proxy_pass http://127.0.0.1:9001;
+			proxy_pass https://node220.bitcoin.wiz.biz;
 			proxy_cache cache;
 			proxy_cache_valid 200 1d;
 		}
@ -125,6 +122,18 @@
 			proxy_pass http://127.0.0.1:8999/api/v1;
 			limit_req burst=50 nodelay zone=api;
 		}
+		location /api/address {
+			proxy_pass http://electrs-mainnet/address;
+			limit_req burst=50 nodelay zone=electrs-address;
+		}
+		location /api/tx {
+			proxy_pass http://electrs-mainnet/tx;
+			limit_req burst=50 nodelay zone=electrs-tx;
+		}
+		location /api/block {
+			proxy_pass http://electrs-mainnet/block;
+			limit_req burst=50 nodelay zone=electrs-block;
+		}
 		location /api/ {
 			proxy_pass http://electrs-mainnet/;
 			limit_req burst=50 nodelay zone=electrs;
@ -198,7 +207,7 @@
 			limit_req burst=50 nodelay zone=electrs;
 		}

-		# mainnet API
+		# websockets
 		location /ws {
 			proxy_pass http://127.0.0.1:8999/;
 			proxy_http_version 1.1;
@ -223,3 +232,9 @@
 			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "Upgrade";
 		}
+		location /ws/signet {
+			proxy_pass http://127.0.0.1:8995/;
+			proxy_http_version 1.1;
+			proxy_set_header Upgrade $http_upgrade;
+			proxy_set_header Connection "Upgrade";
+		}
--- a/production/nginx.conf
+++ b/production/nginx.conf
@ -54,6 +54,9 @@ http {
 	proxy_cache_path /var/cache/nginx keys_zone=cache:20m levels=1:2 inactive=600s max_size=500m;
 	types_hash_max_size 2048;

+	# set proxy to use http/1.1
+	proxy_http_version 1.1;
+
 	# exempt localhost from rate limit
 	geo $limited_ip {
 		default		1;
@ -70,6 +73,9 @@ http {

 	# rate limit requests
 	limit_req_zone $limited_ip_key zone=api:5m rate=200r/m;
+	limit_req_zone $limited_ip_key zone=electrs-address:5m rate=100r/m;
+	limit_req_zone $limited_ip_key zone=electrs-block:5m rate=200r/m;
+	limit_req_zone $limited_ip_key zone=electrs-tx:5m rate=300r/m;
 	limit_req_zone $limited_ip_key zone=electrs:5m rate=2000r/m;
 	limit_req_status 429;

@ -132,11 +138,12 @@ http {
 	}

 	upstream electrs-mainnet {
-		server [2401:b140:1::100:220]:3000 fail_timeout=0s max_fails=0;
+		server [::1]:3000 fail_timeout=10s max_fails=10;
+		server [2401:b140:1::100:220]:3000 backup;
 		server [2401:b140:1::100:210]:3000 backup;
 	}
 	server {
-		listen 127.0.0.1:2000;
+		listen 127.0.0.1:4000;
 		access_log /dev/null;
 		location / {
 			proxy_pass http://electrs-mainnet;
@ -144,11 +151,12 @@ http {
 	}
 	
 	upstream electrs-liquid {
-		server [2401:b140:1::100:220]:3001 fail_timeout=0s max_fails=0;
+		server [::1]:3001 fail_timeout=10s max_fails=10;
+		server [2401:b140:1::100:220]:3001 backup;
 		server [2401:b140:1::100:210]:3001 backup;
 	}
 	server {
-		listen 127.0.0.1:2001;
+		listen 127.0.0.1:4001;
 		access_log /dev/null;
 		location / {
 			proxy_pass http://electrs-liquid;
@ -156,11 +164,12 @@ http {
 	}

 	upstream electrs-testnet {
-		server [2401:b140:1::100:220]:3002 fail_timeout=0s max_fails=0;
+		server [::1]:3002 fail_timeout=10s max_fails=10;
+		server [2401:b140:1::100:220]:3002 backup;
 		server [2401:b140:1::100:210]:3002 backup;
 	}
 	server {
-		listen 127.0.0.1:2002;
+		listen 127.0.0.1:4002;
 		access_log /dev/null;
 		location / {
 			proxy_pass http://electrs-testnet;
@ -168,10 +177,12 @@ http {
 	}

 	upstream electrs-signet {
-		server [2401:b140:1::100:220]:3003;
+		server [::1]:3003 fail_timeout=10s max_fails=10;
+		server [2401:b140:1::100:220]:3003 backup;
+		server [2401:b140:1::100:210]:3003 backup;
 	}
 	server {
-		listen 127.0.0.1:2003;
+		listen 127.0.0.1:4003;
 		access_log /dev/null;
 		location / {
 			proxy_pass http://electrs-signet;
@ -180,28 +191,25 @@ http {

 	server {
 		listen 80;
-		server_name mempool.space mempool.ninja node100.bitcoin.wiz.biz;
-		return 301 https://$host$request_uri;
+		server_name mempool.space node100.mempool.space;
+		if ($host = mempool.space)
+		{
+			return 301 https://$host$request_uri;
+		}
+		if ($host = node100.mempool.space)
+		{
+			return 301 https://$host$request_uri;
+		}
+		return 503;
 	}

 	server {
+		listen 127.0.0.1:80;
 		listen 443 ssl http2;
 		listen [::]:443 ssl http2;
-		server_name node100.bitcoin.wiz.biz;
-		ssl_certificate /usr/local/etc/letsencrypt/live/node100.bitcoin.wiz.biz/fullchain.pem;
-		ssl_certificate_key /usr/local/etc/letsencrypt/live/node100.bitcoin.wiz.biz/privkey.pem;
-		include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
-		ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;
-
-		include /usr/local/etc/nginx/nginx-mempool.conf;
-	}
-
-	server {
-		listen 443 ssl http2;
-		listen [::]:443 ssl http2;
-		server_name mempool.ninja;
-		ssl_certificate /usr/local/etc/letsencrypt/live/mempool.ninja/fullchain.pem;
-		ssl_certificate_key /usr/local/etc/letsencrypt/live/mempool.ninja/privkey.pem;
+		server_name node100.mempool.space;
+		ssl_certificate /usr/local/etc/letsencrypt/live/node100.mempool.space/fullchain.pem;
+		ssl_certificate_key /usr/local/etc/letsencrypt/live/node100.mempool.space/privkey.pem;
 		include /usr/local/etc/letsencrypt/options-ssl-nginx.conf;
 		ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem;