d72945f20c
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Waiting to run
Systemd Sync / sync-systemd (push) Waiting to run
CLI Tests / test-cli (push) Has been cancelled
Integration Tests / test-service-integration (push) Has been cancelled
Python Tests / test-python (push) Has been cancelled
Security Scanning / security-scan (push) Has been cancelled
Documentation Validation / validate-docs (push) Has been cancelled
- Change default P2P port from 7070 to 8001 in config and .env.example - Add redis_url configuration option for hub persistence (default: redis://localhost:6379) - Implement DNS-based hub registration/unregistration via HTTPS API endpoints - Add Redis persistence for hub registrations with 1-hour TTL - Add island join request/response protocol with member list and blockchain credentials - Add GPU marketplace tracking (offers, bids, providers) in hub manager - Add
190 lines
6.4 KiB
Plaintext
190 lines
6.4 KiB
Plaintext
# AITBC Services Nginx Configuration
|
|
# Copy to nginx-aitbc.conf and replace YOUR_DOMAIN with your actual domain
|
|
# Adjust BACKEND_IP if running in containers (default: 127.0.0.1 for localhost)
|
|
# For Incus containers, set BACKEND_IP to the container IP address
|
|
# You can use sed to replace: sed 's/127.0.0.1/YOUR_CONTAINER_IP/g' nginx-aitbc.conf.example > nginx-aitbc.conf
|
|
#
|
|
# After deployment, run: certbot --nginx -d YOUR_DOMAIN to enable SSL
|
|
|
|
# Backend IP address - set to container IP if running in Incus/LXD
|
|
map $host $backend_ip {
|
|
default 127.0.0.1;
|
|
# Uncomment and set your container IP below:
|
|
# host.example.com 10.0.0.100;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name YOUR_DOMAIN;
|
|
|
|
# Security Headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
|
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
|
|
|
# Enable gzip compression
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_min_length 1024;
|
|
gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;
|
|
|
|
# Coordinator API
|
|
location /api/ {
|
|
proxy_pass http://$backend_ip:8000/v1/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_buffering off;
|
|
|
|
# CORS headers for API
|
|
add_header Access-Control-Allow-Origin "*" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Api-Key" always;
|
|
|
|
# Handle preflight requests
|
|
if ($request_method = 'OPTIONS') {
|
|
add_header Access-Control-Allow-Origin "*";
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
|
|
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Api-Key";
|
|
add_header Access-Control-Max-Age 1728000;
|
|
add_header Content-Type "text/plain; charset=utf-8";
|
|
add_header Content-Length 0;
|
|
return 204;
|
|
}
|
|
}
|
|
|
|
# Blockchain RPC
|
|
location /rpc/ {
|
|
proxy_pass http://$backend_ip:8006/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
# Marketplace UI
|
|
location /Marketplace {
|
|
proxy_pass http://$backend_ip:8007/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
rewrite ^/Marketplace/(.*)$ /$1 break;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
# Trade Exchange
|
|
location /Exchange {
|
|
proxy_pass http://$backend_ip:8008/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
rewrite ^/Exchange/(.*)$ /$1 break;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
# Exchange API Routes
|
|
location /api/trades/ {
|
|
proxy_pass http://$backend_ip:8008/api/trades/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
location /api/orders {
|
|
proxy_pass http://$backend_ip:8008/api/orders;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
# Wallet API
|
|
location /wallet/ {
|
|
proxy_pass http://$backend_ip:8003/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# Health check
|
|
location /health {
|
|
proxy_pass http://$backend_ip:8000/v1/health;
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
# Default — serve static website
|
|
location / {
|
|
root /var/www/html;
|
|
index index.html;
|
|
try_files $uri $uri/ =404;
|
|
|
|
# WebSocket support if needed
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
}
|
|
|
|
# Deny access to hidden files
|
|
location ~ /\. {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Custom error pages
|
|
error_page 404 /404.html;
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
|
|
# Static file caching
|
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# Serve production assets
|
|
location /assets/ {
|
|
alias /var/www/html/assets/;
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
add_header X-Content-Type-Options nosniff;
|
|
}
|
|
|
|
# Font serving
|
|
location /fonts-font-awesome/ {
|
|
alias /usr/share/fonts-font-awesome/;
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# Admin endpoints
|
|
location = /api/treasury-balance {
|
|
proxy_pass http://$backend_ip:8085;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
location = /api/exchange/wallet/info {
|
|
proxy_pass http://$backend_ip:8085;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|