Commit 623b30c5 authored by Cédric F.'s avatar Cédric F.

Replace nginx with h2o to add RPC middleware

parent fddd51be
Pipeline #66402141 (#115) failed with stage
in 2 minutes and 50 seconds
all: trappisto
all: trappisto-dcr trappisto-bch trappisto-btc
trappisto: src/*.elm
trappisto-dcr: src/*.elm
elm-make src/Trappisto.elm --yes --warn --output public/assets/js/elm.js
uglifyjs --mangle --screw-ie8 --output public/assets/js/elm.min.js -- public/assets/js/elm.js
rm public/assets/js/elm.js
trappisto-btc: trappisto
cp public/index.html public/index-btc.html
sed -i 's/DCR/BTC/g' public/index-btc.html
sed -i 's/Decred/Bitcoin/g' public/index-btc.html
trappisto-bch: trappisto
cp public/index.html public/index-bch.html
trappisto-bch: trappisto-dcr
cp public/index-dcr.html public/index-bch.html
sed -i 's/DCR/BCH/g' public/index-bch.html
sed -i 's/Decred/Bitcoin Cash/g' public/index-bch.html
trappisto-btc: trappisto-dcr
cp public/index-dcr.html public/index-btc.html
sed -i 's/DCR/BTC/g' public/index-btc.html
sed -i 's/Decred/Bitcoin/g' public/index-btc.html
test: src/*.elm tests/*.elm
elm-test --yes
......@@ -24,13 +24,13 @@ watch: src/*.elm tests/*.elm
clean:
$(RM) -r public/assets/js/elm*.js elm-stuff/ tests/elm-stuff/
nginx:
sudo -u http -- nginx -c nginx/nginx.conf -p . -g 'daemon off;'
h2o:
h2o -c h2o/h2o.conf
dcrd:
dcrd --rpcuser bitcoin --rpcpass secret
dcrd --notls --rpcuser bitcoin --rpcpass secret
bitcoind:
bitcoind -par=-1 -server -txindex -rpcuser=bitcoin -rpcpassword=secret
.PHONY: watch clean nginx dcrd
.PHONY: watch clean h2o dcrd bitcoind
......@@ -24,10 +24,7 @@ This means it is not possible to browse addresses as we have no way to retrieve
transactions for a particular address. However it is possible to explore blocks
and transactions.
To configure Trappisto for a different coin, you will need to:
- build it with `make trappisto-btc` or `make trappisto-bch` instead of `make`
- update `proxy_pass https://localhost:9109/;` in _nginx.conf_
To configure Trappisto for a different coin, you will need to adjust `file.index: [ 'index-dcr.html' ]` in _h2o.conf_.
## What does Trappisto mean?
......@@ -64,7 +61,7 @@ Run:
```
make dcrd
make nginx
make h2o
```
## License
......
access-log: "| cat"
error-log: "| cat"
compress: ON
header.set: "X-Frame-Options: DENY"
header.set: "X-Content-Type-Options: nosniff"
header.set: "X-XSS-Protection: 1; mode=block"
header.set: "Strict-Transport-Security: max-age=63072000; includeSubDomains; preload"
hosts:
"localhost:8000":
listen:
port: 8000
ssl:
certificate-file: h2o/snakeoil.crt
key-file: h2o/snakeoil.key
paths:
"/":
file.dir: public
file.index: [ 'index-dcr.html' ] # adjust to index-{bch,btc,dcr}.html
"/assets":
file.dir: public/assets
"/rpc":
mruby.handler: |
require "dos_detector.rb"
DoSDetector.new(
strategy: DoSDetector::CountingStrategy.new(period: 10, threshold: 10)
)
mruby.handler: |
lambda do |env|
body_string = env["rack.input"].read
body_json = JSON.parse(body_string || "{}")
method = body_json.fetch("method", nil)
whitelist = %w(getbestblock getblock getblockhash getrawtransaction searchrawtransactions)
if whitelist.include?(method)
[ 399, {}, [] ]
else
[ 400, { "Content-Type" => "text/plain" }, [ "Bad Request" ] ]
end
end
proxy.reverse.url: http://localhost:9109/ # dcrd
# proxy.reverse.url: http://localhost:8332/ # bitcoind
proxy.preserve-host: ON # to not rewrite the incoming host:port
proxy.header.set: "Authorization: Basic Yml0Y29pbjpzZWNyZXQ=" # bitcoin:secret
"/ws":
proxy.reverse.url: http://localhost:9109/ws # dcrd
proxy.websocket: ON
proxy.preserve-host: ON # to not rewrite the incoming host:port
proxy.header.set: "Authorization: Basic Yml0Y29pbjpzZWNyZXQ=" # bitcoin:secret
pid /tmp/nginx.pid;
error_log /tmp/error.log info;
events {
worker_connections 1024;
}
http {
access_log /tmp/access.log;
server_tokens off;
server_names_hash_bucket_size 128; # needed for ACME Let's Encrypt long domain name verification
include /etc/nginx/mime.types;
limit_req_zone $binary_remote_addr zone=default:10m rate=5r/s;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8000 default_server ssl http2;
server_name _;
gzip on;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/xml text/css
text/javascript application/javascript application/x-javascript
application/json
image/svg+xml;
ssl on;
ssl_certificate snakeoil.crt;
ssl_certificate_key snakeoil.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# limit_req zone=default burst=10; # disabled for benchmarking
root public;
location /assets/ {
break;
}
location = /rpc {
proxy_set_header Authorization "Basic Yml0Y29pbjpzZWNyZXQ="; # bitcoin:secret
proxy_set_header Host $host;
proxy_pass https://localhost:9109/; # dcrd
# proxy_pass http://localhost:8332/; # bitcoind
}
location = /ws {
proxy_set_header Authorization "Basic Yml0Y29pbjpzZWNyZXQ="; # bitcoin:secret
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_ssl_session_reuse on; # reduce CPU load by not doing a full TLS handshake for each request
proxy_http_version 1.1; # recommended for keepalive
proxy_pass https://localhost:9109/ws; # dcrd
}
location / {
try_files $uri /index.html;
}
}
}
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -354,7 +354,7 @@ decodeVIn =
)
Nothing
|> Pipeline.optionalAt [ "coinbase" ] (Decode.maybe Decode.string) Nothing
|> Pipeline.requiredAt [ "amountin" ] decodeAmountIn
|> Pipeline.optionalAt [ "amountin" ] decodeAmountIn 0
|> Pipeline.optionalAt [ "blockheight" ] (Decode.maybe Decode.int) Nothing
|> Pipeline.optionalAt [ "prevOut" ] (Decode.maybe decodePrevOut) Nothing
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment