other provider's
Sharder, Miner, Blobber, Validator, Authorizer, Portainer, Pgadmin - Setup nginx & SSL/TLS Certificate by Certbot
Create Route53 Records by following way -
As there is one server which have Sharder, Miner, Blobber, Validator, Authorizer, Portainer, Pgadmin in the network. To make each service accessible by secure link can be done in following way -
Install nginx and certbot
sudo apt update
sudo apt install nginx certbot python3-certbot-nginx -y
nginx -tReplace the /etc/nginx/site-available/default file content with below file. Replace the dns name as per your requirement -
# limit_req_zone $binary_remote_addr zone=mylimit:10m rate=30000r/s;
server {
server_name pgadmin.temp1.zus.network;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5050/;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
server_name portainer.temp1.zus.network;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:9000/;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# CORS headers
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
}
server {
# proxy_redirect off;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
# proxy_pass_header Access-Control-Allow-Origin;
# proxy_pass_header Access-Control-Allow-Methods;
# proxy_pass_header Access-Control-Allow-Headers;
# proxy_pass_header Authorization;
server_name temp1.zus.network;
location /sharder01/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:7171/;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
location /miner01/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:7071/;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
location /blobber01/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5051/;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
location /blobber02/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5052/;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
location /validator01/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5061/;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
location /validator02/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5062/;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
location /authorizer01/ {
# limit_req zone=mylimit;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:3031/;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
location / {
proxy_pass https://temp.zus.network/;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Preflight request. Reply successfully:
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Content-Length' 0;
return 204;
}
}
}Below command will generate certificate -
sudo certbot --nginx -d temp1.zus.network -d pgadmin.temp1.zus.network -d portainer.temp1.zus.networkBelow attached is the practical video for reference -
Last updated