Skip to main content

Nginx Config

Nginx uses configuration (config) files to define servers and routes for incoming requests. For Pocket nodes, nginx needs to relay public requests to an http server that listens on local ports. This is referred to as a proxy configuration.

To make the proxy work, we will create a new configuration file that defines two virtual servers, one for the public requests and one for the private http requests. When nginx is installed, ia default configuration is created and enabled. To keep things simple, we will disable the default configuration and a new one.

Create a new configuration file

The nginx configuration files we'll be creating will be located in the /etc/nginx/sites-available/ directory. However, we'll need to also create a symbolic link in /etc/nginx/sites-enabled/ to enable the configuration. We'll also need to delete the symbolic link for default configuration.

info

The following steps assume certbot is installed and was previously used to register an SSL certificate.

To create a new nginx configuration file for a pocket node, use the following steps:

  1. Confirm the hostname for your SSL certificate
    sudo certbot certificates
  2. Create a new file with nano
    sudo nano /etc/nginx/sites-available/pocket
  3. Add the following code but change the hostname to your pocket node's hostname:

    Note: The highlighted lines need to be edited to use your hostname.

```nginx {27,36-37}
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        try_files $uri $uri/ =404;
    }
}

server {
    add_header Access-Control-Allow-Origin "*";
    listen 80 ;
    listen [::]:80 ;
    listen 8081 ssl;
    listen [::]:8081 ssl;

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name node1.pokt.run;

    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl ipv6only=on;
    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/node1.pokt.run/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/node1.pokt.run/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    access_log /var/log/nginx/reverse-access.log;
    error_log /var/log/nginx/reverse-error.log;

    location ~* ^/v1/client/(dispatch|relay|challenge|sim) {
        proxy_pass http://127.0.0.1:8082;
        add_header Access-Control-Allow-Methods "POST, OPTIONS";
        allow all;
    }

    location = /v1 {
        add_header Access-Control-Allow-Methods "GET";
        proxy_pass http://127.0.0.1:8082;
        allow all;
    }
}
```
  • Save the change with Ctrl + O
  • Exit nano with Ctrl + X
  • Stop nginx with 
    sudo systemctl stop nginx
  • Disable the default configuration
    sudo rm /etc/nginx/sites-enabled/default
  • Enable the pocket configuration
    sudo ln -s /etc/nginx/sites-available/pocket /etc/nginx/sites-enabled/pocket
  • Start nginx
    sudo systemctl start nginx
Last updated on by Steve Tingiris