Nginx Config
Nginx uses configuration (config) files to define servers and routes for incoming requests. For Pocket nodes, nginx needs to relay public requests to an http server that listens on local ports. This is referred to as a proxy configuration.
To make the proxy work, we will create a new configuration file that defines two virtual servers, one for the public requests and one for the private http requests. When nginx is installed, ia default configuration is created and enabled. To keep things simple, we will disable the default configuration and a new one.
Create a new configuration file
The nginx configuration files we'll be creating will be located in the /etc/nginx/sites-available/
directory. However, we'll need to also create a symbolic link in /etc/nginx/sites-enabled/
to enable the configuration. We'll also need to delete the symbolic link for default configuration.
The following steps assume certbot
is installed and was previously used to register an SSL certificate.
To create a new nginx configuration file for a pocket node, use the following steps:
- Confirm the hostname for your SSL certificate
sudo certbot certificates
- Create a new file with nano
sudo nano /etc/nginx/sites-available/pocket
- Add the following code but change the hostname to your pocket node's hostname:
Note: The highlighted lines need to be edited to use your hostname.
```nginx {27,36-37}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
server {
add_header Access-Control-Allow-Origin "*";
listen 80 ;
listen [::]:80 ;
listen 8081 ssl;
listen [::]:8081 ssl;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name node1.pokt.run;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/node1.pokt.run/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/node1.pokt.run/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location ~* ^/v1/client/(dispatch|relay|challenge|sim) {
proxy_pass http://127.0.0.1:8082;
add_header Access-Control-Allow-Methods "POST, OPTIONS";
allow all;
}
location = /v1 {
add_header Access-Control-Allow-Methods "GET";
proxy_pass http://127.0.0.1:8082;
allow all;
}
}
```
- Save the change with Ctrl + O
- Exit nano with Ctrl + X
- Stop nginx with
sudo systemctl stop nginx
- Disable the default configuration
sudo rm /etc/nginx/sites-enabled/default
- Enable the pocket configuration
sudo ln -s /etc/nginx/sites-available/pocket /etc/nginx/sites-enabled/pocket
- Start nginx
sudo systemctl start nginx