4-3: Configure Nginx

Nginx is a web server. We installed it in step 2 but we need to do some additional configuration.

Nginx uses config files to define servers and routes for incoming requests. For Pocket nodes, nginx needs to relay public requests to a a local http server that pocket core is running. This is referred to as the proxy. We'll also need to proxy requests made by the pocket CLI. For example, when we run the command pocket query height, the CLI makes an http request to the node's local http server.

Config Files

The nginx configuration files we're interested in are located in the /etc/nginx/sites-available/ directory. In that directory there is a default configuration file named default. This is the configuration that is created when you install nginx. It was also modified when we installed the SSL certificate using certbot. So, at this point the default configuration looks something like this:

• Confirm the name of your SSL certificate

  sudo ls /etc/letsencrypt/live/

• Create a new file with nano

  sudo nano /etc/nginx/sites-available/pocket

• Add the following code but change the hostname to your pocket node's hostname:

  server {
      listen 80 default_server;
      listen [::]:80 default_server;
  
      root /var/www/html;
  
      index index.html index.htm index.nginx-debian.html;
  
      server_name _;
  
      location / {
          try_files $uri $uri/ =404;
      }
  }
  
  server {
      add_header Access-Control-Allow-Origin "*";
      listen 80 ;
      listen [::]:80 ;
      listen 8081 ssl;
      listen [::]:8081 ssl;
  
      root /var/www/html;
  
      index index.html index.htm index.nginx-debian.html;
  
      server_name node1.pokt.run;
  
      location / {
          try_files $uri $uri/ =404;
      }
  
      listen [::]:443 ssl ipv6only=on;
      listen 443 ssl;
  
      ssl_certificate /etc/letsencrypt/live/node1.pokt.run/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/node1.pokt.run/privkey.pem;
  
      include /etc/letsencrypt/options-ssl-nginx.conf;
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  
      access_log /var/log/nginx/reverse-access.log;
      error_log /var/log/nginx/reverse-error.log;
  
      location ~* ^/v1/client/(dispatch|relay|challenge|sim) {
          proxy_pass http://127.0.0.1:8082;
          add_header Access-Control-Allow-Methods "POST, OPTIONS";
          allow all;
      }
  
      location = /v1 {
          add_header Access-Control-Allow-Methods "GET";
          proxy_pass http://127.0.0.1:8082;
          allow all;
      }
  }

• Save the change with Ctrl + O

• Exit nano with Ctrl + X

• Stop nginx with

  sudo systemctl stop nginx

• Disable the default configuration

  sudo rm /etc/nginx/sites-enabled/default

• Enable the pocket configuration

  sudo ln -s /etc/nginx/sites-available/pocket /etc/nginx/sites-enabled/pocket

• Start nginx

  sudo systemctl start nginx