# Nginx Configuration Verification for Blockscout **Date**: December 23, 2025 **Container**: VMID 5000 on pve2 (192.168.11.140) **Domain**: explorer.d-bis.org --- ## ✅ Nginx Configuration Status ### Current Configuration The Nginx configuration is correctly set up at `/etc/nginx/sites-available/blockscout`: ```nginx # HTTPS server - Blockscout Explorer server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name explorer.d-bis.org 192.168.11.140; # SSL configuration ssl_certificate /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/explorer.d-bis.org/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:...'; # ... security headers ... # Blockscout Explorer endpoint location / { proxy_pass http://127.0.0.1:4000; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } ``` --- ## ✅ Mapping Verification ### Request Flow ``` Cloudflare (HTTPS) ↓ https://explorer.d-bis.org/ ↓ Cloudflare Tunnel (HTTPS) ↓ https://192.168.11.140:443 (Nginx) ↓ proxy_pass http://127.0.0.1:4000 ↓ Blockscout Docker Container (Port 4000) ``` ### Configuration Details 1. **Cloudflare → Nginx**: ✅ - Cloudflare tunnel routes `explorer.d-bis.org` → `https://192.168.11.140:443` - Nginx listens on port 443 with SSL 2. **Nginx → Blockscout**: ✅ - `proxy_pass http://127.0.0.1:4000` correctly maps to Blockscout - Blockscout Docker container exposes port 4000 - Port mapping: `0.0.0.0:4000->4000/tcp` in Docker 3. **Server Name**: ✅ - `server_name explorer.d-bis.org 192.168.11.140;` - Matches both the domain and IP address --- ## 🔍 Configuration Analysis ### ✅ Correct Mappings | Source | Destination | Status | |--------|-------------|--------| | `https://explorer.d-bis.org/` | `https://192.168.11.140:443` | ✅ Cloudflare Tunnel | | Nginx `location /` | `http://127.0.0.1:4000` | ✅ Proxy Pass | | Docker Port Mapping | `4000:4000` | ✅ Blockscout Accessible | ### ⚠️ Potential Considerations 1. **localhost vs 192.168.11.140**: ✅ - Using `127.0.0.1:4000` is correct since Blockscout is on the same host - Docker port mapping makes container port 4000 available on host localhost:4000 2. **WebSocket Support**: ✅ - Configuration includes WebSocket upgrade headers - `proxy_set_header Upgrade $http_upgrade;` - `proxy_set_header Connection $connection_upgrade;` 3. **Headers**: ✅ - `X-Forwarded-Proto: $scheme` - Preserves HTTPS scheme - `X-Forwarded-For` - Preserves client IP - `Host: $host` - Preserves original hostname --- ## 🧪 Verification Tests ### Test 1: Nginx Configuration Syntax ```bash nginx -t ``` **Expected**: ✅ Configuration test is successful ### Test 2: Blockscout Direct Access ```bash curl http://127.0.0.1:4000/api/v2/status ``` **Expected**: ✅ Blockscout responds on port 4000 ### Test 3: Nginx Proxy to Blockscout ```bash curl -k -H 'Host: explorer.d-bis.org' https://127.0.0.1/ ``` **Expected**: ✅ Nginx proxies to Blockscout correctly ### Test 4: External Access via Cloudflare ```bash curl -k https://explorer.d-bis.org/ ``` **Expected**: ✅ Accessible via Cloudflare tunnel --- ## 📝 Configuration Summary ### ✅ Current Setup (Correct) ```nginx # HTTPS server block server { listen 443 ssl http2; server_name explorer.d-bis.org 192.168.11.140; location / { proxy_pass http://127.0.0.1:4000; # ✅ Correct mapping proxy_set_header Host $host; # ✅ Preserves domain proxy_set_header X-Forwarded-Proto $scheme; # ✅ Preserves HTTPS # ... other headers ... } } ``` ### Request Headers Received by Blockscout When a request comes from Cloudflare: - `Host`: `explorer.d-bis.org` - `X-Forwarded-Proto`: `https` - `X-Real-IP`: Client's real IP - `X-Forwarded-For`: Client IP chain --- ## ✅ Verification Result **Configuration Status**: ✅ **CORRECT** The Nginx configuration correctly maps: - ✅ `https://explorer.d-bis.org/` (from Cloudflare) → `http://127.0.0.1:4000` (Blockscout) - ✅ SSL termination handled by Nginx - ✅ Proper proxy headers set - ✅ WebSocket support enabled - ✅ Timeouts configured appropriately **No changes needed** - The configuration is correct! --- ## 🔧 If Issues Occur If you experience issues, check: 1. **Blockscout Container**: ```bash docker ps | grep blockscout docker logs blockscout ``` 2. **Nginx Status**: ```bash systemctl status nginx nginx -t ``` 3. **Port Accessibility**: ```bash netstat -tlnp | grep 4000 curl http://127.0.0.1:4000/api/v2/status ``` 4. **Nginx Logs**: ```bash tail -f /var/log/nginx/blockscout-access.log tail -f /var/log/nginx/blockscout-error.log ```