d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/archive/tests/NGINX_CONFIG_VERIFICATION.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

5.2 KiB
Raw Permalink Blame History

Nginx Configuration Verification for Blockscout

Date: December 23, 2025
Container: VMID 5000 on pve2 (192.168.11.140)
Domain: explorer.d-bis.org

Nginx Configuration Status

Current Configuration

The Nginx configuration is correctly set up at /etc/nginx/sites-available/blockscout:

# HTTPS server - Blockscout Explorer
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name explorer.d-bis.org 192.168.11.140;

    # SSL configuration
    ssl_certificate /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/explorer.d-bis.org/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:...';
    
    # ... security headers ...

    # Blockscout Explorer endpoint
    location / {
        proxy_pass http://127.0.0.1:4000;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_buffering off;
        proxy_request_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
    }
}

Mapping Verification

Request Flow

Cloudflare (HTTPS)
    ↓
https://explorer.d-bis.org/
    ↓
Cloudflare Tunnel (HTTPS)
    ↓
https://192.168.11.140:443 (Nginx)
    ↓
proxy_pass http://127.0.0.1:4000
    ↓
Blockscout Docker Container (Port 4000)

Configuration Details

  1. Cloudflare → Nginx:

    • Cloudflare tunnel routes explorer.d-bis.orghttps://192.168.11.140:443
    • Nginx listens on port 443 with SSL

  2. Nginx → Blockscout:

    • proxy_pass http://127.0.0.1:4000 correctly maps to Blockscout
    • Blockscout Docker container exposes port 4000
    • Port mapping: 0.0.0.0:4000->4000/tcp in Docker

  3. Server Name:

    • server_name explorer.d-bis.org 192.168.11.140;
    • Matches both the domain and IP address

🔍 Configuration Analysis

Correct Mappings

Source Destination Status
https://explorer.d-bis.org/ https://192.168.11.140:443 Cloudflare Tunnel
Nginx location / http://127.0.0.1:4000 Proxy Pass
Docker Port Mapping 4000:4000 Blockscout Accessible

⚠️ Potential Considerations

  1. localhost vs 192.168.11.140:

    • Using 127.0.0.1:4000 is correct since Blockscout is on the same host
    • Docker port mapping makes container port 4000 available on host localhost:4000

  2. WebSocket Support:

    • Configuration includes WebSocket upgrade headers
    • proxy_set_header Upgrade $http_upgrade;
    • proxy_set_header Connection $connection_upgrade;

  3. Headers:

    • X-Forwarded-Proto: $scheme - Preserves HTTPS scheme
    • X-Forwarded-For - Preserves client IP
    • Host: $host - Preserves original hostname

🧪 Verification Tests

Test 1: Nginx Configuration Syntax

nginx -t

Expected: Configuration test is successful

Test 2: Blockscout Direct Access

curl http://127.0.0.1:4000/api/v2/status

Expected: Blockscout responds on port 4000

Test 3: Nginx Proxy to Blockscout

curl -k -H 'Host: explorer.d-bis.org' https://127.0.0.1/

Expected: Nginx proxies to Blockscout correctly

Test 4: External Access via Cloudflare

curl -k https://explorer.d-bis.org/

Expected: Accessible via Cloudflare tunnel

📝 Configuration Summary

Current Setup (Correct)

# HTTPS server block
server {
    listen 443 ssl http2;
    server_name explorer.d-bis.org 192.168.11.140;
    
    location / {
        proxy_pass http://127.0.0.1:4000;  # ✅ Correct mapping
        proxy_set_header Host $host;        # ✅ Preserves domain
        proxy_set_header X-Forwarded-Proto $scheme;  # ✅ Preserves HTTPS
        # ... other headers ...
    }
}

Request Headers Received by Blockscout

When a request comes from Cloudflare:

  • Host: explorer.d-bis.org
  • X-Forwarded-Proto: https
  • X-Real-IP: Client's real IP
  • X-Forwarded-For: Client IP chain

Verification Result

Configuration Status: CORRECT

The Nginx configuration correctly maps:

  • https://explorer.d-bis.org/ (from Cloudflare) → http://127.0.0.1:4000 (Blockscout)
  • SSL termination handled by Nginx
  • Proper proxy headers set
  • WebSocket support enabled
  • Timeouts configured appropriately

No changes needed - The configuration is correct!

🔧 If Issues Occur

If you experience issues, check:

  1. Blockscout Container:

    docker ps | grep blockscout
docker logs blockscout

  2. Nginx Status:

    systemctl status nginx
nginx -t

  3. Port Accessibility:

    netstat -tlnp | grep 4000
curl http://127.0.0.1:4000/api/v2/status

  4. Nginx Logs:

    tail -f /var/log/nginx/blockscout-access.log
tail -f /var/log/nginx/blockscout-error.log
Reference in New Issue View Git Blame Copy Permalink