d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/archive/tests/NGINX_CONFIG_VERIFICATION.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

212 lines
5.2 KiB
Markdown
Raw Permalink Blame History

# Nginx Configuration Verification for Blockscout
**Date**: December 23, 2025
**Container**: VMID 5000 on pve2 (192.168.11.140)
**Domain**: explorer.d-bis.org
---
## ✅ Nginx Configuration Status
### Current Configuration
The Nginx configuration is correctly set up at `/etc/nginx/sites-available/blockscout`:
```nginx
# HTTPS server - Blockscout Explorer
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name explorer.d-bis.org 192.168.11.140;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/explorer.d-bis.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:...';
# ... security headers ...
# Blockscout Explorer endpoint
location / {
proxy_pass http://127.0.0.1:4000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
```
---
## ✅ Mapping Verification
### Request Flow
```
Cloudflare (HTTPS)
https://explorer.d-bis.org/
Cloudflare Tunnel (HTTPS)
https://192.168.11.140:443 (Nginx)
proxy_pass http://127.0.0.1:4000
Blockscout Docker Container (Port 4000)
```
### Configuration Details
1. **Cloudflare → Nginx**: ✅
- Cloudflare tunnel routes `explorer.d-bis.org``https://192.168.11.140:443`
- Nginx listens on port 443 with SSL
2. **Nginx → Blockscout**: ✅
- `proxy_pass http://127.0.0.1:4000` correctly maps to Blockscout
- Blockscout Docker container exposes port 4000
- Port mapping: `0.0.0.0:4000->4000/tcp` in Docker
3. **Server Name**: ✅
- `server_name explorer.d-bis.org 192.168.11.140;`
- Matches both the domain and IP address
---
## 🔍 Configuration Analysis
### ✅ Correct Mappings
| Source | Destination | Status |
|--------|-------------|--------|
| `https://explorer.d-bis.org/` | `https://192.168.11.140:443` | ✅ Cloudflare Tunnel |
| Nginx `location /` | `http://127.0.0.1:4000` | ✅ Proxy Pass |
| Docker Port Mapping | `4000:4000` | ✅ Blockscout Accessible |
### ⚠️ Potential Considerations
1. **localhost vs 192.168.11.140**: ✅
- Using `127.0.0.1:4000` is correct since Blockscout is on the same host
- Docker port mapping makes container port 4000 available on host localhost:4000
2. **WebSocket Support**: ✅
- Configuration includes WebSocket upgrade headers
- `proxy_set_header Upgrade $http_upgrade;`
- `proxy_set_header Connection $connection_upgrade;`
3. **Headers**: ✅
- `X-Forwarded-Proto: $scheme` - Preserves HTTPS scheme
- `X-Forwarded-For` - Preserves client IP
- `Host: $host` - Preserves original hostname
---
## 🧪 Verification Tests
### Test 1: Nginx Configuration Syntax
```bash
nginx -t
```
**Expected**: ✅ Configuration test is successful
### Test 2: Blockscout Direct Access
```bash
curl http://127.0.0.1:4000/api/v2/status
```
**Expected**: ✅ Blockscout responds on port 4000
### Test 3: Nginx Proxy to Blockscout
```bash
curl -k -H 'Host: explorer.d-bis.org' https://127.0.0.1/
```
**Expected**: ✅ Nginx proxies to Blockscout correctly
### Test 4: External Access via Cloudflare
```bash
curl -k https://explorer.d-bis.org/
```
**Expected**: ✅ Accessible via Cloudflare tunnel
---
## 📝 Configuration Summary
### ✅ Current Setup (Correct)
```nginx
# HTTPS server block
server {
listen 443 ssl http2;
server_name explorer.d-bis.org 192.168.11.140;
location / {
proxy_pass http://127.0.0.1:4000; # ✅ Correct mapping
proxy_set_header Host $host; # ✅ Preserves domain
proxy_set_header X-Forwarded-Proto $scheme; # ✅ Preserves HTTPS
# ... other headers ...
}
}
```
### Request Headers Received by Blockscout
When a request comes from Cloudflare:
- `Host`: `explorer.d-bis.org`
- `X-Forwarded-Proto`: `https`
- `X-Real-IP`: Client's real IP
- `X-Forwarded-For`: Client IP chain
---
## ✅ Verification Result
**Configuration Status**: ✅ **CORRECT**
The Nginx configuration correctly maps:
-`https://explorer.d-bis.org/` (from Cloudflare) → `http://127.0.0.1:4000` (Blockscout)
- ✅ SSL termination handled by Nginx
- ✅ Proper proxy headers set
- ✅ WebSocket support enabled
- ✅ Timeouts configured appropriately
**No changes needed** - The configuration is correct!
---
## 🔧 If Issues Occur
If you experience issues, check:
1. **Blockscout Container**:
```bash
docker ps | grep blockscout
docker logs blockscout
```
2. **Nginx Status**:
```bash
systemctl status nginx
nginx -t
```
3. **Port Accessibility**:
```bash
netstat -tlnp | grep 4000
curl http://127.0.0.1:4000/api/v2/status
```
4. **Nginx Logs**:
```bash
tail -f /var/log/nginx/blockscout-access.log
tail -f /var/log/nginx/blockscout-error.log
```
Reference in New Issue View Git Blame Copy Permalink