Skip to content

Update config #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AmirRajabii wants to merge 29 commits into
base: main
Choose a base branch
from
Open

Update config #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
1cb22b3
Testing config
Marchosiax May 17, 2025
47f11d8
Add v2api config
Marchosiax May 31, 2025
307b19d
add profile
AmirRajabii Jul 19, 2025
d1b9864
Add ip configs
Marchosiax Jul 29, 2025
a220564
Merge remote-tracking branch 'origin/dev' into dev
Marchosiax Jul 29, 2025
1f9b4bf
Add bc-gateway
AmirRajabii Sep 3, 2025
4dd6602
Remove bc-gateway
AmirRajabii Sep 3, 2025
63ba56e
Add auth gateway health check
AmirRajabii Nov 2, 2025
4935732
Add bc location for handling chain scanner webhook
fatemeh-i Nov 5, 2025
a25dcb9
Fix the bc location
fatemeh-i Nov 5, 2025
370e9ec
Add server block for admin v2 panel
AmirRajabii Feb 24, 2026
1b40ab8
Add mobile web app route in the nginx config
fatemeh-i Apr 13, 2026
671bce8
Handle public files in nginx
fatemeh-i Apr 13, 2026
598c064
Change the root directory for the beta apps
fatemeh-i Apr 14, 2026
03c8917
Change the way to separate mobile/desktop web app
fatemeh-i Apr 14, 2026
22d4ff1
Fix the regex issue in separating mobile and desktop apps
fatemeh-i Apr 14, 2026
459d318
Set the log directory for nginx
fatemeh-i Apr 14, 2026
a8cc888
Change the log directory for nginx
fatemeh-i Apr 14, 2026
4e9e55f
Change the route policy of beta app
fatemeh-i Apr 15, 2026
a495007
Handle errors around favicon
fatemeh-i Apr 15, 2026
aede9c4
Fix typo in beta app block
fatemeh-i Apr 17, 2026
2c7036b
Set SERVER_NAME_BETA_APP as an env for the nginx.conf
fatemeh-i Apr 17, 2026
5e33838
Remove extra spaces in envsubst
fatemeh-i Apr 17, 2026
3718e48
Fix the issue in the syntax of envsubst
fatemeh-i Apr 17, 2026
fe544cb
Change the beta app root to a dynamic configuration
fatemeh-i Apr 18, 2026
a03fa6a
Rename web_root var to web_app_root
fatemeh-i Apr 18, 2026
05baf1e
Change the location order
fatemeh-i Apr 18, 2026
e469e30
Change thes tructure of locations in beta app section
fatemeh-i Apr 18, 2026
0e829af
Make a decision about the root in the server blok to handle root in a…
fatemeh-i Apr 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,9 @@ ENV SERVER_NAME_MOBILE_APP mobile.opex.dev
ENV SERVER_WALLET_STAT walletstat.opex.dev
ENV SERVER_NAME_KC kc.opex.dev
ENV SERVER_NAME_V2_AUTH v2auth.opex.dev
ENV SERVER_NAME_BETA_APP beta-app.opex.dev
ENTRYPOINT sh -c 'envsubst \
\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_HEALTH,\$SERVER_NAME_API,\$SERVER_NAME_MOBILE_APP,\$SERVER_WALLET_STAT,\$SERVER_NAME_GRAFANA,\$SERVER_NAME_KIBANA,\$SERVER_NAME_KC,\$SERVER_NAME_V2_AUTH \
\$EXPOSED_PORT,\$SERVER_NAME_DASHBOARD,\$SERVER_NAME_ADMIN_PANEL,\$SERVER_NAME_WEB_APP,\$SERVER_NAME_AUTH,\$SERVER_NAME_HEALTH,\$SERVER_NAME_API,\$SERVER_NAME_MOBILE_APP,\$SERVER_WALLET_STAT,\$SERVER_NAME_GRAFANA,\$SERVER_NAME_KIBANA,\$SERVER_NAME_KC,\$SERVER_NAME_V2_AUTH,\$SERVER_NAME_BETA_APP \
< /etc/nginx/nginx.conf.org \
| tee /etc/nginx/nginx.conf \
&& nginx -g "daemon off;"'
Expand Down
3 changes: 3 additions & 0 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,12 @@ services:
- SERVER_WALLET_STAT=$SERVER_WALLET_STAT
- SERVER_NAME_KC=$SERVER_NAME_KC
- SERVER_NAME_V2_AUTH=$SERVER_NAME_V2_AUTH
- SERVER_NAME_BETA_APP=$SERVER_NAME_BETA_APP
secrets:
- opex_dev_crt
- private_pem
volumes:
- /var/www:/var/www:ro
nginx-exporter:
image: nginx/nginx-prometheus-exporter:1.1.0
ports:
Expand Down
192 changes: 183 additions & 9 deletions nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ events {
}

http {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;

include /etc/nginx/mime.types;
sendfile on;

Expand Down Expand Up @@ -42,6 +45,24 @@ http {

resolver 127.0.0.11 valid=60s;

map $http_user_agent $is_mobile {
default 0;
~*iphone 1;
~*ipod 1;
~*android 1;
~*blackberry 1;
~*windows\ phone 1;
mobile 1;
opera\ mini 1;
iemobile 1;
}

# Set root path based on device type
map $is_mobile $web_app_root {
0 /var/www/desktop;
1 /var/www/mobile;
}

server {
listen 80;

Expand Down Expand Up @@ -108,6 +129,24 @@ http {
}
}

server {
listen 443 ssl;
listen [::]:443 ssl;

server_name $SERVER_NAME_ADMIN_V2_PANEL;

location ~* \.(.*)$ {
set $backend http://admin-v2-panel-nginx;
proxy_pass $backend;
}

location / {
set $backend http://admin-v2-panel-nginx;
proxy_pass $backend;
rewrite .* / break;
}
}

server {
listen 443 ssl;
listen [::]:443 ssl;
Expand Down Expand Up @@ -157,6 +196,64 @@ http {
}
}

server {
listen 443 ssl;
listen [::]:443 ssl;

server_name $SERVER_NAME_KC;

location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://keycloak:8080;
}
}

server {
listen 443 ssl;
listen [::]:443 ssl;

server_name $SERVER_NAME_V2_AUTH;

if ($request_method = 'OPTIONS') {
return 204;
}

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Authorization $http_authorization;
proxy_pass http://auth-gateway:8080;
}
}

server {
listen 443 ssl;
listen [::]:443 ssl;

server_name v2api.opex.dev;

if ($request_method = 'OPTIONS') {
return 204;
}

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization $http_authorization;
proxy_pass http://api:8080;
rewrite ^/(.*)$ /opex/$1 break;
}
}

server {
listen 443 ssl;
listen [::]:443 ssl;
Expand Down Expand Up @@ -222,6 +319,11 @@ http {
proxy_pass $backend;
rewrite ^/auth(.*)$ /actuator/health/$1 break;
}
location /auth-gateway {
set $backend http://auth-gateway:8080;
proxy_pass $backend;
rewrite ^/auth-gateway(.*)$ /actuator/health/$1 break;
}

location /wallet {
set $backend http://wallet:8080;
Expand Down Expand Up @@ -335,13 +437,25 @@ http {
proxy_pass $backend;
rewrite ^/api/(.*)$ /$1 break;
}

location /profile {
set $backend http://profile:8080;
proxy_pass $backend;
rewrite ^/profile/(.*)$ /$1 break;
}

location /sapi {
set $backend http://api:8080;
proxy_pass $backend;
rewrite ^/sapi/(.*)$ /$1 break;
}

location /bc {
set $backend http://bc-gateway:8080;
proxy_pass $backend;
rewrite ^/bc/(.*)$ /$1 break;
}

location /captcha {
add_header Access-Control-Allow-Credentials true always;
add_header Access-Control-Allow-Origin $http_origin always;
Expand All @@ -353,15 +467,75 @@ http {
rewrite ^/captcha/(.*)$ /$1 break;
}

location /binance {
proxy_set_header Host api.binance.com;
proxy_set_header X-Real-IP '';
proxy_set_header X-Forwarded-For '';
proxy_set_header X-Forwarded-Host '';
set $backend https://api.binance.com;
proxy_pass $backend;
rewrite ^/binance/(.*)$ /$1 break;
}
resolver 127.0.0.11 valid=30s;
resolver_timeout 15s;


location /binance {

# target upstream (IMPORTANT: must be variable for DNS resolution)
set $backend https://binance.beeep.ir;

# route path
rewrite ^/binance/(.*)$ /$1 break;

# upstream connection settings
proxy_pass $backend;

# correct upstream identity
proxy_set_header Host binance.beeep.ir;
proxy_ssl_server_name on;
proxy_ssl_name binance.beeep.ir;

# client headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

# timeouts (important for slow Binance-like APIs)
proxy_connect_timeout 60s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
send_timeout 300s;

# retry logic (VERY IMPORTANT for your error)
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
proxy_next_upstream_tries 3;
proxy_next_upstream_timeout 60s;

# TLS (since upstream is HTTPS)
proxy_ssl_verify off;

# avoid buffering issues for slow responses
proxy_buffering off;
proxy_request_buffering off;

# stability
proxy_intercept_errors off;
}

}


server {
listen 443 ssl http2;
server_name $SERVER_NAME_BETA_APP;

set $web_app_root /var/www/desktop;

if ($http_user_agent ~* (iphone|ipod|android|blackberry|windows\ phone|mobile|opera\ mini|iemobile)) {
set $web_app_root /var/www/mobile;
}

location / {
root $web_app_root;
try_files $uri $uri/ /index.html;
}

location = /index.html {
root $web_app_root;
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
}

}
Loading