Kudaraidee / miningcore-xiaolin1579

Miningcore is a high-performance Mining Pool Software for Linux and Windows.
https://store.miningcore.pro
MIT License
35 stars 46 forks source link

HTTPS API !!! #20

Open b2d2dbone opened 1 year ago

b2d2dbone commented 1 year ago

Hi Xiaolin ))

I would really really appreciate it if you tell me how I can enable https I am so stuck been trying to make it work for couple of days I already applied this "https://miguelabate.com/nginx-ssl-reverse-proxy/" did not work I tried haproxy as well could not make it work

could you just copy past your configs !!

Thank you very much for your contribution to this project

xiaolin1579 commented 1 year ago

image

b2d2dbone commented 1 year ago

Hi Xiaolin

The screenshot config is similar to mine I only get the websit url to https after installing ssl etc ...

but api still stating
Warning! The pool is currently down for maintenance.

Please try again later.

meanwhile when I visit http the warning disappears and the pool api works

am on ubuntu 22.04

b2d2dbone commented 1 year ago

Could share your config .json api section perhaps am missing something there !!

xiaolin1579 commented 1 year ago

Could share your config .json api section perhaps am missing something there !!

image

b2d2dbone commented 1 year ago

Hi Xiaolin

your NGINX config doesn't do ssl termination

it works only with the http protocol not tcp

see "https://github.com/oliverw/miningcore/issues/232"

some how there should be away to enable https on the api to make pool ui view pools on https pool link

xiaolin1579 commented 1 year ago

Make sure your ip and api port are correct. And don't forget to restart nginx every time the settings are changed.

ghost commented 11 months ago

Hi Xiaolin

your NGINX config doesn't do ssl termination

it works only with the http protocol not tcp

see "https://github.com/oliverw/miningcore/issues/232"

some how there should be away to enable https on the api to make pool ui view pools on https pool link

After the nginx settings, the api path must be rewritten in the webui "miningcore.js", and the port number must be omitted . e.g.:
var API = "https://yourdomain/api/";

lurchinms commented 11 months ago
    "api": {
        "enabled": true,
        "listenAddress": "0.0.0.0",
        "port": 4000,
        "metricsIpWhitelist": ["127.0.0.1"],
        "adminIpWhitelist": ["127.0.0.1"],
        "rateLimiting": {
          "disabled": false,
          "rules": [
            {
              "Endpoint": "*",
              "Period": "1s",
              "Limit": 500
            }
          ],
          "ipWhitelist": ["127.0.0.1"]
        }
      },
      "nicehashClusterConfig": {
        "enableAutoDiff": true    
        },
lurchinms commented 11 months ago

That's how mine works

b2d2dbone commented 11 months ago

Hi Xiaolin your NGINX config doesn't do ssl termination it works only with the http protocol not tcp see "oliverw#232" some how there should be away to enable https on the api to make pool ui view pools on https pool link

After the nginx settings, the api path must be rewritten in the webui "miningcore.js", and the port number must be omitted . e.g.: var API = "https://yourdomain/api/"; Hi does it make deference if I use var API = "https://subdomian.domain/api/"; ??

I did exactly what you suggested and it never works the only deference is that am using subdomain

b2d2dbone commented 11 months ago
    "api": {
        "enabled": true,
        "listenAddress": "0.0.0.0",
        "port": 4000,
        "metricsIpWhitelist": ["127.0.0.1"],
        "adminIpWhitelist": ["127.0.0.1"],
        "rateLimiting": {
          "disabled": false,
          "rules": [
            {
              "Endpoint": "*",
              "Period": "1s",
              "Limit": 500
            }
          ],
          "ipWhitelist": ["127.0.0.1"]
        }
      },
      "nicehashClusterConfig": {
        "enableAutoDiff": true    
        },

I'm using same configs I never got it to work every time I install ssl etc I got the pool maintenance massage

ghost commented 11 months ago

I'm using same configs I never got it to work every time I install ssl etc I got the pool maintenance massage

Only the api works on a subdomain, or the pool as well. Some people use it, e.g. : pool url: https://domain and api is work on subdomain https://api.domain/api/ Where does the server work? VPS or own server on LAN?

ghost commented 11 months ago

My test pool work on lan and here the configurations:

(pool.json)

"api": { "enabled": true, "listenAddress": "0.0.0.0", "port": 4000, "metricsIpWhitelist": ["127.0.0.1"], "adminIpWhitelist": ["127.0.0.1"], "rateLimiting": { "disabled": false, "rules": [ { "Endpoint": "*", "Period": "1s", "Limit": 500 } ], "ipWhitelist": ["127.0.0.1"] } },

(miningcore.js in web folder)

var WebURL = "https://miningpool.gpuminers.hu/";

var API = "https://miningpool.gpuminers.hu/api/";


and nginx config in etc/nginx/sites-enabled/ folder

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /home/pool/html;

    index index.html index.htm index.nginx-debian.html;

    server_name miningpool.gpuminers.hu;

    location / {

                 try_files $uri $uri/ =404;
        }
    location /api/ {
    proxy_pass http://127.0.0.1:4000/api/;
        }

   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/miningpool.gpuminers.hu/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/miningpool.gpuminers.hu/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

In the router, ports 80 and 443 are forwarded to the LAN IP address of the server. It's work perfectly.

b2d2dbone commented 11 months ago

My test pool work on lan and here the configurations:

(pool.json)

"api": {

"enabled": true, "listenAddress": "0.0.0.0", "port": 4000, "metricsIpWhitelist": ["127.0.0.1"], "adminIpWhitelist": ["127.0.0.1"], "rateLimiting": { "disabled": false, "rules": [ { "Endpoint": "*", "Period": "1s", "Limit": 500 } ], "ipWhitelist": ["127.0.0.1"] } }, (miningcore.js in web folder)

var WebURL = "https://miningpool.gpuminers.hu/";

var API = "https://miningpool.gpuminers.hu/api/";

and nginx config in etc/nginx/sites-enabled/ folder

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /home/pool/html;

    index index.html index.htm index.nginx-debian.html;

    server_name miningpool.gpuminers.hu;

    location / {

                 try_files $uri $uri/ =404;
      }
    location /api/ {
    proxy_pass http://127.0.0.1:4000/api/;
      }

   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/miningpool.gpuminers.hu/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/miningpool.gpuminers.hu/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

In the router, ports 80 and 443 are forwarded to the LAN IP address of the server. It's work perfectly.

Thank you but I never got to work I will just stick with http version

tjayz commented 10 months ago

I believe the hidden enemy most are unaware of is browser cache. Delete all browser cache for your yourdomain.com.

As others mentioned, in miningcore.js set Var api to https://yourdomain.com/api and webiste url to https://yourdomain.com/

If you try and access the site via localhost/127.0.0.1/ or local ip eq 192.168.0.10, it will not work, unless those are specifically referenced in the miningcore.js which would never work externally. It will only work by first accessing https://yourdomain.com. The trick is, once you have successfully viewed it on yourdomain.com, your browser cache will now allow you to view it from the local addresses mentioned above. While the one line directives mentioned above for proxy pass should work, I add a few more lines:

                location /api/ {

                        proxy_pass              http://127.0.0.1:4000;
                        proxy_redirect          off;
                        proxy_http_version      1.1;

                        proxy_hide_header       X-Frame-Options;
                        proxy_set_header        Host $host;
                        proxy_set_header        X-Real-IP $remote_addr;
                        proxy_set_header        X-Forwarded-For $proxy_add_x_for;                       
                        proxy_set_header        X-Forwarded-Proto https;
                        proxy_set_header        Upgrade $http_upgrade;
                        proxy_set_header        Connection "upgrade";

Also, if using nginx on linux, I find the sites-enabled default.conf etc can cause lots of problems if new to nginx. Simply access nginx.conf and comment the line out which enables those somewhere at the top and enter all your settings directly in nginx.conf.

b2d2dbone commented 8 months ago

I believe the hidden enemy most are unaware of is browser cache. Delete all browser cache for your yourdomain.com.

As others mentioned, in miningcore.js set Var api to https://yourdomain.com/api and webiste url to https://yourdomain.com/

If you try and access the site via localhost/127.0.0.1/ or local ip eq 192.168.0.10, it will not work, unless those are specifically referenced in the miningcore.js which would never work externally. It will only work by first accessing https://yourdomain.com. The trick is, once you have successfully viewed it on yourdomain.com, your browser cache will now allow you to view it from the local addresses mentioned above. While the one line directives mentioned above for proxy pass should work, I add a few more lines:

                location /api/ {

                        proxy_pass              http://127.0.0.1:4000;
                        proxy_redirect          off;
                        proxy_http_version      1.1;

                        proxy_hide_header       X-Frame-Options;
                        proxy_set_header        Host $host;
                        proxy_set_header        X-Real-IP $remote_addr;
                        proxy_set_header        X-Forwarded-For $proxy_add_x_for;                       
                        proxy_set_header        X-Forwarded-Proto https;
                        proxy_set_header        Upgrade $http_upgrade;
                        proxy_set_header        Connection "upgrade";

Also, if using nginx on linux, I find the sites-enabled default.conf etc can cause lots of problems if new to nginx. Simply access nginx.conf and comment the line out which enables those somewhere at the top and enter all your settings directly in nginx.conf.

Thank you very much what if am using subdomain "https://sub.domain.com is there anything else I need to config ?

lurchinms commented 8 months ago

you have to have proxy pass setup on your webserver

b2d2dbone commented 8 months ago

you have to have proxy pass setup on your webserver

I already tried never got to work I don't know what am missing I tried all the previous steps

ctayiz commented 2 weeks ago

Hi I have tried all the previous steps, but sadly my api is not running. When I try to open the site I always get ‘HTTP Error 403’ - ‘Access to ... was denied’

Does anyone have any solutions in the meantime? I can't find anything on the net either.

my config.json:

image

the server does not seem to be listening on port 4000 at all. I have minigcore running in a docker container.

Thanks.