search

oliverw / miningcore

Miningcore is a high-performance Mining Pool Software for Linux and Windows.
https://store.miningcore.pro
MIT License
717 stars 662 forks source link

NGINX problems #1717

Closed xmr-dev closed 11 months ago

xmr-dev commented 11 months ago

I would love to chat with someone with knowledge about nginx, I'm having a pretty hard time creating a nginx file for miningcore. The 2 challenges I face:

  1. the API is http only, there needs to be a redirect from HTTP to the VPS on port 4000 (or whatever has been set)
  2. miningcore doesn't start when nginx is enabled.

I'm sure I will figure this out eventually but I would rather chat with someone.

The outcome will be updated in the readme so others won't get stuck on this. I do already have a nginx config: server { listen 4000 ssl default_server; server_name www.;

    ssl_certificate /root/certificates/<my-domain>/certificate.crt;
    ssl_certificate_key /root/certificates/<my-domain>/private.key;

    location / {
        rewrite ^(.*)$  https://$host/$1 permanent;
    }

}

server { listen 443 ssl; server_name www.;

    ssl_certificate /root/certificates/<my-domain>/certificate.crt;
    ssl_certificate_key /root/certificates/<my-domain>/private.key;

    location / {
        proxy_pass http://localhost:4000/api/pools; #for now hardcoded but should be $request_uri
        add_header Access-Control-Allow-Origin *;
}

}

My discord username: knowledgeable_007 (ironic right ;))

wombatlabs commented 11 months ago

@xmr-dev Here's an example nginx file:

upstream api {
    server 127.0.0.1:4000;
}
server {
    listen 80;
    listen [::]:80;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name DOMAIN_NAME_HERE;

    location / {
        try_files $uri $uri/ =404;
    }

        location /api {
                 proxy_pass http://api;
       }

}

Then replace DOMAIN_NAME_HERE with your domain name and setup SSL with certbot.

FOR Ubuntu 20.04+:

sudo apt-get install certbot -y
sudo apt-get update
sudo apt-get install python3-certbot-nginx -y

Then run this with your domain name and follow the steps:

sudo certbot --nginx -d YOUR_DOMAIN_HERE
xmr-dev commented 11 months ago

The certificates are installed but I'm still unable to do a api call The page at 'https://DOMAIN_NAME/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://VPS_IP:4000/api/pools'. This request has been blocked; the content must be served over HTTPS.

After editing the API call to https I got the following error net::ERR_CONNECTION_REFUSED there are no error in the error logs

xmr-dev commented 11 months ago

@wombatlabs are you sure this is the correct solution? Did you do this yourself or read it somewhere? There should not be pfx file config in the coins config?

wombatlabs commented 11 months ago

Yes, I have set up the pool with SSL many times. When you ran certbot, did you set up auto-redirect to https?

xmr-dev commented 11 months ago

@wombatlabs I just followed you're instructions on the command line, when I enter http://domain_name then I'm redirected to https so I assume it's correct. Are you're api calls made with http://domain_name/api/pools or https://domain_name/api/pools? My nginx file looks like this 

upstream api {
    server 127.0.0.1:4000;
}

server {
        listen 80;
        listen [::]:80;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name domain_name.com www.domain_name.com;

        location / {
                try_files $uri $uri/ =404;
        }

        location /api {
                 proxy_pass http://api;
       }

}

server {
        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name domain_name.com www.domain_name.com;

        location / {
                try_files $uri $uri/ =404;
        }

        location /api {
            proxy_pass http://api;
        }

       listen [::]:443 ssl ipv6only=on; # managed by Certbot
       listen 443 ssl; # managed by Certbot
       ssl_certificate /etc/letsencrypt/live/domain_name.com/fullchain.pem; # managed by Certbot
       ssl_certificate_key /etc/letsencrypt/live/domain_name.com/privkey.pem; # managed by Certbot
       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Is your config for ssl disabled in the miningcore config?

wombatlabs commented 11 months ago

API calls are made with HTTPS.

Here's an example miningcore config.json:

{
    "logging": {
      "level": "info",
      "enableConsoleLog": true,
      "enableConsoleColors": true,
      "logFile": "pool-logs.log",
      "apiLogFile": "api-logs.log",
      "logBaseDirectory": "~/.pool-logs/",
      "perPoolLogFile": true
    },
    "banning": {
      "manager": "Integrated",
      "banOnJunkReceive": true,
      "banOnInvalidShares": true
    },
    "notifications": {
      "enabled": false,
      "email": {
        "host": "smtp.example.com",
        "port": 587,
        "user": "user",
        "password": "password",
        "fromAddress": "info@yourpool.org",
        "fromName": "pool support"
      },
      "admin": {
        "enabled": false,
        "emailAddress": "user@example.com",
        "notifyBlockFound": true
      }
    },
    "persistence": {
      "postgres": {
        "host": "127.0.0.1",
        "port": 5432,
        "user": "miningcore",
        "password": "YOUR_PASS",
        "database": "miningcore"
      }
    },
    "paymentProcessing": {
      "enabled": true,
      "interval": 600,
      "shareRecoveryFile": "recovered-shares.txt"
    },
    "api": {
      "enabled": true,
      "listenAddress": "*",
      "port": 4000,
      "metricsIpWhitelist": [],
      "rateLimiting": {
        "disabled": true,
        "rules": [
          {
            "Endpoint": "*",
            "Period": "1s",
            "Limit": 5
          }
        ],
        "ipWhitelist": [
          ""
        ]
      }
    },
    "pools": [
      {
        "id": "etc",
        "enabled": true,
        "coin": "ethereumclassic",
        "address": "POOL_WALLET",
        "rewardRecipients": [
          {
            "type": "op",
            "address": "FEE_WALLET",
            "percentage": 1.0
          }
        ],
        "blockRefreshInterval": 120,
        "clientConnectionTimeout": 600,
        "banning": {
          "enabled": true,
          "time": 600,
          "invalidPercent": 50,
          "checkThreshold": 50
        },
        "ports": {
          "4042": {
            "name": "GPU-SMALL",
            "listenAddress": "*",
            "difficulty": 0.1,
            "varDiff": {
              "minDiff": 0.1,
              "maxDiff": null,
              "targetTime": 15,
              "retargetTime": 90,
              "variancePercent": 30
            }
          },
          "4043": {
            "name": "NiceHash",
            "listenAddress": "*",
            "difficulty": 2,
            "varDiff": {
              "minDiff": 2,
              "maxDiff": null,
              "targetTime": 15,
              "retargetTime": 90,
              "variancePercent": 30
            }
          }
        },
        "chainTypeOverride": "Classic",
        "dagDir": "/root/.etchash",
        "daemons": [
          {
            "host": "127.0.0.1",
            "port": 8545,
            "user": "",
            "password": ""
          }
        ],
        "paymentProcessing": {
          "enabled": true,
          "minimumPayment": 0.1,
          "payoutScheme": "SOLO",
          "payoutSchemeConfig": {
            "factor": 0.5
          },
          "gas": 21000,
          "maxFeePerGas": 50000000000,
          "BlockSearchOffset": 100,
          "keepUncles": false,
          "keepTransactionFees": true
        }
      }
    ]
  }
xmr-dev commented 11 months ago

Yeah my config file is same (for the api part), you posted your nginx example file but where are the ssl certificates? certbot should handle those certificate in the nginx config file right?

MiningCryptoLive commented 11 months ago

When you run sudo certbot --nginx -d your.domain the certificates are created and added to your nginx config. The certificates are located in /etc/letsencrypt/live/ your.domain

wombatlabs commented 11 months ago

It should look similar to this:

upstream api {
    server 127.0.0.1:4000;
}
server {

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name domain.tld;

    location / {
        try_files $uri $uri/ =404;
    }

    location /api {
                proxy_pass http://api;
    }

        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
        if ($host = domain.tld) {
            return 301 https://$host$request_uri;
        } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name domain.tld;
        return 404; # managed by Certbot

}
xmr-dev commented 11 months ago

When you run sudo certbot --nginx -d your.domain the certificates are created and added to your nginx config. The certificates are located in /etc/letsencrypt/live/ your.domain

My certificates are created and there are located in /etc/letsencrypt/live The www domain is also created

MiningCryptoLive commented 11 months ago

Ok. So what are you having a problem with?

xmr-dev commented 11 months ago

Ok. So what are you having a problem with?

I'm still unable to use the api on my domain. The console is giving the following errors Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR

The website has a valid ssl certificate according to my browser I have tried the nginx config file @wombatlabs but I'm still unable to use the api

MiningCryptoLive commented 11 months ago

What does your config file look like. Sounds like something isn’t correct in the file

On Thu, Sep 21, 2023 at 3:16 PM Peter @.***> wrote:

Ok. So what are you having a problem with?

I'm still unable to use the api on my domain. The console is giving the following errors Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR

— Reply to this email directly, view it on GitHub https://github.com/oliverw/miningcore/issues/1717#issuecomment-1730157236, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIAKRQQEZMF47NE73H4KLLX3SG7BANCNFSM6AAAAAA44NXGWU . You are receiving this because you commented.Message ID: @.***>

xmr-dev commented 11 months ago

What does your config file look like. Sounds like something isn’t correct in the file On Thu, Sep 21, 2023 at 3:16 PM Peter @.> wrote: Ok. So what are you having a problem with? I'm still unable to use the api on my domain. The console is giving the following errors Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR — Reply to this email directly, view it on GitHub <#1717 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIAKRQQEZMF47NE73H4KLLX3SG7BANCNFSM6AAAAAA44NXGWU . You are receiving this because you commented.Message ID: @.>

upstream api {
    server 127.0.0.1:4000;
}
server {

    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name pool4mining.com www.pool4mining.com;

    location / {
        try_files $uri $uri/ =404;
    }

    location /api {
                proxy_pass http://api;
    }

        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/pool4mining.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/pool4mining.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
        if ($host = domain.tld) {
            return 301 https://$host$request_uri;
        } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name pool4mining.com www.pool4mining.com;
        return 404; # managed by Certbot

}
MiningCryptoLive commented 11 months ago

O looked at the domain and the api works if you go to pool4mining.com/api/pools and it lists the configuration for each coin. So you have the wrong api information in the frontend config. in miningcore-ui.js file you need to set the api : var API = 'https://pool4mining.com/api/';

xmr-dev commented 11 months ago

You are my hero!! Thanks a lot, @MiningCryptoLive and @wombatlabs