add nginx

host/host.sh

@@ -201,6 +201,10 @@ echo "    \"rpcURL\": \"http://$myIpAddr:18545\""    >> ./explorer/config.json
 echo "}"  >> ./explorer/config.json
 
 
+sed "s/EXPORT_IP/$myIpAddr/g" ./nginx/conf.d/ethnode.conf.temp > /tmp/ethnode.conf.a
+sed "s/LOCAL_IP/$connectedSentryIp/g" /tmp/ethnode.conf.a > ./nginx/conf.d/ethnode.conf
+rm -f /tmp/ethnode.conf.a
+
 # net config
 for i in $(seq 1 $N)
 do
@@ -501,7 +505,7 @@ echo "  ring:"                                           >> $composefile
 echo "    image: caduceus/cmp2-test-net-meta-ring:v0.0.7-25"         >> $composefile
 echo "    container_name: ring"                         >> $composefile
 #echo "    entrypoint: sh -c 'echo "+"ring"+" && sleep 10 && ringd start  --ethconfig.httphost  0.0.0.0 --mempool.sentryurl  sentry:38003   --mempool.nebulaurl nebula:38004  --mempool.p2purl  net:38010  --mempool.cryptourl  cryptor:38001  --mempool.checkerurl txchecker:38002   --mempool.writeunreadytxs=false   --mempool.writerepeatedmsg=false     --mempool.batchconfirminittimeout=60   --mempool.batchconfirmtimeouti=1.5 --mempool.batchrepeatedqueuesize=0' "       >> $composefile
-echo "    entrypoint: sh -c 'echo "+"ring"+" && sleep 100 && ringd start  --ethconfig.httphost  0.0.0.0 --mempool.sentryurl  sentry:38003   --mempool.nebulaurl nebula:38004  --mempool.p2purl  net:38010  --mempool.cryptourl  cryptor:38001  --mempool.checkerurl txchecker:38002   --mempool.writeunreadytxs=false   --mempool.writerepeatedmsg=false     --mempool.batchconfirminittimeout=600   --mempool.batchconfirmtimeouti=1.5 --mempool.batchrepeatedqueuesize=0  --mempool.batchconfirmenable=false    --rpconfig.async=true >>/data/log 2>&1 ' "       >> $composefile
+echo "    entrypoint: sh -c 'echo "+"ring"+" && sleep 50 && ringd start  --ethconfig.httphost  0.0.0.0 --mempool.sentryurl  sentry:38003   --mempool.nebulaurl nebula:38004  --mempool.p2purl  net:38010  --mempool.cryptourl  cryptor:38001  --mempool.checkerurl txchecker:38002   --mempool.writeunreadytxs=false   --mempool.writerepeatedmsg=false     --mempool.batchconfirminittimeout=600   --mempool.batchconfirmtimeouti=1.5 --mempool.batchrepeatedqueuesize=0  --mempool.batchconfirmenable=false    --rpconfig.async=true >>/data/log 2>&1 ' "       >> $composefile
 echo "    volumes:"                                      >> $composefile
 echo "      - "$datadir"/ring/:/data"                        >> $composefile
 echo "    depends_on:"                                   >> $composefile
@@ -510,7 +514,7 @@ echo "      - net"                                       >> $composefile
 echo "      - sentry"                                    >> $composefile
 echo "$resourcering"                                     >> $composefile
 echo "    ports:"                                        >> $composefile
-echo "      - $((18545)):8545"                           >> $composefile
+echo "      - $((28545)):8545"                           >> $composefile
 echo "      - $((5001)):5001"                            >> $composefile
 echo "      - $((38020)):38020"                          >> $composefile
 echo "      - $((6060)):6060"                            >> $composefile  
@@ -523,7 +527,7 @@ echo "  explorer:"                                           >> $composefile
 echo "    image: caduceus/cmp2-node-explorer:v0.0.15"         >> $composefile
 echo "    container_name: explorer"                          >> $composefile
 echo "    ports:"                                            >> $composefile
-echo "      - $((80)):80"                                    >> $composefile
+echo "      - $((10080)):80"                                    >> $composefile
 
 echo "    volumes:"                                           >> $composefile  
 echo "      - ./explorer:/usr/share/nginx/html/config"         >> $composefile   
@@ -571,6 +575,19 @@ echo "    depends_on:"                                                        >>
 echo "      - cadvisor"                                                       >> $composefile
 echo "    networks:"                                                          >> $composefile
 echo "      - meta"                                                           >> $composefile
+
+echo "  openresty:"                                        >> $composefile
+echo "    image: openresty/openresty"                    >> $composefile
+echo "    container_name: openresty"                       >> $composefile
+echo "    ports:"                                           >> $composefile
+echo "      - \"80:80\""                                >> $composefile
+echo "      - \"18545:18545\""                                >> $composefile
+echo "    volumes:"                                                           >> $composefile
+echo "      - ./nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf"  >> $composefile
+echo "      - ./nginx/conf.d:/etc/nginx/conf.d"                                 >> $composefile
+echo "    networks:"                                                          >> $composefile
+echo "      - meta"                                                           >> $composefile
+
 echo "networks:"                                                              >> $composefile
 echo "  meta:"                                                                >> $composefile
 echo "    driver: bridge"                                                     >> $composefile
@@ -581,17 +598,5 @@ echo "        - subnet: 172.99.0.0/16"                                        >>
 
 
 
-
-
 done 
 
-
-
-
-
-
-
-
-
-
-

host/nginx/conf.d/ethnode.conf

+server {
+        listen 18545;
+        server_name 13.213.12.100 ;
+
+	location / {
+		if ($request_method = 'OPTIONS') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    			add_header 'Access-Control-Max-Age' 1728000;
+    			return 204;
+    		}
+    		if ($request_method = 'POST') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    		}
+    		if ($request_method = 'GET') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    		}
+		proxy_set_header Host $host:$server_port;
+		proxy_pass http://172.31.42.138:28545;
+	}
+
+}
+
+server {
+        listen 80;
+        server_name REMOTE_IP;
+
+	location / {
+		if ($request_method = 'OPTIONS') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    			add_header 'Access-Control-Max-Age' 1728000;
+    			return 204;
+    		}
+    		if ($request_method = 'POST') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    		}
+    		if ($request_method = 'GET') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    		}
+		proxy_set_header Host $host:$server_port;
+		proxy_pass http://172.31.42.138:10080;
+	}
+
+}

host/nginx/conf.d/ethnode.conf.temp

+server {
+        listen 18545;
+        server_name EXPORT_IP ;
+
+	location / {
+		if ($request_method = 'OPTIONS') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    			add_header 'Access-Control-Max-Age' 1728000;
+    			return 204;
+    		}
+    		if ($request_method = 'POST') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    		}
+    		if ($request_method = 'GET') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    		}
+		proxy_set_header Host $host:$server_port;
+		proxy_pass http://LOCAL_IP:28545;
+	}
+
+}
+
+server {
+        listen 80;
+        server_name REMOTE_IP;
+
+	location / {
+		if ($request_method = 'OPTIONS') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    			add_header 'Access-Control-Max-Age' 1728000;
+    			return 204;
+    		}
+    		if ($request_method = 'POST') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    		}
+    		if ($request_method = 'GET') {
+    			add_header 'Access-Control-Allow-Origin' '*';
+    			add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    			add_header 'Access-Control-Allow-Headers' '*';
+    		}
+		proxy_set_header Host $host:$server_port;
+		proxy_pass http://LOCAL_IP:10080;
+	}
+
+}

host/nginx/nginx.conf

+# cat nginx.conf
+# nginx.conf  --  docker-openresty
+#
+# This file is installed to:
+#   `/usr/local/openresty/nginx/conf/nginx.conf`
+# and is the file loaded by nginx at startup,
+# unless the user specifies otherwise.
+#
+# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
+# section and adds this directive:
+#     `include /etc/nginx/conf.d/*.conf;`
+#
+# The `docker-openresty` file `nginx.vh.default.conf` is copied to
+# `/etc/nginx/conf.d/default.conf`.  It contains the `server section
+# of the upstream `nginx.conf`.
+#
+# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
+#
+
+#user  nobody;
+
+worker_processes  4;
+worker_rlimit_nofile 65535;
+#error_log  /var/log/nginx/error.log warn;
+#pid        /var/run/nginx.pid;
+
+
+events {
+    
+    #设置网路连接序列化，防止惊群现象发生，默认为on
+    accept_mutex on;
+
+    #设置一个进程是否同时接受多个网络连接，默认为off
+    multi_accept on;  
+    
+    #事件驱动模型，select|poll|kqueue|epoll|resig|/dev/poll|eventport 
+    use epoll;
+    
+    worker_connections  65535;
+}
+
+
+http {
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+    #限制请求
+    limit_req_zone $binary_remote_addr zone=api_read:20m rate=10r/s;
+    #limit_req_zone $uri zone=api_read:20m rate=100r/s;
+    #按ip配置一个连接 zone
+    limit_conn_zone $binary_remote_addr zone=perip_conn:10m;
+    #按server配置一个连接 zone
+    limit_conn_zone $server_name zone=perserver_conn:100m;
+    
+    #指定在当前文件中包含另一个文件的指令
+    include       mime.types;   
+    #指定默认处理的文件类型可以是二进制
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    
+    #混淆数据，影响三列冲突率，值越大消耗内存越多，散列key冲突率会降低，检索速度更快；值越小key，占用内存较少，冲突率越高，检索速度变慢
+    types_hash_max_size 2048;
+    
+    charset        utf-8;     
+    
+    #取消服务日志
+    #access_log off;
+    #access_log  /var/log/nginx/access.log  main;
+    
+    #每个进程每次调用传输数量不能大于设定的值，默认为0，即不设上限。
+    sendfile_max_chunk 51200m;
+    
+    sendfile        on;
+
+    #单连接请求上限次数。
+    keepalive_requests 1200;
+    
+    #让nginx在一个数据包中发送所有的头文件，而不是一个一个单独发
+    tcp_nopush     on;
+    
+    #nginx不要缓存数据，而是一段一段发送，如果数据的传输有实时性的要求的话可以配置它，发送完一小段数据就立刻能得到返回值，但是不要滥用
+    #tcp_nodelay on;
+
+    #设置请求头的超时时间
+    #client_header_timeout 10;
+    
+    #设置请求体的超时时间
+    #client_body_timeout 10;
+     
+    #指定客户端响应超时时间，如果客户端两次操作间隔超过这个时间，服务器就会关闭这个链接
+    #send_timeout 10;
+
+    #设置用于保存各种key的共享内存的参数
+    #limit_conn_zone $binary_remote_addr zone=addr:5m;
+
+    #给定的key设置最大连接数
+    #limit_conn addr 100
+    
+    #虽然不会让nginx执行速度更快，但是可以在错误页面关闭nginx版本提示，对于网站安全性的提升有好处
+    #server_tokens
+    
+    # SSL证书配置
+    #指令用于启动特定的加密协议，nginx在1.1.13和1.0.12版本后默认是ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2，TLSv1.1与TLSv1.2要确保OpenSSL >= 1.0.1 
+    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+    
+    #设置协商加密算法时，优先使用我们服务端的加密套件，而不是客户端浏览器的加密套件
+    #ssl_prefer_server_ciphers on;
+    
+    #给客户端分配连接超时时间，服务器会在这个时间过后关闭连接。一般设置时间较短，可以让nginx工作持续性更好    
+    keepalive_timeout  65;
+
+    # Gzip 压缩配置
+    gzip on;
+    
+   #gzip_disable "msie6";
+    
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    client_body_temp_path /var/run/openresty/nginx-client-body;
+    proxy_temp_path       /var/run/openresty/nginx-proxy;
+    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
+    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
+    scgi_temp_path        /var/run/openresty/nginx-scgi;
+    include /etc/nginx/conf.d/*.conf;
+}