d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f46bd213badc9d0ef9e7c0ce87e6f64dc262e70d
explorer-monorepo/deployment/common/nginx-rpc-api-key-gate.conf
defiQUG f46bd213ba refactor: rename SolaceScanScout to Solace and update related configurations 
- Updated branding from "SolaceScanScout" to "Solace" across various files including deployment scripts, API responses, and documentation.
- Changed default base URL for Playwright tests and updated security headers to reflect the new branding.
- Enhanced README and API documentation to include new authentication endpoints and product access details.

This refactor aligns the project branding and improves clarity in the API documentation.
2026-04-10 12:52:17 -07:00

57 lines
2.4 KiB
Plaintext
Raw Blame History

# Example nginx gate for API-key-protected RPC upstreams using the explorer access API.
# This pattern assumes the explorer config/API backend listens on 127.0.0.1:8081 and
# exposes GET /api/v1/access/internal/validate-key for nginx auth_request.
#
# Replace:
# - ACCESS_INTERNAL_SECRET_VALUE with a real shared secret
# - protected-rpc.example.org with the public host you are protecting
# - upstream IP:port with the actual RPC lane (e.g. 192.168.11.212:8545 or 192.168.11.217:8545)
#
# Clients should send the API key as:
# - X-API-Key: sk_live_...
# or
# - Authorization: Bearer sk_live_...
server {
listen 443 ssl http2;
server_name protected-rpc.example.org;
# Internal subrequest used by auth_request.
location = /__access_validate_rpc {
internal;
proxy_pass http://127.0.0.1:8081/api/v1/access/internal/validate-key;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Access-Internal-Secret "ACCESS_INTERNAL_SECRET_VALUE";
proxy_set_header X-API-Key $http_x_api_key;
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Access-Method $request_method;
proxy_set_header X-Access-Request-Count "1";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
auth_request /__access_validate_rpc;
# Optional metadata exported from the validator for logging or rate decisions.
auth_request_set $validated_product $upstream_http_x_validated_product;
auth_request_set $validated_tier $upstream_http_x_validated_tier;
auth_request_set $validated_scopes $upstream_http_x_validated_scopes;
auth_request_set $quota_remaining $upstream_http_x_quota_remaining;
proxy_pass http://192.168.11.217:8545;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Helpful for downstream logs and operational tracing.
proxy_set_header X-Validated-Product $validated_product;
proxy_set_header X-Validated-Tier $validated_tier;
proxy_set_header X-Validated-Scopes $validated_scopes;
proxy_set_header X-Quota-Remaining $quota_remaining;
}
}
Reference in New Issue View Git Blame Copy Permalink