fix: add health RPC handler, Nostr connect timeouts, atomic backup restore, nginx rate limits
- R1: Add health RPC endpoint with crash recovery status, uptime, and version - R2: Wrap all 5 Nostr client.connect() calls in 10s timeout - R3: Make backup restore atomic with staging dir and rollback on failure - I1: Add rate limiting, body size, and proxy timeouts to unauthenticated nginx endpoints Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
# Rate limit zones
|
||||
limit_req_zone $binary_remote_addr zone=rpc:10m rate=20r/s;
|
||||
limit_req_zone $binary_remote_addr zone=auth:10m rate=3r/s;
|
||||
limit_req_zone $binary_remote_addr zone=peer:10m rate=10r/s;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
@@ -114,12 +115,17 @@ server {
|
||||
|
||||
# Peer-to-peer node messaging (receives from other nodes over Tor)
|
||||
location /archipelago/ {
|
||||
limit_req zone=peer burst=20 nodelay;
|
||||
client_max_body_size 10m;
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_pass http://127.0.0.1:5678;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
}
|
||||
|
||||
|
||||
# Proxy API requests to backend
|
||||
location /rpc/ {
|
||||
limit_req zone=rpc burst=40 nodelay;
|
||||
@@ -165,6 +171,11 @@ server {
|
||||
|
||||
# Content sharing — peer access over Tor (no auth)
|
||||
location /content {
|
||||
limit_req zone=peer burst=20 nodelay;
|
||||
client_max_body_size 10m;
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_pass http://127.0.0.1:5678;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
@@ -173,6 +184,11 @@ server {
|
||||
|
||||
# DWN endpoints — peer access over Tor (no auth)
|
||||
location /dwn {
|
||||
limit_req zone=peer burst=20 nodelay;
|
||||
client_max_body_size 10m;
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_pass http://127.0.0.1:5678;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
@@ -790,6 +806,11 @@ server {
|
||||
}
|
||||
|
||||
location /archipelago/ {
|
||||
limit_req zone=peer burst=20 nodelay;
|
||||
client_max_body_size 10m;
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_pass http://127.0.0.1:5678;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
@@ -821,6 +842,11 @@ server {
|
||||
|
||||
# Content sharing — peer access over Tor (no auth)
|
||||
location /content {
|
||||
limit_req zone=peer burst=20 nodelay;
|
||||
client_max_body_size 10m;
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_pass http://127.0.0.1:5678;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
@@ -829,6 +855,11 @@ server {
|
||||
|
||||
# DWN endpoints — peer access over Tor (no auth)
|
||||
location /dwn {
|
||||
limit_req zone=peer burst=20 nodelay;
|
||||
client_max_body_size 10m;
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_send_timeout 30s;
|
||||
proxy_pass http://127.0.0.1:5678;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
Reference in New Issue
Block a user