Advise Lotus node engineers/users put lotus behind an NGINX server.
#239
Comments
|
This is fair. Do you happen to have a link to the Python-Django tutorial you're referencing.
This would be great. It'd have to come from the Lotus team initially. Is this something you've got experience with and/or could help out with? |
johnnymatthews
changed the title
lotus behind an NGINX server.
johnnymatthews
added
dif/hard
|
Here's the tutorial in question. Basically in every stage up until this, they're really aggressive about saying "don't open up your firewall to the wider internet until you complete this stage and use a real webserver!!" https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Deployment |
|
I think you could just do this- the example with the "local server" is relevant: https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ |
|
also apparently we should put lotus-gateway in front of lotus before nginx |
filecoin-project/lotus#7573
This issue was opened on lotus asking for HTTPS support on the API- the real solution is that documentation should make it exceedingly clear that the lotus API needs to go through Nginx for some DoS protection, HTTPS, and various other security features/niceties of a real production webserver.
The python-Django tutorial has good examples of the type of frequent warnings of « do not open ports directly into this service in production » that we might want to add, that was the first thing that came to mind.
we probably also want a tutorial somewhere of what to put in the nginx conf.
The text was updated successfully, but these errors were encountered: