Technical Guide: Protecting Miners' Endpoints with NGINX

Introduction

This guide aims to provide miners with technical instructions for setting up NGINX as a reverse proxy to enhance the security of their endpoints against DDoS (Distributed Denial of Service) attacks. By leveraging NGINX's capabilities, miners can filter unwanted traffic and ensure that their operations remain resilient under pressure.

System Requirements

• Operating System: Ubuntu 22.04+
• Ports: The following ports will be used:
  • 6002: Internal port for miner communication
  • 6003: Communication within the data center
  • 23001: External communication with the internet

Installation of NGINX and Required Packages

Begin by installing NGINX and its extras package, which includes additional modules necessary for enhanced functionality.

sudo apt install nginx nginx-extras -y

Directory Setup for Proxy Caching

Create the necessary directories for NGINX proxy caching and set appropriate permissions to avoid access issues.

sudo mkdir -p /var/lib/nginx/proxy/
sudo chown -R www-data:www-data /var/lib/nginx/proxy/
sudo chmod -R 755 /var/lib/nginx/proxy/

NGINX Configuration

Main Configuration File: /etc/nginx/nginx.conf

The main NGINX configuration file controls global settings and includes various modules.

# /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
}

http {
    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    underscores_in_headers on;

    # Logging Settings
    log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for" '
                     'Header-Axon-IP: "$http_bt_header_axon_ip" '
                     'Header-Axon-Port: "$http_bt_header_axon_port" '
                     'Header-Dendrite-IP: "$http_bt_header_dendrite_ip" '
                     'Header-Dendrite-Version: "$http_bt_header_dendrite_version" '
                     'Header-Dendrite-Nonce: "$http_bt_header_dendrite_nonce" '
                     'Header-Dendrite-UUID: "$http_bt_header_dendrite_uuid" '
                     'Header-Dendrite-Hotkey: "$http_bt_header_dendrite_hotkey" '
                     'Header-Dendrite-Signature: "$http_bt_header_dendrite_signature"';

    access_log /var/log/nginx/debug_requests.log custom;

    # Virtual Host Configs
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

Site-Specific Configuration: /etc/nginx/conf.d/bt.conf

This configuration file defines how NGINX will handle requests for specific routes.