HTTPS API !!!

[b2d2dbone]

Hi Xiaolin ))

I would really really appreciate it if you tell me how I can enable https I am so stuck been trying to make it work for couple of days
I already applied this "https://miguelabate.com/nginx-ssl-reverse-proxy/"
did not work I tried haproxy as well could not make it work

could you just copy past your configs !!

Thank you very much for your contribution to this project

[xiaolin1579]

[b2d2dbone]

Hi Xiaolin

The screenshot config is similar to mine I only get the websit url to https after installing ssl etc ...

but api still stating
Warning!
The pool is currently down for maintenance.

Please try again later.

meanwhile when I visit http the warning disappears and the pool api works

am on ubuntu 22.04

[b2d2dbone]

Could share your config .json api section perhaps am missing something there !!

[xiaolin1579]

Could share your config .json api section perhaps am missing something there !!

[b2d2dbone]

Hi Xiaolin

your NGINX config doesn't do ssl termination

it works only with the http protocol not tcp

see "oliverw#232"

some how there should be away to enable https on the api to make pool ui view pools on https pool link

[xiaolin1579]

Make sure your ip and api port are correct.
And don't forget to restart nginx every time the settings are changed.

[ghost]

Hi Xiaolin

your NGINX config doesn't do ssl termination

it works only with the http protocol not tcp

see "oliverw#232"

some how there should be away to enable https on the api to make pool ui view pools on https pool link

After the nginx settings, the api path must be rewritten in the webui "miningcore.js", and the port number must be omitted .
e.g.:
var API = "https://yourdomain/api/";

[lurchinms]

    "api": {
        "enabled": true,
        "listenAddress": "0.0.0.0",
        "port": 4000,
        "metricsIpWhitelist": ["127.0.0.1"],
        "adminIpWhitelist": ["127.0.0.1"],
        "rateLimiting": {
          "disabled": false,
          "rules": [
            {
              "Endpoint": "*",
              "Period": "1s",
              "Limit": 500
            }
          ],
          "ipWhitelist": ["127.0.0.1"]
        }
      },
      "nicehashClusterConfig": {
        "enableAutoDiff": true    
        },

[lurchinms]

That's how mine works

[b2d2dbone]

Hi Xiaolin
your NGINX config doesn't do ssl termination
it works only with the http protocol not tcp
see "oliverw#232"
some how there should be away to enable https on the api to make pool ui view pools on https pool link

After the nginx settings, the api path must be rewritten in the webui "miningcore.js", and the port number must be omitted . e.g.: var API = "https://yourdomain/api/";
Hi
does it make deference if I use var API = "https://subdomian.domain/api/"; ??

I did exactly what you suggested and it never works the only deference is that am using subdomain

[b2d2dbone]

    "api": {
        "enabled": true,
        "listenAddress": "0.0.0.0",
        "port": 4000,
        "metricsIpWhitelist": ["127.0.0.1"],
        "adminIpWhitelist": ["127.0.0.1"],
        "rateLimiting": {
          "disabled": false,
          "rules": [
            {
              "Endpoint": "*",
              "Period": "1s",
              "Limit": 500
            }
          ],
          "ipWhitelist": ["127.0.0.1"]
        }
      },
      "nicehashClusterConfig": {
        "enableAutoDiff": true    
        },

I'm using same configs I never got it to work every time I install ssl etc I got the pool maintenance massage

[ghost]

I'm using same configs I never got it to work every time I install ssl etc I got the pool maintenance massage

Only the api works on a subdomain, or the pool as well.
Some people use it, e.g. : pool url: https://domain and api is work on subdomain https://api.domain/api/
Where does the server work? VPS or own server on LAN?

[ghost]

My test pool work on lan and here the configurations:

(pool.json)

"api": {
"enabled": true,
"listenAddress": "0.0.0.0",
"port": 4000,
"metricsIpWhitelist": ["127.0.0.1"],
"adminIpWhitelist": ["127.0.0.1"],
"rateLimiting": {
"disabled": false,
"rules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 500
}
],
"ipWhitelist": ["127.0.0.1"]
}
},

(miningcore.js in web folder)

var WebURL = "https://miningpool.gpuminers.hu/";

var API = "https://miningpool.gpuminers.hu/api/";

---

and nginx config in etc/nginx/sites-enabled/ folder

server {
    listen 80 default_server;
    listen [::]:80 default_server;

   
    root /home/pool/html;

    index index.html index.htm index.nginx-debian.html;

    server_name miningpool.gpuminers.hu;

    location / {
            
                 try_files $uri $uri/ =404;
    	}
    location /api/ {
    proxy_pass http://127.0.0.1:4000/api/;
		}
	


   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/miningpool.gpuminers.hu/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/miningpool.gpuminers.hu/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

In the router, ports 80 and 443 are forwarded to the LAN IP address of the server. It's work perfectly.

[b2d2dbone]

My test pool work on lan and here the configurations:

(pool.json)

"api": {

"enabled": true,
"listenAddress": "0.0.0.0",
"port": 4000,
"metricsIpWhitelist": ["127.0.0.1"],
"adminIpWhitelist": ["127.0.0.1"],
"rateLimiting": {
"disabled": false,
"rules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 500
}
],
"ipWhitelist": ["127.0.0.1"]
}
},
(miningcore.js in web folder)

var WebURL = "https://miningpool.gpuminers.hu/";

var API = "https://miningpool.gpuminers.hu/api/";

and nginx config in etc/nginx/sites-enabled/ folder

server {
    listen 80 default_server;
    listen [::]:80 default_server;

   
    root /home/pool/html;

    index index.html index.htm index.nginx-debian.html;

    server_name miningpool.gpuminers.hu;

    location / {
            
                 try_files $uri $uri/ =404;
    	}
    location /api/ {
    proxy_pass http://127.0.0.1:4000/api/;
		}
	


   listen [::]:443 ssl ipv6only=on; # managed by Certbot
   listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/miningpool.gpuminers.hu/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/miningpool.gpuminers.hu/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

In the router, ports 80 and 443 are forwarded to the LAN IP address of the server. It's work perfectly.

Thank you but I never got to work I will just stick with http version

[tjayz]

I believe the hidden enemy most are unaware of is browser cache. Delete all browser cache for your yourdomain.com.

As others mentioned, in miningcore.js set Var api to https://yourdomain.com/api and webiste url to https://yourdomain.com/

If you try and access the site via localhost/127.0.0.1/ or local ip eq 192.168.0.10, it will not work, unless those are specifically referenced in the miningcore.js which would never work externally. It will only work by first accessing https://yourdomain.com. The trick is, once you have successfully viewed it on yourdomain.com, your browser cache will now allow you to view it from the local addresses mentioned above. While the one line directives mentioned above for proxy pass should work, I add a few more lines:

                location /api/ {

                        proxy_pass              http://127.0.0.1:4000;
                        proxy_redirect          off;
                        proxy_http_version      1.1;
                  
                        proxy_hide_header       X-Frame-Options;
                        proxy_set_header        Host $host;
                        proxy_set_header        X-Real-IP $remote_addr;
                        proxy_set_header        X-Forwarded-For $proxy_add_x_for;                       
                        proxy_set_header        X-Forwarded-Proto https;
                        proxy_set_header        Upgrade $http_upgrade;
                        proxy_set_header        Connection "upgrade";

Also, if using nginx on linux, I find the sites-enabled default.conf etc can cause lots of problems if new to nginx. Simply access nginx.conf and comment the line out which enables those somewhere at the top and enter all your settings directly in nginx.conf.

[b2d2dbone]

I believe the hidden enemy most are unaware of is browser cache. Delete all browser cache for your yourdomain.com.

As others mentioned, in miningcore.js set Var api to https://yourdomain.com/api and webiste url to https://yourdomain.com/

If you try and access the site via localhost/127.0.0.1/ or local ip eq 192.168.0.10, it will not work, unless those are specifically referenced in the miningcore.js which would never work externally. It will only work by first accessing https://yourdomain.com. The trick is, once you have successfully viewed it on yourdomain.com, your browser cache will now allow you to view it from the local addresses mentioned above. While the one line directives mentioned above for proxy pass should work, I add a few more lines:

                location /api/ {

                        proxy_pass              http://127.0.0.1:4000;
                        proxy_redirect          off;
                        proxy_http_version      1.1;
                  
                        proxy_hide_header       X-Frame-Options;
                        proxy_set_header        Host $host;
                        proxy_set_header        X-Real-IP $remote_addr;
                        proxy_set_header        X-Forwarded-For $proxy_add_x_for;                       
                        proxy_set_header        X-Forwarded-Proto https;
                        proxy_set_header        Upgrade $http_upgrade;
                        proxy_set_header        Connection "upgrade";

Also, if using nginx on linux, I find the sites-enabled default.conf etc can cause lots of problems if new to nginx. Simply access nginx.conf and comment the line out which enables those somewhere at the top and enter all your settings directly in nginx.conf.

Thank you very much
what if am using subdomain "https://sub.domain.com is there anything else I need to config ?

[lurchinms]

you have to have proxy pass setup on your webserver

[b2d2dbone]

you have to have proxy pass setup on your webserver

I already tried never got to work I don't know what am missing I tried all the previous steps

[ctayiz]

Hi
I have tried all the previous steps, but sadly my api is not running.
When I try to open the site I always get ‘HTTP Error 403’ - ‘Access to ... was denied’

Does anyone have any solutions in the meantime? I can't find anything on the net either.

my config.json:

the server does not seem to be listening on port 4000 at all.
I have minigcore running in a docker container.

Thanks.