chore: sync submodule state (parent ref update)

Made-with: Cursor
2026-03-02 12:14:13 -08:00
parent 43a7b88e2a
commit 041fae1574
223 changed files with 12940 additions and 11756 deletions
--- a/scripts/fix-nginx-conflicts-vmid5000.sh
+++ b/scripts/fix-nginx-conflicts-vmid5000.sh
@@ -42,7 +42,7 @@ echo "=== Step 5: Creating Clean Configuration ==="
 CONFIG_FILE="/etc/nginx/sites-available/blockscout"

 cat > "$CONFIG_FILE" << 'EOF'
-# HTTP server - redirect to HTTPS
+# HTTP server - redirect to HTTPS only when not already behind HTTPS proxy (avoids ERR_TOO_MANY_REDIRECTS when NPMplus forwards to :80)
 server {
    listen 80;
    listen [::]:80;
@@ -54,9 +54,28 @@ server {
        try_files $uri =404;
    }

-    # Redirect all other HTTP to HTTPS
+    # When NPMplus (or similar) forwards HTTPS traffic to this port as HTTP, do NOT redirect back to HTTPS (avoids ERR_TOO_MANY_REDIRECTS)
+    set $redirect_to_https 1;
+    if ($http_x_forwarded_proto = "https") { set $redirect_to_https 0; }
+    if ($http_x_forwarded_proto = "HTTPS") { set $redirect_to_https 0; }
+
+    location /snap/ {
+        alias /var/www/html/snap/;
+        try_files $uri $uri/ /snap/index.html =404;
+        add_header Cache-Control "no-store, no-cache, must-revalidate";
+    }
+    location = /snap { rewrite ^ /snap/ last; }
+
    location / {
-        return 301 https://$host$request_uri;
+        if ($redirect_to_https = 1) { return 301 https://$host$request_uri; }
+        proxy_pass http://127.0.0.1:4000;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 75s;
    }
 }

@@ -66,16 +85,9 @@ server {
    listen [::]:443 ssl http2;
    server_name explorer.d-bis.org 192.168.11.140;

-    # SSL configuration (if certificates exist)
+    # SSL configuration (nginx does not allow ssl_certificate inside if; use Let's Encrypt or self-signed)
    ssl_certificate /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/explorer.d-bis.org/privkey.pem;
-    
-    # Fallback to self-signed if Let's Encrypt not available
-    if (!-f /etc/letsencrypt/live/explorer.d-bis.org/fullchain.pem) {
-        ssl_certificate /etc/nginx/ssl/blockscout.crt;
-        ssl_certificate_key /etc/nginx/ssl/blockscout.key;
-    }
-    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers off;
@@ -92,6 +104,14 @@ server {
    access_log /var/log/nginx/blockscout-access.log;
    error_log /var/log/nginx/blockscout-error.log;

+    # Chain 138 MetaMask Snap companion (serve from disk; do not proxy to Blockscout)
+    location = /snap { rewrite ^ /snap/ last; }
+    location /snap/ {
+        alias /var/www/html/snap/;
+        try_files $uri $uri/ /snap/index.html =404;
+        add_header Cache-Control "no-store, no-cache, must-revalidate";
+    }
+
    # Blockscout Explorer endpoint - proxy to Blockscout
    location / {
        proxy_pass http://127.0.0.1:4000;
@@ -109,6 +129,33 @@ server {
        proxy_connect_timeout 75s;
    }

+    # Token-aggregation API at /api/v1/ (Chain 138 Snap: market data, swap quote, bridge). Service runs on port 3001.
+    location /api/v1/ {
+        proxy_pass http://127.0.0.1:3001/api/v1/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 60s;
+        add_header Access-Control-Allow-Origin *;
+    }
+
+    # Explorer config API (token list, networks) - serve from /var/www/html/config/
+    # Deploy files with: ./scripts/deploy-explorer-config-to-vmid5000.sh
+    location = /api/config/token-list {
+        default_type application/json;
+        add_header Access-Control-Allow-Origin *;
+        add_header Cache-Control "public, max-age=3600";
+        alias /var/www/html/config/DUAL_CHAIN_TOKEN_LIST.tokenlist.json;
+    }
+    location = /api/config/networks {
+        default_type application/json;
+        add_header Access-Control-Allow-Origin *;
+        add_header Cache-Control "public, max-age=3600";
+        alias /var/www/html/config/DUAL_CHAIN_NETWORKS.json;
+    }
+
    # API endpoint (for Blockscout API)
    location /api/ {
        proxy_pass http://127.0.0.1:4000;
@@ -143,6 +190,16 @@ EOF
 echo "✅ Clean configuration created: $CONFIG_FILE"
 echo ""

+# Step 5.5: Ensure config directory exists for /api/config/token-list and /api/config/networks
+echo "=== Step 5.5: Config Directory for Token List ==="
+mkdir -p /var/www/html/config
+if [ -f "/var/www/html/config/DUAL_CHAIN_TOKEN_LIST.tokenlist.json" ]; then
+  echo "Config files already present in /var/www/html/config/"
+else
+  echo "Note: Run deploy-explorer-config-to-vmid5000.sh from repo root to deploy token list. /api/config/* will 404 until then."
+fi
+echo ""
+
 # Step 6: Enable the site
 echo "=== Step 6: Enabling Blockscout Site ==="
 ln -sf "$CONFIG_FILE" /etc/nginx/sites-enabled/blockscout