ethernal/Caddyfile at develop · tryethernal/ethernal · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
{
    storage file_system {
        root /data
    }

    on_demand_tls {
        ask http://ethernal.internal:8080/api/caddy/validDomain
    }
}

blog.tryethernal.com {
    redir * https://tryethernal.com/blog{uri} permanent
}

(common) {
    header {
        Apx-Incoming-Host "{host}"
    }

    @checkVerifyStatus {
        path /api
        query module=contract
        query action=checkverifystatus
        query apikey=*
    }
    handle @checkVerifyStatus {
        rewrite * /api/contracts/verificationStatus
        reverse_proxy ethernal.internal:8080
    }

    @getSourceCode {
        path /api
        query module=contract
        query action=getsourcecode
        query apikey=*
    }
    handle @getSourceCode {
        rewrite * /api/contracts/sourceCode
        reverse_proxy ethernal.internal:8080
    }

    @getAbi {
        path /api
        query module=contract
        query action=getabi
        query apikey=*
    }
    handle @getAbi {
        rewrite * /api/contracts/getabi
        reverse_proxy ethernal.internal:8080
    }

    handle_path /ingest/* {
        reverse_proxy https://us.i.posthog.com {
            header_up Host us.i.posthog.com
        }
    }

    handle /api/2/* {
        reverse_proxy https://sentry.tryethernal.com {
            header_up Host sentry.tryethernal.com
        }
    }

    @fallbackApi {
        path /api* /webhooks*
    }
    handle @fallbackApi {
        reverse_proxy ethernal.internal:8080
    }

    handle_path /bull* {
        reverse_proxy ethernal.internal:8080
    }

    handle /app* {
        reverse_proxy ethernal-soketi:6001 {
            header_up Upgrade "websocket"
            header_up Connection "Upgrade"
        }
    }

    handle_path /sentry-dashboard* {
        basicauth {
            {$SENTRY_DASHBOARD_USERNAME} {$SENTRY_DASHBOARD_PASSWORD_HASH}
        }
        root * /srv/sentry-dashboard
        try_files {path} /index.html
        file_server
    }

    handle_path /admin/* {
        root * /srv/admin
        try_files {path} /index.html
        file_server
    }

    # Stop Google from indexing tenant subdomains (cypherium.tryethernal.com,
    # adventure-layer.tryethernal.com, app.tryethernal.com, etc.). Without this,
    # Google crawls and indexes block/tx/address pages across every tenant
    # subdomain, wasting crawl budget that should go to the apex landing site.
    #
    # The fix is X-Robots-Tag: noindex on every response. NOT a robots.txt
    # Disallow: if we disallow crawling, Google can never see the noindex header
    # and already-indexed URLs stay indexed forever. We want Google to keep
    # crawling (for now) so it sees "noindex" and removes the URLs from its
    # index. Once the tenant URLs are fully deindexed (typically a few weeks),
    # we can add a Disallow in robots.txt in a follow-up to conserve crawl
    # budget on ongoing crawling.
    #
    # Matches any *.tryethernal.com subdomain EXCEPT www (which serves the
    # landing site and must stay indexable). Custom domains (user-owned
    # explorer domains like explorer.teamX.com) don't match this pattern and
    # stay indexable, which is intentional: paying customers want SEO for their
    # public explorer.
    #
    # The apex tryethernal.com (no subdomain label) is served by its own
    # site block and isn't routed through this matcher. www.tryethernal.com
    # IS routed through the *.tryethernal.com wildcard block, so we explicitly
    # exclude it via `not host` — Caddy's regex engine is RE2 and does not
    # support negative lookahead, so we cannot express the exclusion in the
    # regex itself.
    @tenantHosts {
        not host www.tryethernal.com
        header_regexp Host ^[^.]+\.tryethernal\.com$
    }
    header @tenantHosts X-Robots-Tag "noindex, nofollow"

    # Also serve an explicit robots.txt on tenant subdomains so crawlers that
    # only consult robots.txt (not headers) get the right signal. Allow crawling
    # so Google can re-visit existing URLs and see the noindex header; block new
    # discovery via paths we know are index bloat (block/tx/address SPA routes).
    @tenantRobots {
        not host www.tryethernal.com
        path /robots.txt
        header_regexp Host ^[^.]+\.tryethernal\.com$
    }
    handle @tenantRobots {
        header Content-Type "text/plain; charset=utf-8"
        respond <<ROBOTS
			User-agent: *
			Allow: /

			# Noindex enforced via X-Robots-Tag header on every response.
			# Crawling is allowed so existing indexed URLs can be re-visited and dropped.
			ROBOTS 200
    }

    @landing host tryethernal.com www.tryethernal.com
    handle @landing {
        # 301 redirects for Ghost-era blog URLs
        @blogTagPages path /blog/tag/*
        handle @blogTagPages {
            redir * /blog permanent
        }

        @blogAlchemy3 path /blog/ethernal-x-alchemy-3
        handle @blogAlchemy3 {
            redir * /blog/ethernal-x-alchemy permanent
        }

        @blogCdnCgi path /blog/cdn-cgi/*
        handle @blogCdnCgi {
            respond 410
        }

        handle_path /blog/* {
            root * /srv/blog
            try_files {path} {path}.html {path}/index.html /index.html
            file_server
        }
        handle /blog {
            root * /srv/blog
            try_files /index.html
            file_server
        }
        handle {
            root * /srv/landing
            try_files {path} {path}.html {path}/index.html /index.html
            file_server
        }
    }

    handle {
        root * /srv/app
        try_files {path} /index.html
        file_server
    }

    encode gzip
}

# app.tryethernal.com: 301 landing/blog paths to apex, pass through app routes to SPA.
# NOTE: the path list below is an explicit allowlist. When adding a new top-level
# landing route (e.g. a new /chains/<slug>, /compare page, or root-level marketing
# page), update @landingPaths or @landingPathPrefixes below. Source of truth for
# landing routes: landing/src/router.js.
app.tryethernal.com {
    tls contact@tryethernal.com {
        ca https://dv.acme-v02.api.pki.goog/directory
        eab {env.GTS_EAB_KEY_ID} {env.GTS_EAB_HMAC_KEY}
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    }

    @landingPaths path /blockscout-alternative /etherscan-alternative /routescan-alternative /build-vs-buy-block-explorer /op-stack /arbitrum-orbit /pricing /features /developers /teams /app-chains /transaction-tracing /contact-us /hardhat-block-explorer /anvil-block-explorer /ganache-block-explorer /kaleido /chainstack /github-actions /terms /privacy
    handle @landingPaths {
        redir https://tryethernal.com{uri} permanent
    }

    @landingPathPrefixes path /blog* /chains/* /tools/*
    handle @landingPathPrefixes {
        redir https://tryethernal.com{uri} permanent
    }

    import common
}

# Wildcard cert for *.tryethernal.com subdomains (DNS challenge via Google Trust Services)
*.tryethernal.com {
    tls contact@tryethernal.com {
        ca https://dv.acme-v02.api.pki.goog/directory
        eab {env.GTS_EAB_KEY_ID} {env.GTS_EAB_HMAC_KEY}
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    }

    import common
}

# Custom domains use on-demand TLS (HTTP challenge)
:443 {
    tls {
        on_demand
    }

    import common
}