diff --git a/caddy/Caddyfile.mainnet b/caddy/Caddyfile.mainnet index b9a15ee..5dfdeea 100644 --- a/caddy/Caddyfile.mainnet +++ b/caddy/Caddyfile.mainnet @@ -29,3 +29,10 @@ explorer.mainnet.drivechain.info { reverse_proxy localhost:8080 } + +# The real Esplora REST API, straight from electrs (not mempool-web's partial +# shim at explorer.mainnet.drivechain.info/api). electrs already sets +# --cors=*, so this is safe to hit directly from browser JS. +esplora.mainnet.drivechain.info { + reverse_proxy 127.0.0.1:3000 +} diff --git a/docker-compose.mainnet.yml b/docker-compose.mainnet.yml index e49fd5c..b04b868 100644 --- a/docker-compose.mainnet.yml +++ b/docker-compose.mainnet.yml @@ -72,7 +72,11 @@ services: - source: bitcoind-mainnet-cookie target: /daemon-dir/.cookie ports: - - 3000:3000 # Esplora REST API + # Esplora REST API, bound to loopback only. The host's systemd Caddy + # picks it up here and re-exposes it publicly over HTTPS at + # esplora.mainnet.drivechain.info (see caddy/Caddyfile.mainnet). Not + # published on 0.0.0.0 — Caddy is the only intended consumer. + - "127.0.0.1:3000:3000" # Electrum RPC, bound to loopback only. The host's systemd Caddy picks it # up here and re-exposes it publicly: plaintext on :50001 and TLS on :50002 # (see caddy/Caddyfile). Not published on 0.0.0.0 — Caddy is the only