For your pythd to communicate with our servers over an encrypted channel, it is recommended that you set up an NGINX proxy. This also allows for token authentication, meaning we do not need to manually maintain IP whitelists for your nodes. Sample NGINX configurations have been provided by the Pyth team:
Copy # replace YOUR_NODE and YOUR_AUTH_TOKEN_HERE
# docker run -v /path/to/nginx-triton1.conf:/etc/nginx/nginx.conf:ro -p 7899:7899 -p 7900:7900 -d docker.io/nginx
worker_processes 1 ;
events {}
http {
include /etc/nginx/mime.types;
rewrite_log on ;
keepalive_requests 2147483647 ; # int32 max
client_max_body_size 0 ;
# Pythnet, listening on ports 7799:7800
upstream pythnet_backend {
server YOUR_PYTHNET_NODE.rpcpool.com:443;
keepalive 4 ;
}
server {
listen 7800 ;
location / {
proxy_http_version 1.1 ;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade" ;
proxy_pass https://pythnet_backend/YOUR_PYTHNET_AUTH_TOKEN_HERE/;
proxy_set_header Host YOUR_PYTHNET_NODE.rpcpool.com;
}
}
server {
listen 7799 ;
location / {
proxy_http_version 1.1 ;
proxy_set_header Connection "" ;
proxy_pass https://pythnet_backend/YOUR_PYTHNET_AUTH_TOKEN_HERE/;
proxy_set_header Host YOUR_PYTHNET_NODE.rpcpool.com;
}
}
# Solana Mainnet, listening on ports 7899:7900
upstream mainnet_backend {
server YOUR_MAINNET_NODE.rpcpool.com:443;
keepalive 4 ;
}
server {
listen 7900 ;
location / {
proxy_http_version 1.1 ;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade" ;
proxy_pass https://mainnet_backend/YOUR_MAINNET_AUTH_TOKEN_HERE/;
proxy_set_header Host YOUR_MAINNET_NODE.rpcpool.com;
}
}
server {
listen 7899 ;
location / {
proxy_http_version 1.1 ;
proxy_set_header Connection "" ;
proxy_pass https://mainnet_backend/YOUR_MAINNET_AUTH_TOKEN_HERE/;
proxy_set_header Host YOUR_MAINNET_NODE.rpcpool.com;
}
}
}