Configuration of Nginx

Scope

Nginx was configured as the public entry point for the Photon development services on photonbolt.xyz subdomains.

Subdomains Configured

• dev-rpc.photonbolt.xyz - proxied to internal Bitcoin RPC on 127.0.0.1:18443
• dev-proxy.photonbolt.xyz - proxied to RGB proxy on 127.0.0.1:3000
• dev-index.photonbolt.xyz - HTTPS info page on 443 and Electrs TLS stream on 50002 forwarding to 127.0.0.1:50001
• faucet.photonbolt.xyz - proxied to the regtest faucet backend on 127.0.0.1:8788

Certificate Work

Certbot was used with the Nginx plugin to issue and deploy a SAN certificate named photonbolt.xyz-dev-stack for:

• dev-rpc.photonbolt.xyz
• dev-proxy.photonbolt.xyz
• dev-index.photonbolt.xyz
• faucet.photonbolt.xyz

Certificate path: /etc/letsencrypt/live/photonbolt.xyz-dev-stack/fullchain.pem

Nginx Changes Applied

• Enabled loading of /etc/nginx/sites-enabled/* from /etc/nginx/nginx.conf
• Added a new stream include path: /etc/nginx/stream-conf.d/*.conf
• Created site files for Photon HTTP/HTTPS virtual hosts
• Created a stream config for the Electrs TCP/TLS endpoint

Files Created or Updated

• /etc/nginx/nginx.conf
• /etc/nginx/sites-available/dev-rpc.photonbolt.xyz.conf
• /etc/nginx/sites-available/dev-proxy.photonbolt.xyz.conf
• /etc/nginx/sites-available/dev-index.photonbolt.xyz.conf
• /etc/nginx/sites-available/faucet.photonbolt.xyz.conf
• /etc/nginx/stream-conf.d/dev-index.photonbolt.xyz.conf

Proxy Details

For the HTTP reverse proxies, standard forwarded headers were configured: Host, X-Real-IP, X-Forwarded-For, and X-Forwarded-Proto.

The faucet host proxies plain HTTP traffic from Nginx to the local Node backend on 127.0.0.1:8788. The backend itself handles the static UI and the faucet API paths.

For RGB proxy uploads, client_max_body_size 50M was set.

Electrs TCP/TLS Handling

Electrs uses a raw TCP protocol rather than HTTP. Because of that, an Nginx stream listener was added. The external TLS listener was set to dev-index.photonbolt.xyz:50002 and proxies to the local Electrs backend at 127.0.0.1:50001.

The HTTPS site on dev-index.photonbolt.xyz returns an informational message that points users to the TLS Electrum endpoint on port 50002.

Validation Performed

• nginx -t passed after the final adjustments
• Nginx was reloaded successfully
• Local HTTPS checks succeeded for the Photon vhosts
• Local TLS handshake to the Electrs stream endpoint succeeded
• certbot.timer remained active for auto-renewal

Issue Found During Nginx Work

While enabling sites-enabled, an older duplicate site entry for db.swapunits.online became active. That duplicate symlink was removed again to restore a single active db site definition.

Current DB Site Status

db.swapunits.online is still not healthy, but the current problem is not the Photon reverse proxy configuration. Nginx reaches the db virtual host, then fails with 502 Bad Gateway because the configured upstream 127.0.0.1:5051 is not listening.

In short:

• Photon Nginx config is active
• Duplicate db site activation was undone
• The remaining db outage is caused by the backend on port 5051 being down