Canton | Nginx
Config public api for Canton
Section titled “Config public api for Canton”Config Nginx Server-1 (on validator server)
Section titled “Config Nginx Server-1 (on validator server)”1. Config api validator
Section titled “1. Config api validator”#Note: local_ip must be private ip, maybe from vpn or tunnel connection. Don't public IP.
sudo nano /etc/nginx/sites-available/api-canton.confserver { listen local_ip:port;
# only allow validator api location /api/validator/ { proxy_pass http://wallet.localhost/api/validator/;
proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Authorization $http_authorization; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60s; proxy_read_timeout 60s; }
# block all another request location / { return 403; }}2. Config api ledger
Section titled “2. Config api ledger”sudo nano /etc/nginx/sites-available/api-ledger-canton.confserver { listen local_ip:port;
location / { proxy_pass http://json-ledger-api.localhost/;
proxy_http_version 1.1; proxy_set_header Host json-ledger-api.localhost; proxy_set_header Authorization $http_authorization; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60s; proxy_read_timeout 60s; }}3. Config api keycloak
Section titled “3. Config api keycloak”sudo nano /etc/nginx/sites-available/key-canton.confserver { listen local_ip:port;
location / { proxy_pass http://localhost:55888;
proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Authorization $http_authorization; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60s; proxy_read_timeout 60s; }}4. Symlink config nginx
Section titled “4. Symlink config nginx”ln -s /etc/nginx/sites-available/api-canton.conf /etc/nginx/sites-enabled/ln -s /etc/nginx/sites-available/api-ledger-canton.conf /etc/nginx/sites-enabled/ln -s /etc/nginx/sites-available/key-canton.conf /etc/nginx/sites-enabled/5. Check config
Section titled “5. Check config”nginx -t6. Apply config
Section titled “6. Apply config”sudo systemctl reload nginxConfig Nginx Server-2 (on proxy gateway server)
Section titled “Config Nginx Server-2 (on proxy gateway server)”1. Config api validator
Section titled “1. Config api validator”sudo nano /etc/nginx/sites-available/api-canton.confserver { listen 80; listen [::]:80;
server_name api-yourdomain.xyz;
location /api/validator/ { proxy_pass http://ip:port;
proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Authorization $http_authorization; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60s; proxy_read_timeout 60s;
} location / { return 403; }}2. Config api ledger
Section titled “2. Config api ledger”sudo nano /etc/nginx/sites-available/api-ledger-canton.confserver { listen 80; listen [::]:80;
server_name api-ledger-yourdomain.xyz;
location / { proxy_pass http://ip:port;
proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Authorization $http_authorization; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60s; proxy_read_timeout 60s; }}3. Config api keycloak
Section titled “3. Config api keycloak”sudo nano /etc/nginx/sites-available/key-canton.confserver { listen 80; listen [::]:80;
server_name key-yourdomain.xyz;
location / { proxy_pass http://ip:port;
proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Authorization $http_authorization; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60s; proxy_read_timeout 60s;
}}4. Symlink config nginx
Section titled “4. Symlink config nginx”ln -s /etc/nginx/sites-available/api-canton.conf /etc/nginx/sites-enabled/ln -s /etc/nginx/sites-available/api-ledger-canton.conf /etc/nginx/sites-enabled/ln -s /etc/nginx/sites-available/key-canton.conf /etc/nginx/sites-enabled/5. Check config
Section titled “5. Check config”nginx -t6. Apply config
Section titled “6. Apply config”sudo systemctl reload nginx7. Create ssl
Section titled “7. Create ssl”certbot --nginx -d api.yourdomain.xyzcertbot --nginx -d api-ledger.yourdomain.xyzcertbot --nginx -d key.yourdomain.xyzlastUpdated: 2026-03-16