Universal Crypto MCP

nginx.conf•14 KiB

# Universal Crypto MCP - Enterprise Nginx Configuration # Production-ready reverse proxy with SSL, rate limiting, caching # # @author nirholas # @license Apache-2.0 user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 4096; use epoll; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/json; # ═══════════════════════════════════════════════════════════════ # Logging # ═══════════════════════════════════════════════════════════════ log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' 'rt=$request_time uct="$upstream_connect_time" ' 'uht="$upstream_header_time" urt="$upstream_response_time"'; log_format json escape=json '{' '"time_local":"$time_local",' '"remote_addr":"$remote_addr",' '"request":"$request",' '"status":$status,' '"body_bytes_sent":$body_bytes_sent,' '"request_time":$request_time,' '"upstream_response_time":"$upstream_response_time",' '"http_x_payment":"$http_x_payment",' '"http_x_payer":"$upstream_http_x_payer"' '}'; access_log /var/log/nginx/access.log json; # ═══════════════════════════════════════════════════════════════ # Performance # ═══════════════════════════════════════════════════════════════ sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; # Gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/xml application/xml+rss text/javascript; gzip_min_length 1000; # Buffer sizes client_body_buffer_size 16k; client_header_buffer_size 1k; client_max_body_size 10m; large_client_header_buffers 4 8k; # ═══════════════════════════════════════════════════════════════ # Rate Limiting Zones # ═══════════════════════════════════════════════════════════════ # Per-IP rate limiting limit_req_zone $binary_remote_addr zone=ip_limit:10m rate=100r/s; # Per-payer rate limiting (from x-payer header) limit_req_zone $http_x_payer zone=payer_limit:10m rate=1000r/s; # Connection limiting limit_conn_zone $binary_remote_addr zone=conn_limit:10m; # ═══════════════════════════════════════════════════════════════ # Upstream Servers # ═══════════════════════════════════════════════════════════════ upstream gateway { least_conn; server gateway:3000 weight=1 max_fails=3 fail_timeout=30s; keepalive 32; } upstream sse { server gateway:3001; keepalive 100; } upstream dashboard { server dashboard:3000; keepalive 16; } # ═══════════════════════════════════════════════════════════════ # Cache # ═══════════════════════════════════════════════════════════════ proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=api_cache:10m max_size=1g inactive=60m use_temp_path=off; # ═══════════════════════════════════════════════════════════════ # HTTP -> HTTPS Redirect # ═══════════════════════════════════════════════════════════════ server { listen 80; listen [::]:80; server_name _; # ACME challenge for Let's Encrypt location /.well-known/acme-challenge/ { root /var/www/certbot; } # Health check (allow HTTP) location /health { proxy_pass http://gateway/health; proxy_http_version 1.1; } # Redirect all other traffic to HTTPS location / { return 301 https://$host$request_uri; } } # ═══════════════════════════════════════════════════════════════ # HTTPS Server - Main API # ═══════════════════════════════════════════════════════════════ server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name api.your-domain.com; # SSL Configuration ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Modern SSL configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # HSTS add_header Strict-Transport-Security "max-age=63072000" always; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin" always; # ═══════════════════════════════════════════════════════════════ # Health & Discovery (No rate limiting) # ═══════════════════════════════════════════════════════════════ location /health { proxy_pass http://gateway/health; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; # No caching for health add_header Cache-Control "no-cache, no-store"; } location /.well-known/x402 { proxy_pass http://gateway/.well-known/x402; proxy_http_version 1.1; proxy_set_header Host $host; # Cache for 5 minutes proxy_cache api_cache; proxy_cache_valid 200 5m; add_header X-Cache-Status $upstream_cache_status; } # ═══════════════════════════════════════════════════════════════ # SSE Endpoint (Special handling) # ═══════════════════════════════════════════════════════════════ location /sse { proxy_pass http://sse; proxy_http_version 1.1; proxy_set_header Connection ''; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # SSE specific proxy_buffering off; proxy_cache off; proxy_read_timeout 86400s; proxy_send_timeout 86400s; chunked_transfer_encoding off; add_header Content-Type text/event-stream; add_header Cache-Control no-cache; add_header X-Accel-Buffering no; } # ═══════════════════════════════════════════════════════════════ # Main API (with rate limiting and x402) # ═══════════════════════════════════════════════════════════════ location /api/ { # Rate limiting limit_req zone=ip_limit burst=50 nodelay; limit_conn conn_limit 100; # Proxy to gateway proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Connection ''; # Pass through x402 headers proxy_set_header X-Payment $http_x_payment; proxy_pass_header X-Payment-Response; # Timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # Cache GET requests (but not POSTs) proxy_cache api_cache; proxy_cache_methods GET HEAD; proxy_cache_valid 200 1m; proxy_cache_bypass $http_x_payment; # Don't cache paid requests add_header X-Cache-Status $upstream_cache_status; } # ═══════════════════════════════════════════════════════════════ # MCP Protocol Endpoint # ═══════════════════════════════════════════════════════════════ location /mcp { limit_req zone=ip_limit burst=20 nodelay; proxy_pass http://gateway; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Payment $http_x_payment; # Larger timeouts for MCP operations proxy_connect_timeout 120s; proxy_send_timeout 120s; proxy_read_timeout 120s; } # ═══════════════════════════════════════════════════════════════ # Error Pages # ═══════════════════════════════════════════════════════════════ error_page 402 @payment_required; location @payment_required { default_type application/json; return 402 '{"error":"payment_required","message":"This endpoint requires payment. See /.well-known/x402 for details."}'; } error_page 429 @rate_limit; location @rate_limit { default_type application/json; return 429 '{"error":"rate_limit_exceeded","message":"Too many requests. Please slow down or upgrade your subscription.","retry_after":60}'; } error_page 502 503 504 @upstream_error; location @upstream_error { default_type application/json; return 503 '{"error":"service_unavailable","message":"Service temporarily unavailable. Please try again later."}'; } } # ═══════════════════════════════════════════════════════════════ # Dashboard Server # ═══════════════════════════════════════════════════════════════ server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name dashboard.your-domain.com; ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_pass http://dashboard; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } }

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/nirholas/universal-crypto-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

nginx.conf•14 KiB