Skip to content

fix[nginx]: Make sure we trust the GCP IPs to get the real client IP#1595

Merged
luislhl merged 1 commit intomasterfrom
fix/nginx/add-gcp-ips
Feb 12, 2026
Merged

fix[nginx]: Make sure we trust the GCP IPs to get the real client IP#1595
luislhl merged 1 commit intomasterfrom
fix/nginx/add-gcp-ips

Conversation

@luislhl
Copy link
Contributor

@luislhl luislhl commented Feb 10, 2026
edited
Loading

Motivation

Our Nginx config lacked a config to trust IPs from GCP and from GCP LBs

Acceptance Criteria

  • Each GCP project should define their LB IPs, and the nginx.conf generated for each one should include them as trusted
  • All GCP projects should include the global GCP IP ranges
  • The nano_contracts logs endpoint should be made public in all projects
  • Remove sections related to the nano-testnets, which don't exist anymore

TODO

  • After merge, we can manually update the Nginx containers of public fullnodes, so that we don't have to wait to the next hathor-core release to deploy this

Checklist

  • If you are requesting a merge into master, confirm this code is production-ready and can be included in future releases as soon as it gets merged

@luislhl luislhl self-assigned this Feb 10, 2026
@luislhl luislhl moved this from Todo to In Progress (Done) in Hathor Network Feb 10, 2026
@luislhl luislhl requested review from glevco and jansegre and removed request for jansegre and msbrogli February 10, 2026 21:22
glevco
glevco previously approved these changes Feb 10, 2026
View reviewed changes
@github-project-automation github-project-automation bot moved this from In Progress (Done) to In Review (WIP) in Hathor Network Feb 10, 2026
@codecov
Copy link

codecov bot commented Feb 10, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.67%. Comparing base (8ea0e10) to head (071f209).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1595      +/-   ##
==========================================
- Coverage   85.69%   85.67%   -0.03%     
==========================================
  Files         441      441              
  Lines       33793    33793              
  Branches     5286     5286              
==========================================
- Hits        28959    28952       -7     
- Misses       3817     3822       +5     
- Partials     1017     1019       +2
Flag Coverage Δ
test-lib 85.67% <ø> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Base automatically changed from fix/nginx/status-buffer-size to master February 10, 2026 23:02
@luislhl luislhl dismissed glevco’s stale review February 10, 2026 23:02

The base branch was changed.

@luislhl luislhl force-pushed the fix/nginx/add-gcp-ips branch from d1365be to c26f2f2 Compare February 11, 2026 16:14
@github-actions
Copy link

github-actions bot commented Feb 11, 2026
edited
Loading

🐰 Bencher Report

Branchfix/nginx/add-gcp-ips
Testbedubuntu-22.04

🚨 1 Alert

BenchmarkMeasure
Units		ViewBenchmark Result
(Result Δ%)		Lower Boundary
(Limit %)
sync-v2 (up to 20000 blocks)Latency
minutes (m)		📈 plot
🚷 threshold
🚨 alert (🔔)		1.43 m
(-16.61%)Baseline: 1.71 m
1.54 m
(107.93%)

Click to view all benchmark results
BenchmarkLatencyBenchmark Result
minutes (m)
(Result Δ%)		Lower Boundary
minutes (m)
(Limit %)		Upper Boundary
minutes (m)
(Limit %)
sync-v2 (up to 20000 blocks)📈 view plot
🚷 view threshold
🚨 view alert (🔔)		1.43 m
(-16.61%)Baseline: 1.71 m
1.54 m
(107.93%)

2.06 m
(69.49%)
🐰 View full continuous benchmarking report in Bencher

@luislhl luislhl force-pushed the fix/nginx/add-gcp-ips branch from c26f2f2 to 071f209 Compare February 12, 2026 21:28
@luislhl luislhl enabled auto-merge (squash) February 12, 2026 21:28
@luislhl luislhl moved this from In Review (WIP) to Waiting to be deployed in Hathor Network Feb 12, 2026
@luislhl luislhl merged commit f618470 into master Feb 12, 2026
30 of 32 checks passed
@luislhl luislhl deleted the fix/nginx/add-gcp-ips branch February 12, 2026 21:50
r4mmer added a commit that referenced this pull request Feb 24, 2026
@r4mmer
Merge remote-tracking branch 'origin/master' into feat/hathorlib-blue…
f56588c 
…print-move-1

* origin/master:
  feat: pydantic settings (#1600)
  fix[thin_wallet]: handle address history invalid tx version (#1590)
  refactor(nano): Make NCBlockExecutor a pure executor with no side effects
  fix[nginx]: Make sure we trust the GCP IPs to get the real client IP (#1595)
  refactor: Upgrade to Pydantic v2
  chore(github): Split GitHub main action into lint, test-cli, test-lib, test-other
  fix[nginx]: Use a larger buffer size for /v1a/status (#1594)
  chore: adjust testnet config for v0.69.0 release
  chore[storage]: Limit the total size of RocksDB WAL files (#1518)
  chore: adjust testnet config for v0.69.0 release
  chore: configure feature activations for v0.69.0 release
  refactor: wallet on_new_tx (#1561)
  refactor(nano): Remove dead reorg cleanup code from block executor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jansegre jansegre jansegre approved these changes

@glevco glevco glevco approved these changes

Assignees

@luislhl luislhl

Labels

None yet

Projects

Hathor Network
Status: Waiting to be deployed

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@luislhl @jansegre @glevco