VVV/WETH RFQ NGINX reverse proxy
Prepared config:
vvv-weth-rfq-api.conf
Safety posture
This is staged in the repo only. It has not been copied into /etc/nginx, enabled, or exposed publicly.
The API itself should stay bound to 127.0.0.1:3000; NGINX is the only intended public entrypoint after approval.
Before enabling
- Replace
rfq.example.comwith the approved DNS name. - Confirm DNS A/AAAA record points to this server.
- Confirm cloud firewall/security group permits inbound 80/443 only if public access is approved.
- Confirm hard-quote controls are ready: - rate limits - max quote caps - validation - stale-feed halt - inventory mismatch halt - daily PnL kill switch - audit logs
Install commands, gated
sudo mkdir -p /var/www/letsencrypt
sudo cp /home/ubuntu/base-pmm-rfq/deploy/nginx/vvv-weth-rfq-api.conf /etc/nginx/sites-available/vvv-weth-rfq-api
sudo ln -sfn /etc/nginx/sites-available/vvv-weth-rfq-api /etc/nginx/sites-enabled/vvv-weth-rfq-api
sudo nginx -t
sudo systemctl reload nginx
Verification commands
curl -sS --max-time 5 -H 'Host: rfq.example.com' http://127.0.0.1/health
curl -sS --max-time 5 -H 'Host: rfq.example.com' http://127.0.0.1/risk
Expected health response:
{"status":"ok","service":"vvv-weth-rfq","chainId":8453}