fix: relax nginx rate limit and address regex for Tor proxy

Copexit · claude · Copexit · commit 2f2f485143ee · 2026-02-21T09:02:32.000-03:00
The Chainalysis check sends up to 20 sequential requests through the Tor
proxy. The rate limit (1r/s burst=5) was rejecting requests beyond the
burst, causing the "Tor proxy unavailable" fallback dialog.

Fix: increase to 2r/s burst=25 to accommodate the full batch.

Also fix the address regex in both the tor-proxy sidecar and Cloudflare
Worker to accept testnet/signet addresses (tb1, m, n, 2 prefixes) in
addition to mainnet (1, 3, bc1).

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/umbrel/nginx.conf.template b/umbrel/nginx.conf.template
@@ -1,5 +1,6 @@
-# Rate limit for Tor proxy endpoint (1 req/sec per client IP, burst of 5)
-limit_req_zone $binary_remote_addr zone=tor_proxy:1m rate=1r/s;
+# Rate limit for Tor proxy endpoint (2 req/sec per client IP, burst of 25)
+# Must accommodate up to 20 sequential Chainalysis address checks
+limit_req_zone $binary_remote_addr zone=tor_proxy:1m rate=2r/s;
 
 server {
     listen 8080;
@@ -58,7 +59,7 @@ server {
 
     # Reverse proxy: forward /tor-proxy/* to the Tor proxy sidecar
     location /tor-proxy/ {
-        limit_req zone=tor_proxy burst=5 nodelay;
+        limit_req zone=tor_proxy burst=25 nodelay;
         proxy_pass http://${APP_TOR_PROXY_IP}:${APP_TOR_PROXY_PORT}/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
diff --git a/umbrel/tor-proxy/server.js b/umbrel/tor-proxy/server.js
@@ -14,7 +14,8 @@ const agent = new SocksProxyAgent(
   `socks5h://${TOR_PROXY_IP}:${TOR_PROXY_PORT}`
 );
 
-const ADDR_RE = /^\/chainalysis\/address\/([13][a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{39,87})$/;
+// Supports mainnet (1/3/bc1), testnet/signet (m/n/2/tb1)
+const ADDR_RE = /^\/chainalysis\/address\/([13mn2][a-km-zA-HJ-NP-Z1-9]{25,34}|(bc1|tb1)[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{39,87})$/;
 const REQUEST_TIMEOUT_MS = 30_000;
 const MAX_RESPONSE_BYTES = 1024 * 1024; // 1 MB limit to prevent memory exhaustion
 
diff --git a/workers/chainalysis-proxy/worker.js b/workers/chainalysis-proxy/worker.js
@@ -14,7 +14,7 @@ const handler = {
 
     // Extract address from path: /address/{address}
     const url = new URL(request.url);
-    const match = url.pathname.match(/^\/address\/([13][a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{39,87})$/);
+    const match = url.pathname.match(/^\/address\/([13mn2][a-km-zA-HJ-NP-Z1-9]{25,34}|(bc1|tb1)[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{39,87})$/);
     if (!match) {
       return new Response("Invalid path. Use /address/{btc_address}", {
         status: 400,
