ops: Implement ACL for internal APIs

production/nginx/location-api.conf

@@ -4,10 +4,17 @@
 
 # Block the internal APIs of esplora
 location /api/internal/ {
-	return 403;
+	if ($mempool_external) {
+		return 403;
+	}
+	rewrite ^/api/(.*) /$1 break;
+	try_files /dev/null @esplora-api-cache-disabled;
 }
 location /api/v1/internal/ {
-	return 403;
+	if ($mempool_external) {
+		return 403;
+	}
+	try_files /dev/null @mempool-api-v1-cache-normal;
 }
 
 # websocket has special HTTP headers