adding nginx conf
This commit is contained in:
x
parent
07dbde9683
commit
75a3dce5b3
66
conf/nginx.conf
Normal file
66
conf/nginx.conf
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
limit_req_zone $binary_remote_addr zone=loginlimit:10m rate=1r/s;
|
||||||
|
server {
|
||||||
|
server_name ;
|
||||||
|
root /path/to/public/;
|
||||||
|
charset UTF-8;
|
||||||
|
access_log off;
|
||||||
|
error_log off;
|
||||||
|
listen 443 http2 ssl; # managed by Certbot
|
||||||
|
listen [::]:443 http2 ssl;
|
||||||
|
ssl_certificate /etc/letsencrypt/live/blah.tld/fullchain.pem; # managed by Certbot
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/blah.tld/privkey.pem; # managed by Certbot
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Server-Name $server_name;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
proxy_pass http://localhost:1338;
|
||||||
|
}
|
||||||
|
location /login {
|
||||||
|
limit_req zone=loginlimit delay=36590;
|
||||||
|
proxy_pass http://localhost:1338;
|
||||||
|
}
|
||||||
|
location ~* \.(css|js)$ {
|
||||||
|
expires 30d;
|
||||||
|
max_ranges 0;
|
||||||
|
}
|
||||||
|
location /s/img {
|
||||||
|
add_header Cache-Control "private";
|
||||||
|
}
|
||||||
|
location /t/ {
|
||||||
|
add_header Cache-Control "private";
|
||||||
|
proxy_pass http://localhost:1338;
|
||||||
|
}
|
||||||
|
location /favicon.png {
|
||||||
|
return 200;
|
||||||
|
}
|
||||||
|
location /api {
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Server-Name $server_name;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://localhost:1338;
|
||||||
|
add_header 'Content-Type' 'application/json; charset=utf-8';
|
||||||
|
add_header 'Access-Control-Allow-Origin' 'blah.tld' always;
|
||||||
|
max_ranges 0;
|
||||||
|
}
|
||||||
|
location ~ .(webm)$ {
|
||||||
|
proxy_pass http://localhost:1338;
|
||||||
|
valid_referers none blocked blah.tld;
|
||||||
|
if ($invalid_referer) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
if ($host = blah.tld) {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
} # managed by Certbot
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name ;
|
||||||
|
return 404; # managed by Certbot
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user