mirror of
https://github.com/DarrenOfficial/dpaste.git
synced 2024-11-23 20:06:35 +11:00
101 lines
2.8 KiB
Nginx Configuration File
101 lines
2.8 KiB
Nginx Configuration File
limit_req_zone $binary_remote_addr zone=login:10m rate=2r/s;
|
|
|
|
upstream app_server {
|
|
server 127.0.0.1:12000 fail_timeout=0;
|
|
}
|
|
|
|
# Combined log with remote:local port logged
|
|
log_format combined_port '$remote_addr - $remote_user [$time_local] '
|
|
'"$request" $status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent" "$remote_port:$server_port"';
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# Redirect all sort of non-ssl (with and without www) to ssl without www
|
|
# -----------------------------------------------------------------------------
|
|
server {
|
|
listen 80;
|
|
server_name dpaste.de
|
|
www.dpaste.de
|
|
dpaste.org
|
|
www.dpaste.org;
|
|
|
|
location / {
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
}
|
|
}
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# SSL Hosts
|
|
# -----------------------------------------------------------------------------
|
|
|
|
server {
|
|
listen 443 ssl spdy;
|
|
server_name dpaste.org www.dpaste.org;
|
|
|
|
ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt;
|
|
ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key;
|
|
add_header Strict-Transport-Security max-age=25200;
|
|
|
|
# Redirect to dpaste.de
|
|
location / {
|
|
rewrite ^/(.*)$ https://dpaste.de/$1 permanent;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl spdy;
|
|
server_name dpaste.de www.dpaste.de;
|
|
|
|
ssl_certificate /srv/dpaste.de/var/ssl/dpaste_de_unified.crt;
|
|
ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_de.key;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers AES256+EECDH:AES256+EDH;
|
|
ssl_session_cache builtin:1000 shared:SSL:5m;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
add_header Strict-Transport-Security max-age=25200;
|
|
|
|
# Rewrite www to non-www
|
|
if ($host = www.dpaste.de) {
|
|
rewrite ^/(.*)$ https://dpaste.de/$1 permanent;
|
|
}
|
|
|
|
access_log /srv/dpaste.de/var/nginx.access.log combined_port;
|
|
error_log /srv/dpaste.de/var/nginx.error.log;
|
|
|
|
keepalive_timeout 5;
|
|
client_max_body_size 2M;
|
|
|
|
location ~ /(favicon.ico|robots.txt) {
|
|
access_log off;
|
|
log_not_found off;
|
|
expires 3d;
|
|
}
|
|
|
|
location /webalizer/ {
|
|
alias /srv/dpaste.de/var/webalizer/;
|
|
auth_basic "Restricted";
|
|
auth_basic_user_file /srv/dpaste.de/var/.htpasswd;
|
|
}
|
|
|
|
location /media/ {
|
|
alias /srv/dpaste.de/var/media/;
|
|
}
|
|
|
|
location /static/ {
|
|
alias /srv/dpaste.de/var/static/;
|
|
}
|
|
|
|
location / {
|
|
|
|
limit_req zone=login burst=5;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $http_host;
|
|
proxy_redirect off;
|
|
proxy_buffering off;
|
|
proxy_pass http://app_server;
|
|
break;
|
|
}
|
|
}
|
|
|