Compare commits
7 Commits
5e2842774a
...
9bc3cdbd0b
| Author | SHA1 | Date | |
|---|---|---|---|
|
9bc3cdbd0b | ||
|
|
79e6402df3 | ||
|
|
ec2e9444e3 | ||
|
|
a86a2fee85 | ||
|
|
aec67b9db8 | ||
|
|
0bbe1d428a | ||
|
|
a05f0afa8b |
@@ -1,3 +1,7 @@
|
||||
log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'status=$status allow_origin=$allow_origin '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
|
||||
{{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }}
|
||||
{{ $gzip_settings := "gzip on; gzip_min_length 1100; gzip_buffers 4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_vary on; gzip_comp_level 6;" }}
|
||||
|
||||
@@ -8,13 +12,12 @@
|
||||
map $http_origin $allow_origin {
|
||||
~^https?:\/\/(.*\.)?localhost(:\d+)?$ $http_origin;
|
||||
~^https?:\/\/(.*\.)?discours\.io$ $http_origin;
|
||||
~^https?:\/\/(.*\.)?dscrs\.site$ $http_origin;
|
||||
~^https?:\/\/testing\.(discours\.io|dscrs\.site)$ $http_origin;
|
||||
~^https?:\/\/(.*\.)?dscrs\.site(:\d+)?$ $http_origin;
|
||||
~^https?:\/\/discoursio-webapp(-.*)?\.vercel\.app$ $http_origin;
|
||||
default "";
|
||||
}
|
||||
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g
|
||||
inactive=60m use_temp_path=off;
|
||||
limit_conn_zone $binary_remote_addr zone=addr:10m;
|
||||
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=20r/s;
|
||||
@@ -30,7 +33,7 @@ server {
|
||||
listen [::]:{{ $listen_port }};
|
||||
listen {{ $listen_port }};
|
||||
server_name {{ $.NOSSL_SERVER_NAME }};
|
||||
access_log /var/log/nginx/{{ $.APP }}-access.log;
|
||||
access_log /var/log/nginx/{{ $.APP }}-access.log custom;
|
||||
error_log /var/log/nginx/{{ $.APP }}-error.log;
|
||||
client_max_body_size 100M;
|
||||
|
||||
@@ -38,7 +41,7 @@ server {
|
||||
listen [::]:{{ $listen_port }} ssl http2;
|
||||
listen {{ $listen_port }} ssl http2;
|
||||
server_name {{ $.NOSSL_SERVER_NAME }};
|
||||
access_log /var/log/nginx/{{ $.APP }}-access.log;
|
||||
access_log /var/log/nginx/{{ $.APP }}-access.log custom;
|
||||
error_log /var/log/nginx/{{ $.APP }}-error.log;
|
||||
ssl_certificate {{ $.APP_SSL_PATH }}/server.crt;
|
||||
ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
|
||||
@@ -61,6 +64,8 @@ server {
|
||||
{{ $cors_headers_post }}
|
||||
{{ $cors_headers_get }}
|
||||
|
||||
add_header Debug-Allow-Origin $allow_origin;
|
||||
|
||||
proxy_cache my_cache;
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_min_uses 2;
|
||||
@@ -69,7 +74,6 @@ server {
|
||||
proxy_cache_lock on;
|
||||
|
||||
# Connections and request limits increase (bad for DDos)
|
||||
limit_conn addr 10000;
|
||||
limit_req zone=req_zone burst=10 nodelay;
|
||||
}
|
||||
|
||||
@@ -84,11 +88,13 @@ server {
|
||||
# }
|
||||
|
||||
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
|
||||
expires 30d; # This means that the client can cache these resources for 30 days.
|
||||
add_header Cache-Control "public, no-transform";
|
||||
proxy_pass http://{{ $.APP }}-{{ $upstream_port }};
|
||||
expires 30d;
|
||||
add_header Cache-Control "public, no-transform";
|
||||
}
|
||||
|
||||
location ~* \.(mp3|wav|ogg|flac|aac|aif|webm)$ {
|
||||
proxy_pass http://{{ $.APP }}-{{ $upstream_port }};
|
||||
if ($request_method = 'GET') {
|
||||
add_header 'Access-Control-Allow-Origin' $allow_origin always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
|
||||
|
||||
Reference in New Issue
Block a user