-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
72 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
location ~* ^.*\.(css|js|jpe?g|gif|png|woff|eot|ttf|svg|ico|css\.map|js\.map)$ { | ||
if_modified_since off; | ||
|
||
# use the public cache | ||
proxy_cache public-cache; | ||
proxy_cache_key $host$request_uri; | ||
|
||
# ignore these headers for media | ||
proxy_ignore_headers Set-Cookie Cache-Control Expires X-Accel-Expires; | ||
|
||
# cache 200s and also 404s (not ideal but there are a few 404 images for some reason) | ||
proxy_cache_valid any 30m; | ||
proxy_cache_valid 404 1m; | ||
|
||
# strip this header to avoid If-Modified-Since requests | ||
proxy_hide_header Last-Modified; | ||
proxy_hide_header Cache-Control; | ||
proxy_hide_header Vary; | ||
|
||
proxy_cache_bypass 0; | ||
proxy_no_cache 0; | ||
|
||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504 http_404; | ||
proxy_connect_timeout 5s; | ||
proxy_read_timeout 45s; | ||
|
||
expires @30m; | ||
access_log off; | ||
|
||
include conf.d/include/proxy.conf; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
if ($scheme = "http") { | ||
return 301 https://$host$request_uri; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) | ||
# We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel | ||
# other regex checks, because in our other config files have regex rule that denies access to files with dotted names. | ||
location ^~ /.well-known/acme-challenge/ { | ||
# Since this is for letsencrypt authentication of a domain and they do not give IP ranges of their infrastructure | ||
# we need to open up access by turning off auth and IP ACL for this location. | ||
auth_basic off; | ||
auth_request off; | ||
allow all; | ||
|
||
# Set correct content type. According to this: | ||
# https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29 | ||
# Current specification requires "text/plain" or no content header at all. | ||
# It seems that "text/plain" is a safe option. | ||
default_type "text/plain"; | ||
|
||
# This directory must be the same as in /etc/letsencrypt/cli.ini | ||
# as "webroot-path" parameter. Also don't forget to set "authenticator" parameter | ||
# there to "webroot". | ||
# Do NOT use alias, use root! Target directory is located here: | ||
# /var/www/common/letsencrypt/.well-known/acme-challenge/ | ||
root /data/letsencrypt-acme-challenge; | ||
} | ||
|
||
# Hide /acme-challenge subdirectory and return 404 on all requests. | ||
# It is somewhat more secure than letting Nginx return 403. | ||
# Ending slash is important! | ||
location = /.well-known/acme-challenge/ { | ||
return 404; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
add_header X-Served-By $host; | ||
proxy_set_header Host $host; | ||
proxy_set_header X-Forwarded-Scheme $scheme; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
proxy_set_header X-Forwarded-For $remote_addr; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_pass $forward_scheme://$server:$port$request_uri; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
server { | ||
listen 127.0.0.1:9081; | ||
server_name localhost-geoip2; | ||
|
||
location / { | ||
charset utf-8; | ||
|