root/turtle-wow-source-kinda
1
0
Fork 0
mirror of https://github.com/brian8544/turtle-wow.git synced 2024-12-29 02:44:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f36abf4de1
turtle-wow-source-kinda/Dumps/Source Code/20 - Development_turtle-logs/main/Deploy/conf/nginx.conf
Brian Oost a1d5bb70b2 Init
2024-08-06 18:06:40 +02:00

201 lines
6.1 KiB
Nginx Configuration File
Raw Blame History

worker_processes 16;
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
events {
worker_connections 8096;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nodelay on;
tcp_nopush on;
server_tokens off;
types_hash_max_size 4096;
client_body_buffer_size 30K;
client_header_buffer_size 10k;
client_max_body_size 50m;
large_client_header_buffers 2 10k;
client_body_timeout 120;
client_header_timeout 120;
keepalive_timeout 600;
send_timeout 120;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
open_file_cache max=2000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
map $http_accept $webp_suffix {
default "";
"~*webp" ".webp";
}
geo $limit {
default 1;
#10.0.0.0/8 0;
#192.168.0.0/24 0;
}
map $limit $limit_key {
0 "";
1 $binary_remote_addr;
}
limit_req_zone $limit_key zone=req_zone:30m rate=500r/s;
server {
listen 8080;
server_name nginx;
location = /stub_status {
stub_status;
}
}
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name legacyplayers.com;
rewrite ^/ads.txt$ https://adstxt.venatusmedia.com/master_ads.txt permanent;
return https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name alpha.legacyplayers.com www.legacyplayers.com;
ssl_certificate /etc/letsencrypt/live/alpha.legacyplayers.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/alpha.legacyplayers.com/privkey.pem;
return 301 https://legacyplayers.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name legacyplayers.com;
rewrite ^/ads.txt$ https://adstxt.venatusmedia.com/master_ads.txt permanent;
ssl_certificate /etc/letsencrypt/live/legacyplayers.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/legacyplayers.com/privkey.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/legacyplayers.com/chain.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000" always;
#add_header Content-Security-Policy "default-src 'self' https://www.google-analytics.com https://hb.vntsm.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com storage.googleapis.com https://hb.vntsm.com; img-src 'self' www.googletagmanager.com www.google-analytics.com https://hb.vntsm.com data:; object-src 'none'";
#add_header Content-Security-Policy "default-src 'self' https://www.youtube.com/embed/xMIu30afqR0; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com; img-src 'self' data:; object-src 'none'";
# Hardening
if ($request_method !~ ^(GET|HEAD|POST|DELETE)$ )
{
return 405;
}
# Regular configuration
root /var/www/html/;
charset UTF-8;
# Brotli
brotli on;
brotli_static on;
brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
brotli_comp_level 6;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /grafana/ {
limit_req zone=req_zone burst=500 nodelay;
limit_req_status 429;
root /usr/share/grafana/;
proxy_pass http://127.0.0.1:3000/;
}
location /API/ {
limit_req zone=req_zone burst=500 nodelay;
limit_req_status 429;
proxy_pass http://127.0.0.1:8000;
}
location / {
limit_req zone=req_zone burst=500 nodelay;
limit_req_status 429;
location ~/model_viewer/ {
root /var/www/;
location ~/(meta|mo3|textures|viewer)/ {
add_header Access-Control-Allow-Origin "*";
try_files $uri $uri/;
}
location ~/bg.png {
add_header Access-Control-Allow-Origin "*";
try_files $uri $uri/;
}
proxy_pass http://127.0.0.1:5555;
}
location ~/uploads/ {
root /var/www/;
}
location ~* ^.+\.(jpe?g|png) {
add_header Cache-Control "public, no-transform";
add_header Vary "Accept-Encoding";
try_files $uri$webp_suffix $uri= 404;
access_log off;
log_not_found off;
expires 1y;
add_header Cache-Control "public, no-transform";
}
location ~* .(jpg|jpeg|png|gif|ico|webp|css|js)$ {
access_log off;
log_not_found off;
expires 1y;
add_header Cache-Control "public";
}
location ~* \.zip {
proxy_no_cache 1;
proxy_cache_bypass 1;
}
try_files $uri $uri/ /index.html;
}
}
}
Reference in New Issue View Git Blame Copy Permalink