Update nginx
This commit is contained in:
parent
1174971f58
commit
77bb746980
|
@ -1,22 +1,35 @@
|
|||
limit_req_zone $binary_remote_addr zone=lemmy.altesq.net_ratelimit:10m rate=1r/s;
|
||||
|
||||
server {
|
||||
server_name lemmy.altesq.net;
|
||||
server_name lemmy.altesq.net;
|
||||
server_tokens off;
|
||||
|
||||
add_header Referrer-Policy "same-origin";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Frame-Options "DENY";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
# Upload limit, relevant for pictrs
|
||||
client_max_body_size 20M;
|
||||
|
||||
# Send actual client IP upstream
|
||||
include proxy_params;
|
||||
|
||||
# frontend general requests
|
||||
location / {
|
||||
proxy_pass $proxpass;
|
||||
rewrite ^(.+)/+$ $1 permanent;
|
||||
}
|
||||
|
||||
# security.txt
|
||||
location = /.well-known/security.txt {
|
||||
proxy_pass "http://localhost:1234";
|
||||
}
|
||||
|
||||
# backend
|
||||
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known|version|sitemap.xml) {
|
||||
proxy_pass "http://localhost:8536";
|
||||
|
||||
# Send actual client IP upstream
|
||||
include proxy_params;
|
||||
}
|
||||
|
||||
|
||||
location / {
|
||||
proxy_pass http://0.0.0.0:1236;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
|
@ -28,15 +41,16 @@ server {
|
|||
}
|
||||
|
||||
|
||||
|
||||
server {
|
||||
if ($host = lemmy.altesq.net) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
server_name lemmy.altesq.net;
|
||||
server_name lemmy.altesq.net;
|
||||
listen 80;
|
||||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -56,6 +56,23 @@ http {
|
|||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
|
||||
map "$request_method:$http_accept" $proxpass {
|
||||
# If no explicit matches exists below, send traffic to lemmy-ui
|
||||
default "http://localhost:1234";
|
||||
|
||||
# GET/HEAD requests that accepts ActivityPub or Linked Data JSON should go to lemmy.
|
||||
#
|
||||
# These requests are used by Mastodon and other fediverse instances to look up profile information,
|
||||
# discover site information and so on.
|
||||
"~^(?:GET|HEAD):.*?application\/(?:activity|ld)\+json" "http://localhost:8536";
|
||||
|
||||
# All non-GET/HEAD requests should go to lemmy
|
||||
#
|
||||
# Rather than calling out POST, PUT, DELETE, PATCH, CONNECT and all the verbs manually
|
||||
# we simply negate the GET|HEAD pattern from above and accept all possibly $http_accept values
|
||||
"~^(?!(GET|HEAD)).*:" "http://localhost:8536";
|
||||
}
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
|
@ -84,4 +101,3 @@ http {
|
|||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
||||
|
|
|
@ -106,4 +106,4 @@ server {
|
|||
return 404; # managed by Certbot
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue