nginx: update nginx.conf, ditch nginx-site.conf
This commit is contained in:
parent
58585dd41f
commit
569a9df5a0
|
@ -1,52 +0,0 @@
|
|||
geo $allowlist {
|
||||
default 0;
|
||||
# CIDR in the list below are using a more lenient limiter
|
||||
1.2.3.4/32 1;
|
||||
}
|
||||
|
||||
map $allowlist $limit {
|
||||
0 $binary_remote_addr;
|
||||
1 "";
|
||||
}
|
||||
|
||||
map $allowlist $limit_loose {
|
||||
1 $binary_remote_addr;
|
||||
0 "";
|
||||
}
|
||||
|
||||
# allow 6 requests per min -> one each 10s on avg.
|
||||
limit_req_zone $limit zone=search_email:10m rate=1r/s;
|
||||
limit_req_zone $limit_loose zone=search_email_loose:10m rate=1r/m;
|
||||
limit_req_zone $limit zone=search_fpr_keyid:10m rate=5r/s;
|
||||
|
||||
proxy_cache_path /tmp/nginx_cache use_temp_path=off keys_zone=static_cache:10m;
|
||||
proxy_cache_valid 200 5m;
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl ipv6only=on; # managed by Certbot
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/edge.keys.openpgp.org/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/edge.keys.openpgp.org/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
rewrite_log on;
|
||||
error_log /home/hagrid/error.log notice;
|
||||
|
||||
root /home/hagrid/run/public;
|
||||
server_name edge.keys.openpgp.org; # managed by Certbot
|
||||
|
||||
include hagrid-routes.conf;
|
||||
}
|
||||
|
||||
server {
|
||||
if ($host = edge.keys.openpgp.org) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
|
||||
|
||||
listen 80 ;
|
||||
listen [::]:80 ;
|
||||
server_name edge.keys.openpgp.org;
|
||||
return 404; # managed by Certbot
|
||||
}
|
33
nginx.conf
33
nginx.conf
|
@ -1,24 +1,39 @@
|
|||
error_log stderr;
|
||||
pid nginx/nginx.pid;
|
||||
pid nginx.pid;
|
||||
daemon off;
|
||||
|
||||
http {
|
||||
# allow 6 requests per min -> one each 10s on avg.
|
||||
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=6r/m;
|
||||
geo $allowlist {
|
||||
default 0;
|
||||
# CIDR in the list below are using a more lenient limiter
|
||||
1.2.3.4/32 1;
|
||||
}
|
||||
|
||||
proxy_cache_path /tmp/nginx_cache use_temp_path=off keys_zone=static_cache:10m;
|
||||
proxy_cache_valid 200 5m;
|
||||
map $allowlist $limit {
|
||||
0 $binary_remote_addr;
|
||||
1 "";
|
||||
}
|
||||
|
||||
map $allowlist $limit_loose {
|
||||
1 $binary_remote_addr;
|
||||
0 "";
|
||||
}
|
||||
|
||||
# limit zones are used in hagrid-routes.conf
|
||||
limit_req_zone $limit zone=search_email:10m rate=1r/s;
|
||||
limit_req_zone $limit_loose zone=search_email_loose:10m rate=1r/m;
|
||||
limit_req_zone $binary_remote_addr zone=search_fpr_keyid:10m rate=5r/s;
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:8090;
|
||||
|
||||
access_log nginx/access_log;
|
||||
access_log stderr;
|
||||
|
||||
# To debug the rewrite rules, enable these directives:
|
||||
#error_log stderr notice;
|
||||
#rewrite_log on;
|
||||
# error_log stderr notice;
|
||||
# rewrite_log on;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
# include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
root dist/public;
|
||||
|
|
Loading…
Reference in New Issue