API tools faq
paste
Advertisement
dimuska139

Untitled

dimuska139
Oct 25th, 2021
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.12 KB | None | 0 0
raw download clone embed print report
  1. server {
  2. if ($host = www.site.ru) {
  3. return 301 https://site.ru$request_uri;
  4. } # managed by Certbot
  5.  
  6.  
  7. if ($host = site.ru) {
  8. return 301 https://$host$request_uri;
  9. } # managed by Certbot
  10.  
  11. listen 80;
  12. server_name site.ru www.site.ru;
  13. return 301 https://site.ru$request_uri;
  14. }
  15.  
  16. upstream ssr {
  17. server 127.0.0.1:3310;
  18. }
  19.  
  20. upstream imgproxy {
  21. server 127.0.0.1:8082;
  22. }
  23.  
  24. proxy_cache_path /opt/site/thumbnail_cache/ levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=3g inactive=7d use_temp_path=off;
  25.  
  26. server {
  27. listen 443 ssl http2;
  28. listen [::]:443 ssl http2;
  29. server_name site.ru www.site.ru;
  30. client_max_body_size 20M;
  31. client_body_buffer_size 20M;
  32. ssl_certificate /etc/letsencrypt/live/site.ru/fullchain.pem; # managed by Certbot
  33. ssl_certificate_key /etc/letsencrypt/live/site.ru/privkey.pem; # managed by Certbot
  34.  
  35. ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  36. ssl_protocols TLSv1.2;
  37.  
  38. add_header Strict-Transport-Security 'max-age=604800';
  39. charset utf-8;
  40.  
  41. gzip on;
  42. gzip_comp_level 7;
  43. gzip_disable "msie6";
  44. gzip_min_length 500;
  45. gzip_proxied any;
  46. gzip_vary on;
  47. gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
  48.  
  49. access_log /var/log/nginx/site.log;
  50.  
  51. if ($host = www.site.ru) {
  52. return 301 https://site.ru$request_uri;
  53. }
  54.  
  55. location /images/ {
  56. root /opt/site/thumbnails_cache;
  57. proxy_pass http://imgproxy/;
  58. proxy_buffering on;
  59. proxy_cache STATIC;
  60. proxy_cache_valid 200 1d;
  61. proxy_cache_use_stale error timeout invalid_header updating
  62. http_500 http_502 http_503 http_504;
  63. proxy_cache_background_update on;
  64. proxy_cache_revalidate on;
  65. proxy_cache_lock on;
  66. expires 30d;
  67. }
  68.  
  69. location ~(\wp\-admin|\.php|\.cgi|\.asp)$ {
  70. access_log /var/log/nginx/deny.log;
  71. deny all;
  72. }
  73.  
  74. location ~ ^/(sitemap|api|rss|atom) {
  75. proxy_set_header Host $host;
  76. proxy_set_header X-Forwarded-Proto $scheme;
  77. proxy_set_header X-Real-IP $remote_addr;
  78. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  79. client_max_body_size 20m;
  80. proxy_pass http://127.0.0.1:3301;
  81. }
  82.  
  83. location / {
  84. rewrite ^/(.*)/$ /$1 permanent;
  85. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  86. proxy_set_header Host $host;
  87. proxy_set_header X-Forwarded-Proto $scheme;
  88. proxy_set_header X-Real-IP $remote_addr;
  89. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  90. proxy_http_version 1.1;
  91. proxy_set_header Upgrade $http_upgrade;
  92. proxy_set_header Connection 'upgrade';
  93. proxy_cache_bypass $http_upgrade;
  94. proxy_pass http://ssr;
  95. }
  96. }
  97.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!