-
-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
160 additions
and
97 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,160 @@ | ||
| types | ||
| { | ||
| # nginx's default mime.types doesn't include a mapping for wasm | ||
| application/wasm wasm; | ||
| } | ||
|
|
||
| # | ||
| # Limit the number of connections to 50 per IP address to prevent DDoS attack | ||
| # | ||
| limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; | ||
|
|
||
| # | ||
| # Limit the request rate to 100 requests per second per IP address to prevent DDoS attack | ||
| # | ||
| limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s; | ||
|
|
||
| # | ||
| # cdn | ||
| # | ||
| server | ||
| { | ||
| # limit_conn conn_limit_per_ip 50; | ||
| # limit_req zone=req_limit_per_ip burst=50 nodelay; | ||
|
|
||
| listen 443 default_server ssl; | ||
| # listen [::]:443 default_server ssl; | ||
|
|
||
| # RSA certificate | ||
| ssl_certificate /etc/letsencrypt/live/wexdev.dynv6.net/fullchain.pem; # managed by Certbot | ||
| ssl_certificate_key /etc/letsencrypt/live/wexdev.dynv6.net/privkey.pem; # managed by Certbot | ||
|
|
||
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | ||
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | ||
|
|
||
| root /var/www/html; | ||
|
|
||
| # Add index.php to the list if you are using PHP | ||
| index index.html index.htm index.nginx-debian.html; | ||
|
|
||
| server_name _; | ||
|
|
||
| location /cdn | ||
| { | ||
| alias /var/www/cdn; | ||
| } | ||
|
|
||
| location /.well-known | ||
| { | ||
| alias /usr/share/nginx/html/.well-known; | ||
| } | ||
| location / | ||
| { | ||
| return 403; | ||
| } | ||
|
|
||
| error_page 404 /404.html; | ||
| location = /404.html | ||
| { | ||
| root /usr/share/nginx/html; | ||
| internal; | ||
| } | ||
|
|
||
| error_page 403 /403.html; | ||
| location = /403.html | ||
| { | ||
| root /usr/share/nginx/html; | ||
| internal; | ||
| } | ||
|
|
||
| error_page 500 502 503 504 /50x.html; | ||
| location = /50x.html | ||
| { | ||
| root /usr/share/nginx/html; | ||
| internal; | ||
| } | ||
| } | ||
|
|
||
| # | ||
| # redirect http to https | ||
| # | ||
| server | ||
| { | ||
| listen 80 default_server; | ||
| server_name _; | ||
| return 301 https://$host$request_uri; | ||
| } | ||
|
|
||
| # | ||
| # frontend | ||
| # | ||
| server | ||
| { | ||
| listen 8002 ssl; | ||
| server_name _; | ||
|
|
||
| ssl_certificate_key /etc/letsencrypt/live/wexdev.dynv6.net/privkey.pem; | ||
| ssl_certificate /etc/letsencrypt/live/wexdev.dynv6.net/fullchain.pem; | ||
|
|
||
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | ||
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | ||
|
|
||
| error_page 497 301 =307 https://$host:$server_port$request_uri; | ||
|
|
||
| access_log /var/log/nginx/wexcommerce.frontend.access.log; | ||
| error_log /var/log/nginx/wexcommerce.frontend.error.log; | ||
|
|
||
| location / | ||
| { | ||
| proxy_pass http://127.0.0.1:8006; | ||
|
|
||
| proxy_http_version 1.1; | ||
| proxy_read_timeout 900; | ||
|
|
||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection 'upgrade'; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Forwarded-Host $host; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
|
|
||
| proxy_cache_bypass $http_upgrade; | ||
| } | ||
| } | ||
|
|
||
| # | ||
| # backend | ||
| # | ||
| server | ||
| { | ||
| listen 8001 ssl; | ||
| server_name _; | ||
|
|
||
| error_page 497 301 =307 https://$host:$server_port$request_uri; | ||
|
|
||
| ssl_certificate_key /etc/letsencrypt/live/wexdev.dynv6.net/privkey.pem; | ||
| ssl_certificate /etc/letsencrypt/live/wexdev.dynv6.net/fullchain.pem; | ||
|
|
||
| include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | ||
| ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | ||
|
|
||
| access_log /var/log/nginx/wexcommerce.backend.access.log; | ||
| error_log /var/log/nginx/wexcommerce.backend.error.log; | ||
|
|
||
| location / | ||
| { | ||
| proxy_pass http://127.0.0.1:8005; | ||
|
|
||
| proxy_http_version 1.1; | ||
| proxy_read_timeout 900; | ||
|
|
||
| proxy_set_header Upgrade $http_upgrade; | ||
| proxy_set_header Connection 'upgrade'; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Forwarded-Host $host; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
|
|
||
| proxy_cache_bypass $http_upgrade; | ||
| } | ||
| } |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.