Delete 'aries/anginx/nginx.conf'
This commit is contained in:
@@ -1,155 +0,0 @@
|
|||||||
user www www;
|
|
||||||
|
|
||||||
worker_processes 4; # one per CPU core
|
|
||||||
worker_priority 15;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 512;
|
|
||||||
accept_mutex on;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
http {
|
|
||||||
# timeouts
|
|
||||||
client_body_timeout 3s;
|
|
||||||
client_header_timeout 3s;
|
|
||||||
keepalive_timeout 75s;
|
|
||||||
send_timeout 9s;
|
|
||||||
|
|
||||||
# general
|
|
||||||
charset utf-8;
|
|
||||||
client_max_body_size 512M;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
gzip off;
|
|
||||||
gzip_static on;
|
|
||||||
gzip_proxied any;
|
|
||||||
ignore_invalid_headers on;
|
|
||||||
include mime.types;
|
|
||||||
keepalive_requests 50;
|
|
||||||
keepalive_disable none;
|
|
||||||
max_ranges 0;
|
|
||||||
msie_padding off;
|
|
||||||
open_file_cache max=1000 inactive=2h;
|
|
||||||
open_file_cache_errors on;
|
|
||||||
open_file_cache_min_uses 1;
|
|
||||||
open_file_cache_valid 1h;
|
|
||||||
output_buffers 1 512;
|
|
||||||
postpone_output 1460;
|
|
||||||
read_ahead 512K;
|
|
||||||
recursive_error_pages on;
|
|
||||||
reset_timedout_connection on;
|
|
||||||
sendfile on;
|
|
||||||
server_tokens off;
|
|
||||||
server_name_in_redirect off;
|
|
||||||
source_charset utf-8;
|
|
||||||
tcp_nodelay on;
|
|
||||||
tcp_nopush off;
|
|
||||||
|
|
||||||
# log format
|
|
||||||
#log_format main <INCOMPLETE>
|
|
||||||
|
|
||||||
# proxy settings
|
|
||||||
proxy_max_temp_file_size 0;
|
|
||||||
proxy_connect_timeout 900;
|
|
||||||
proxy_send_timeout 900;
|
|
||||||
proxy_read_timeout 900;
|
|
||||||
proxy_buffer_size 4k;
|
|
||||||
proxy_buffers 4 32k;
|
|
||||||
proxy_busy_buffers_size 64k;
|
|
||||||
proxy_temp_file_write_size 64k;
|
|
||||||
proxy_intercept_errors on;
|
|
||||||
|
|
||||||
# no cache configured currently...
|
|
||||||
#proxy_cache_path /disk01/web_cache levels=1:2 keys_zone=webcache:10m inactive=1d max_size=2000m;
|
|
||||||
#proxy_temp_path /disk01/web_cache/tmp;
|
|
||||||
#proxy_cache_min_uses 5;
|
|
||||||
|
|
||||||
# limit requests to 250/min. over that will get 503
|
|
||||||
limit_req_zone $binary_remote_addr zone=gulag:10m rate=250r/m;
|
|
||||||
|
|
||||||
# # define internal IPs here
|
|
||||||
# geo $internal_network {
|
|
||||||
# default 0;
|
|
||||||
# 192.168.0.0/24 1;
|
|
||||||
# }
|
|
||||||
|
|
||||||
# backend web servers. backup directive indicates hot failover
|
|
||||||
# upstream backend_web_servers {
|
|
||||||
# server 192.168.0.26 max_fails=250 fail_timeout=180s;
|
|
||||||
# server 192.168.0.27 max_fails=250 fail_timeout=180s;
|
|
||||||
# server 192.168.0.28 backup;
|
|
||||||
# }
|
|
||||||
|
|
||||||
# clients (ie. scanners) looking for servers via IP get error page
|
|
||||||
server {
|
|
||||||
add_header Cache-Control "public";
|
|
||||||
# add_header X-Frame-Options "DENY";
|
|
||||||
access_log /var/log/nginx/access.log; #main buffer=32k;
|
|
||||||
error_log /var/log/nginx/error.log error;
|
|
||||||
expires 30d;
|
|
||||||
listen 80;
|
|
||||||
server_name "";
|
|
||||||
|
|
||||||
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 /error_page.html;
|
|
||||||
location /error_page_generic.html {
|
|
||||||
internal;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# only expose Calibre as non-HTTPS
|
|
||||||
server {
|
|
||||||
add_header Cache-Control "public";
|
|
||||||
access_log /var/log/nginx/access.log; #main buffer=32k;
|
|
||||||
error_log /var/log/nginx/error.log error;
|
|
||||||
expires max;
|
|
||||||
limit_req zone=gulag burst=200 nodelay;
|
|
||||||
listen 8080;
|
|
||||||
server_name books.secmayl.com;
|
|
||||||
root /var/empty;
|
|
||||||
|
|
||||||
location ~ /get/(thumb|cover) {
|
|
||||||
#proxy_redirect off;
|
|
||||||
proxy_set_header Host books.secmayl.com;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass "http://192.168.0.20:8080$request_uri";
|
|
||||||
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_send_timeout 300;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
send_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
#proxy_redirect off;
|
|
||||||
proxy_set_header Host books.secmayl.com;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_pass "http://192.168.0.20:8080$request_uri";
|
|
||||||
|
|
||||||
auth_basic "Restricted Access";
|
|
||||||
auth_basic_user_file /usr/home/chucklz/certs/reporting.users;
|
|
||||||
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_send_timeout 300;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
send_timeout 300;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# redirect HTTP to HTTPS
|
|
||||||
server {
|
|
||||||
add_header Cache-Control "public";
|
|
||||||
access_log /var/log/nginx/access.log; #main buffer=32k;
|
|
||||||
error_log /var/log/nginx/error.log error;
|
|
||||||
expires max;
|
|
||||||
limit_req zone=gulag burst=200 nodelay;
|
|
||||||
listen 80;
|
|
||||||
server_name *.secmayl.com *.manios.ca;
|
|
||||||
root /var/empty;
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
# import client config files. the idea here is to clone configs for easy addition
|
|
||||||
include conf.d/*.conf;
|
|
||||||
}
|
|
||||||
Reference in New Issue
Block a user