Skip to content

Instantly share code, notes, and snippets.

@AndreiD

AndreiD/MY NGINX CHEAT SHEET

Last active July 13, 2020 10:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AndreiD/e3af889d253dd45da0ea239fc9cbacb2 to your computer and use it in GitHub Desktop.
Save AndreiD/e3af889d253dd45da0ea239fc9cbacb2 to your computer and use it in GitHub Desktop.
Download ZIP
NGINX CHEAT SHEET
Raw
MY NGINX CHEAT SHEET
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s;
server {
listen 80 default_server;
listen [::]:80 default_server;
client_max_body_size 5M;
root /home/ubuntu/iqlaw_pictures;
location /api/auth/ {
limit_req zone=mylimit;
proxy_pass http://localhost:5555/api/auth/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
}
location /api/ {
proxy_pass http://localhost:5555/api/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
}
location ~ ^/(app/|images/|img/|javascript/|js/|css/|dist/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /home/ubuntu/iqlaw_pictures;
access_log off;
expires 1M;
add_header Cache-Control "public";
autoindex off;
}
}
//--------- for blocking -------------
// ssh: AllowUsers *@34.90.53.171
server {
listen 80;
listen [::]:80;
root /home/ubuntu/what/where_frontend/dist/;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
allow 127.0.0.1/32;
allow 34.90.53.171/32;
deny all;
location / {
try_files $uri $uri/ =404;
error_page 403 /403.html;
}
# allow everyone to see the forbidden page
location = /403.html {
root /var/www/static/errors/;
allow all;
}
location /api_proxy/ {
#error_page 403 /403.html;
#allow 127.0.0.1/32;
#allow 34.90.53.171/32;
#deny all;
proxy_pass http://localhost:1010/api/v1/;
proxy_buffering off;
}
}
==== NETSTATS
limit_req_zone $binary_remote_addr zone=one:10m rate=20r/s;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream netstats {
server 127.0.0.1:3000;
}
# Main website
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name b.to.wtf;
root /var/www/main_website;
index index.html;
}
# Netstats
server {
listen 80;
listen [::]:80;
server_name s.to.wtf;
root /var/www/stats;
index index.html;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket specific
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
#
# Specific for comet or long running HTTP requests, don't buffer up the
# response from origin servers but send them directly to the client.
#
proxy_buffering off;
#
# Bump the timeout's so someting sensible so our connections don't
# disconnect automatically. We've set it to 12 hours.
#
proxy_connect_timeout 43200000;
proxy_read_timeout 43200000;
proxy_send_timeout 43200000;
proxy_pass http://netstats;
proxy_redirect off;
}
}
/var/www/static/errors/403.html
<!DOCTYPE html><html><head> <link href="https://fonts.googleapis.com/css?family=Ropa+Sans" rel="stylesheet"> <style>body{font-family: 'Ropa Sans', sans-serif; margin-top: 30px; background-color: #F0CA00; background-color: #F3661C; text-align: center; color: #fff;}.error-heading{margin: 50px auto; width: 250px; border: 5px solid #fff; font-size: 126px; line-height: 126px;}.error-heading img{width: 100%;}.error-main h1{font-size: 72px; margin: 0px; color: #F3661C; text-shadow: 0px 0px 5px #fff;}</style></head><body> <div class="error-main"> <h1>Oops!</h1> <div class="error-heading">403</div><p>Seems you do not have permission to access this...</p></div></body></html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment