Skip to content

Instantly share code, notes, and snippets.

@ile

ile/safe.conf

Last active April 11, 2017 22:16
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ile/ef57487dc556ef43d694863224a2f02f to your computer and use it in GitHub Desktop.
Save ile/ef57487dc556ef43d694863224a2f02f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
safe.conf
# optional, we will cache images for a certain time
proxy_cache_path /tmp/cache levels=1:2 keys_zone=embed:30m max_size=1g inactive=24h use_temp_path=off;
# optional - ssl
# disable, if not in use
proxy_ssl_server_name on;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server {
listen 80;
listen 443 default ssl;
resolver 8.8.8.8;
merge_slashes off;
error_log /var/log/nginx/safe.error.log warn;
access_log /var/log/nginx/safe.access.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/safe.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/safe.mydomain.com/privkey.pem;
server_name safe.mydomain.com;
location / {
rewrite ^/(.*) $1 break;
return 400; #if the rewrite won't match
proxy_cache embed;
proxy_cache_valid 1d;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
expires 1M;
proxy_set_header Referer $arg_img;
proxy_set_header "User-Agent" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36";
more_set_headers "Cache-Control" "public";
more_clear_headers "Pragma";
more_clear_headers "Content-disposition";
# we don't want any redirect to anywhere - they could be unsafe
more_clear_headers Location;
proxy_redirect off;
proxy_pass $uri;
}
}
@ile
Copy link
Author

ile commented Apr 5, 2017
edited

Note that this uses more_set_headers and this is how we compile nginx with the said module (the module needs to be compiled in if it is used):

#!/bin/sh

apt-get install -y libpcre3-dev libssl-dev

NGINX_VERSION=1.11.8
MORE_VERSION=0.32

mkdir /tmp/nginx
cd /tmp/nginx
rm -f nginx-${NGINX_VERSION}.tar.gz
rm -f v${MORE_VERSION}.tar.gz
wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
wget https://github.com/openresty/headers-more-nginx-module/archive/v${MORE_VERSION}.tar.gz
rm -rf nginx-${NGINX_VERSION}
rm -rf headers-more-nginx-module-${MORE_VERSION}
tar -xzvf nginx-${NGINX_VERSION}.tar.gz
tar -xzvf v${MORE_VERSION}.tar.gz
cd nginx-${NGINX_VERSION}
useradd -r nginx

./configure \
--user=nginx                          \
--group=nginx                         \
--prefix=/etc/nginx                   \
--sbin-path=/usr/sbin/nginx           \
--conf-path=/etc/nginx/nginx.conf     \
--pid-path=/var/run/nginx.pid         \
--lock-path=/var/run/nginx.lock       \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module        \
--with-http_stub_status_module        \
--with-http_ssl_module                \
--with-pcre                           \
--with-file-aio                       \
--with-http_realip_module             \
--without-http_scgi_module            \
--without-http_uwsgi_module           \
--without-http_fastcgi_module         \
--add-module=/tmp/nginx/headers-more-nginx-module-${MORE_VERSION}

make
make install

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment