# optional, we will cache images for a certain time | |
proxy_cache_path /tmp/cache levels=1:2 keys_zone=embed:30m max_size=1g inactive=24h use_temp_path=off; | |
# optional - ssl | |
# disable, if not in use | |
proxy_ssl_server_name on; | |
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
server { | |
listen 80; | |
listen 443 default ssl; | |
resolver 8.8.8.8; | |
merge_slashes off; | |
error_log /var/log/nginx/safe.error.log warn; | |
access_log /var/log/nginx/safe.access.log; | |
ssl on; | |
ssl_certificate /etc/letsencrypt/live/safe.mydomain.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/safe.mydomain.com/privkey.pem; | |
server_name safe.mydomain.com; | |
location / { | |
rewrite ^/(.*) $1 break; | |
return 400; #if the rewrite won't match | |
proxy_cache embed; | |
proxy_cache_valid 1d; | |
proxy_cache_use_stale error timeout invalid_header updating | |
http_500 http_502 http_503 http_504; | |
expires 1M; | |
proxy_set_header Referer $arg_img; | |
proxy_set_header "User-Agent" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36"; | |
more_set_headers "Cache-Control" "public"; | |
more_clear_headers "Pragma"; | |
more_clear_headers "Content-disposition"; | |
# we don't want any redirect to anywhere - they could be unsafe | |
more_clear_headers Location; | |
proxy_redirect off; | |
proxy_pass $uri; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
ile commentedApr 5, 2017
•
edited
Note that this uses more_set_headers and this is how we compile nginx with the said module (the module needs to be compiled in if it is used):