limit_req_zone $binary_remote_addr zone=jason_whitehorn_us:5m rate=5r/m; | |
server { | |
server_name jason.whitehorn.us; | |
listen 443 ssl; | |
listen [::]:443 ssl; | |
ssl_client_certificate /etc/nginx/whitehorn-ca.crt; | |
ssl_certificate /etc/nginx/jason.whitehorn.us.crt; | |
ssl_certificate_key /etc/nginx/jason.whitehorn.us.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA; | |
ssl_session_cache shared:SSL:10m; | |
ssl_verify_client optional; | |
ssl_verify_depth 2; | |
add_header Strict-Transport-Security max-age=31536000; | |
access_log /etc/nginx/logs/jason_whitehorn_us_access.log compression; | |
location = /blog/author/jason/ { | |
return 301 https://jason.whitehorn.us/blog/; | |
} | |
location = /xmlrpc.php { | |
return 404; | |
} | |
location = /wp-login.php { | |
limit_req zone=jason_whitehorn_us burst=5 nodelay; | |
if ($ssl_client_verify != SUCCESS) { | |
return 403; | |
} | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $host; | |
proxy_pass http://127.0.0.1:8081; | |
} | |
location / { | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Host $host; | |
proxy_pass http://127.0.0.1:8081; | |
} | |
} | |
server { | |
server_name jason.whitehorn.us; | |
listen 80; | |
listen [::]:80; | |
location / { | |
return 301 https://$http_host$request_uri; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment