Last active
October 1, 2021 19:55
-
-
Save kelexel/9255744e533a21e624b8d599f8507491 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | |
if ($http_origin ~* ^http(?:s)*?://(?:w[0-9]-)*(?:ovh-cache|ovh-cdn|manager|push|cache|cdn).*(?:domain\.net)(?::[0-9]+)? ) { | |
set $cors 'true'; | |
} | |
# test for empty variables will default to 'testtrue' | |
set $cors_allow_origin_test "test${cors}${cors_allow_origin}"; | |
set $cors_allow_credentials_test "test${cors}${cors_allow_credentials}"; | |
set $cors_allow_headers_test "test${cors}${cors_allow_headers}"; | |
set $cors_allow_methods_test "test${cors}${cors_allow_methods}"; | |
set $cors_max_age_test "test${cors}${cors_max_age}"; | |
set $cors_debug "false"; | |
if ($cors_allow_origin_test = 'testtrue') { | |
set $cors_allow_origin "$http_origin"; | |
} | |
if ($cors_allow_credentials_test = 'testtrue' ) { | |
set $cors_allow_credentials 'true'; | |
} | |
if ($cors_allow_headers_test = 'testtrue') { | |
set $cors_allow_headers 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-Request'; | |
} | |
if ($cors_allow_methods_test = 'testtrue') { | |
set $cors_allow_methods 'GET, POST, OPTIONS'; | |
} | |
if ($cors_max_age_test = 'testtrue') { | |
set $cors_max_age 172800; | |
} | |
if ($request_method = 'GET') { | |
set $cors_method "${cors}get"; | |
# Blank out headers we don't need | |
set $cors_allow_headers ''; | |
set $cors_allow_methods ''; | |
set $cors_max_age ''; | |
} | |
if ($request_method = 'POST') { | |
set $cors_method "${cors}post"; | |
# Blank out headers we don't need | |
set $cors_allow_headers ''; | |
set $cors_allow_methods ''; | |
set $cors_max_age ''; | |
} | |
if ($request_method = 'OPTIONS') { | |
set $cors_method "${cors}options"; | |
} | |
# Headers valid for GET/POST/OPTIONS | |
# add_header 'DEBUG-CORS-ON' $cors; | |
# add_header 'DEBUG-CORS-ORIGIN' $cors_allow_origin; | |
# add_header 'Access-Control-Allow-Origin' $cors_allow_origin; | |
# add_header 'Access-Control-Allow-Credentials' $cors_allow_credentials; | |
# | |
# # Headers valid for OPTIONS | |
# add_header 'Access-Control-Max-Age' $cors_max_age; | |
# add_header 'Access-Control-Allow-Methods' $cors_allow_methods; | |
# add_header 'Access-Control-Allow-Headers' $cors_allow_headers; | |
# # Headers valid for GET/POST/OPTIONS | |
more_set_headers 'DEBUG-CORS-ON: $cors'; | |
more_set_headers 'DEBUG-CORS-ORIGIN: $cors_allow_origin'; | |
more_set_headers 'Access-Control-Allow-Origin: $cors_allow_origin'; | |
more_set_headers 'Access-Control-Allow-Credentials: $cors_allow_credentials'; | |
# Headers valid for OPTIONS | |
more_set_headers 'Access-Control-Max-Age: $cors_max_age'; | |
more_set_headers 'Access-Control-Allow-Methods: $cors_allow_methods'; | |
more_set_headers 'Access-Control-Allow-Headers: $cors_allow_headers'; | |
if ($cors_method = 'trueoptions') { | |
return 204; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name cache.domain.net ovh-cache.domain.net w2-cache.domain.net w3-cache.domain.net w4-cache.domain.net w5-cache.domain.net w6-cache.domain.net edge-cache.domain.net; | |
location / { | |
return 301 https://$server_name$request_uri; | |
} | |
} | |
server { | |
listen 443 ssl; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
index index.html; | |
server_name cache.domain.net ovh-cache.domain.net w2-cache.domain.net w3-cache.domain.net w4-cache.domain.net w5-cache.domain.net w6-cache.domain.net edge-cache.domain.net cache.domain.lan.new-net.net; | |
ssl_certificate ssl/domain.pem; | |
ssl_certificate_key ssl/domain.key; | |
ssl_session_cache shared:SSL:1m; | |
ssl_session_timeout 5m; | |
ssl_ciphers HIGH:!aNULL:!MD5; | |
ssl_prefer_server_ciphers on; | |
access_log /var/log/nginx/cache.domain.net-access.log; | |
error_log /var/log/nginx/cache.domain.net-error.log; | |
# rewrite_log on; | |
include /usr/local/etc/nginx/vhosts/https/cors2.inc; | |
location ~* "(/cache/vault/[a-z0-9]{32}/images)" { | |
# include /usr/local/etc/nginx/vhosts/https/cors.inc; | |
# expires 1M; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
access_log off; | |
log_not_found off; | |
rewrite_log off; | |
error_log /var/log/nginx/cache.domain.net-images-error.log; | |
rewrite "^(/cache/vault/[a-z0-9]{32}/images/)([a-z]{2,3}_[a-z0-9-]*)*([a-z0-9])([a-z0-9])([a-z0-9])([a-z0-9]{29})(\.jpg|\.png|\.gif|\.jpeg)$" /cache/vault/images/$3/$4/$5/$3$4$5$6/$2$3$4$5$6$7 break; | |
} | |
location ~* "(?:/cache/vault/[a-z0-9]{32}/presentations)" { | |
# include /usr/local/etc/nginx/vhosts/https/cors.inc; | |
# expires 1M; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
access_log off; | |
log_not_found off; | |
rewrite_log off; | |
error_log /var/log/nginx/cache.domain.net-presentations-error.log; | |
error_page 405 =200 $uri; | |
rewrite "^(/cache/vault/[a-z0-9]{32}/presentations/converted/)([a-z0-9]{1})([a-z0-9]{1})([a-z0-9]{1})([a-z0-9]{29})/((?:[0-9]{1,}/)*(?:[a-zA-Z0-9\._-]*)[\.jpg|\.png|\.gif|\.jpeg|\.JSON5])$" /cache/vault/presentations/$2/$3/$4/$2$3$4$5/converted/$6 break; | |
} | |
location ~* "(?:/cache/vault/[a-z0-9]{32}/slides)" { | |
# include /usr/local/etc/nginx/vhosts/https/cors.inc; | |
# expires 1M; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
access_log off; | |
log_not_found off; | |
rewrite_log off; | |
rewrite "^(?:/cache/vault/)([A-Za-z0-9]{32})/slides/([A-Za-z0-9]{32})/([A-Za-z0-9]{32}(?:\.jpg|\.png|\.gif|\.jpeg))$" /cache/events/$1/slides/$2/$3 break; | |
error_log /var/log/nginx/cache.domain.net-slides-error.log; | |
} | |
location / { | |
return 404; | |
} | |
location ~* "(?:/cache/vault/themes/([a-z0-9]{32}/public\.css))" { | |
# expires 1M; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
# proxy_no_cache 1; | |
# expires off; | |
access_log off; | |
log_not_found off; | |
try_files /cache/themes/$1 /assets/css/public_default.css; | |
} | |
location ~* "(?:/cache/vault/themes/([a-z0-9]{32}/display\.css))" { | |
# expires 1M; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
# proxy_no_cache 1; | |
# expires off; | |
access_log off; | |
log_not_found off; | |
try_files /cache/themes/$1 /assets/css/display_default.css; | |
} | |
location ~* "(?:/cache/vault/themes/[a-z0-9]{32}/images)" { | |
# include /usr/local/etc/nginx/vhosts/https/cors.inc; | |
# expires 1M; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
access_log off; | |
log_not_found off; | |
# rewrite_log off; | |
rewrite "^(?:/cache/vault/themes/)([A-Za-z0-9]{32})/images/([a-z]{0,3}_[a-z]{2,3}-){0,1}(([A-Za-z0-9])([A-Za-z0-9])([A-Za-z0-9])[A-Za-z0-9]{29})(\.jpg|\.png|\.gif|\.jpeg)" /cache/vault/images/$4/$5/$6/$3/$3$7 break; | |
error_log /var/log/nginx/cache.domain.net-themes-error.log; | |
} | |
location ~* "(?:/cache/vault/[a-z0-9]{32}/assets)" { | |
# include /usr/local/etc/nginx/vhosts/https/cors.inc; | |
# expires 1M; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
access_log off; | |
log_not_found off; | |
# rewrite_log on; | |
rewrite "^(?:/cache/vault/[a-z0-9]{32}/assets/(images/[a-z]*/[a-z0-9_]*(?:\.jpg|\.png|\.gif|\.jpeg)))$" /assets/$1 break; | |
error_log /var/log/nginx/cache.domain.net-assets-error.log; | |
} | |
location ~* "(?:/cache/i18n/(.*)(?:\?.*))" { | |
# include /usr/local/etc/nginx/vhosts/https/cors.inc; | |
# expires 1M; | |
root /home/www/domain/sources/app/domain/htdocs-manager; | |
try_files /cache/i18n/$1 | |
access_log off; | |
log_not_found off; | |
error_log /var/log/nginx/cache.domain.net-i18n-error.log; | |
} | |
# Media: images, icons, video, audio, HTC | |
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff|woff2|ttf|eot)$ { | |
expires 1M; | |
access_log off; | |
# add_header Cache-Control "public"; | |
} | |
location ~* \.(?:json|json5)$ { | |
expires 5m; | |
access_log off; | |
# add_header Cache-Control "public"; | |
} | |
# CSS and Javascript | |
location ~* \.(?:css|js)$ { | |
expires 10m; | |
access_log off; | |
# add_header Cache-Control "public"; | |
} | |
location = /robots.txt { | |
allow all; | |
log_not_found off; | |
access_log off; | |
} | |
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { | |
deny all; | |
} | |
location ~ ^/(bin|SQL)/ { | |
deny all; | |
} | |
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). | |
location ~ /\. { | |
deny all; | |
access_log off; | |
log_not_found off; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
load_module /usr/local/libexec/nginx/ngx_http_headers_more_filter_module.so; | |
pid /var/run/nginx.pid; | |
user nobody; | |
worker_processes 4; | |
error_log /var/log/nginx-error.log warn; | |
worker_rlimit_nofile 65535; | |
events { | |
worker_connections 8096; | |
multi_accept on; | |
} | |
http { | |
access_log off; | |
include /usr/local/etc/nginx/mime.types; | |
server_tokens off; | |
sendfile on; | |
tcp_nopush on; | |
gzip on; | |
gzip_vary on; | |
gzip_types | |
application/atom+xml | |
application/javascript | |
application/x-javascript | |
application/json | |
application/ld+json | |
application/manifest+json | |
application/rss+xml | |
application/x-web-app-manifest+json | |
application/xhtml+xml | |
application/xml | |
font/opentype | |
image/png | |
image/gif | |
image/bmp | |
image/svg+xml | |
image/x-icon | |
text/cache-manifest | |
text/css | |
text/plain | |
text/x-component | |
text/x-cross-domain-policy | |
application/x-font-ttf | |
application/x-font-truetype | |
application/x-font-opentype | |
application/font-woff | |
application/font-woff2 | |
application/vnd.ms-fontobject | |
application/font-sfnt | |
; | |
gzip_disable "MSIE [1-6]\."; | |
fastcgi_read_timeout 300; | |
client_max_body_size 300M; | |
client_body_buffer_size 128k; | |
# proxy_read_timeout 240; | |
proxy_connect_timeout 240s; | |
proxy_read_timeout 240s; | |
proxy_send_timeout 240s; | |
include /usr/local/etc/nginx/vhosts/_HTTP_PROTOCOL_/*.conf; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment