Last active
August 29, 2015 14:10
-
-
Save lmmendes/7e2db2b963f686b065f3 to your computer and use it in GitHub Desktop.
nginx configuration using cloudflare ip and nginx with-http_realip module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream app { | |
| # Path to Unicorn SOCK file, as defined previously | |
| server unix:/servers/sites/backend-saas/shared/tmp/sockets/.unicorn.sock fail_timeout=0; | |
| } | |
| server { | |
| listen 80; | |
| server_name passworks.io; | |
| return 301 $scheme://www.passworks.io$request_uri; | |
| } | |
| server { | |
| listen 80; | |
| server_name www.passworks.io; | |
| add_header X-UA-Compatible "IE=edge"; | |
| # Application root, as defined previously | |
| root /servers/sites/backend-saas/current/public; | |
| try_files $uri/index.html $uri @app; | |
| client_max_body_size 10M; | |
| location @app { | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| proxy_redirect off; | |
| proxy_pass http://app; | |
| # | |
| # Cloudflare IPV4 and IPV6 IP collection | |
| # make sure that you have nginx compiled with `with-http_realip_module` module | |
| # http://nginx.org/en/docs/http/ngx_http_realip_module.html | |
| # see if you have me module compiled using: nginx -V | |
| # | |
| # Updated list of IP's: | |
| # https://www.cloudflare.com/ips-v6 | |
| # https://www.cloudflare.com/ips-v4 | |
| # | |
| set_real_ip_from 199.27.128.0/21; | |
| set_real_ip_from 173.245.48.0/20; | |
| set_real_ip_from 103.21.244.0/22; | |
| set_real_ip_from 103.22.200.0/22; | |
| set_real_ip_from 103.31.4.0/22; | |
| set_real_ip_from 141.101.64.0/18; | |
| set_real_ip_from 108.162.192.0/18; | |
| set_real_ip_from 190.93.240.0/20; | |
| set_real_ip_from 188.114.96.0/20; | |
| set_real_ip_from 197.234.240.0/22; | |
| set_real_ip_from 198.41.128.0/17; | |
| set_real_ip_from 162.158.0.0/15; | |
| set_real_ip_from 104.16.0.0/12; | |
| set_real_ip_from 2400:cb00::/32; | |
| set_real_ip_from 2606:4700::/32; | |
| set_real_ip_from 2803:f800::/32; | |
| set_real_ip_from 2405:b500::/32; | |
| set_real_ip_from 2405:8100::/32; | |
| real_ip_header CF-Connecting-IP; | |
| } | |
| location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/ { | |
| gzip_static on; | |
| expires max; | |
| add_header Cache-Control public; | |
| add_header Last-Modified ""; | |
| add_header ETag ""; | |
| open_file_cache max=1000 inactive=500s; | |
| open_file_cache_valid 600s; | |
| open_file_cache_errors on; | |
| break; | |
| } | |
| error_page 500 502 503 504 /500.html; | |
| keepalive_timeout 10; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment