Skip to content

Instantly share code, notes, and snippets.

@mickael-kerjean
Last active November 20, 2024 00:13
Show Gist options
  • Save mickael-kerjean/7dafd73ebaa57bea3f377fb68e531d0d to your computer and use it in GitHub Desktop.
Save mickael-kerjean/7dafd73ebaa57bea3f377fb68e531d0d to your computer and use it in GitHub Desktop.
filestash-nginx.conf
# cat /etc/nginx/sites-enabled/default
server {
server_name demo.filestash.app;
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/demo.filestash.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/demo.filestash.app/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 10240M;
location / {
# that's how we blocked those who abuse the demo service
deny 87.120.112.0/24;
deny 87.120.113.0/24;
deny 66.179.208.51;
deny 20.196.10.0/24;
deny 20.173.64.0/24;
deny 15.235.43.0/24;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Origin '';
proxy_busy_buffers_size 1024k;
proxy_buffers 32 1024k;
proxy_buffer_size 1024k;
proxy_pass http://127.0.0.1:8334;
proxy_read_timeout 86400;
}
}
server {
if ($host = demo.filestash.app) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name demo.filestash.app;
return 301 https://$server_name$request_uri;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment