96 lines
2.8 KiB
Plaintext
96 lines
2.8 KiB
Plaintext
limit_req_zone $binary_remote_addr zone=vas3k_blog_limit:10m rate=3r/s;
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
server_name www.vas3k.blog www.vas3k.ru vas3k.ru;
|
|
|
|
ssl_certificate /home/vas3k/certs/vas3k.blog.cert.pem;
|
|
ssl_certificate_key /home/vas3k/certs/vas3k.blog.key.pem;
|
|
|
|
rewrite ^(.*) https://vas3k.blog$1 permanent;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name vas3k.blog;
|
|
|
|
charset utf-8;
|
|
client_max_body_size 15M;
|
|
index index.html index.htm;
|
|
|
|
set_real_ip_from 172.17.0.0/16;
|
|
real_ip_header X-Forwarded-For;
|
|
real_ip_recursive on;
|
|
|
|
rewrite ^/favicon.ico$ https://vas3k.blog/static/images/favicon.ico;
|
|
rewrite ^/favicon.png$ https://vas3k.blog/static/images/favicon_32.png;
|
|
|
|
ssl_certificate /home/vas3k/certs/vas3k.blog.cert.pem;
|
|
ssl_certificate_key /home/vas3k/certs/vas3k.blog.key.pem;
|
|
|
|
location /static/ {
|
|
root /home/vas3k/vas3k.blog/frontend/;
|
|
gzip_static on;
|
|
expires max;
|
|
add_header Cache-Control "public";
|
|
}
|
|
|
|
location / {
|
|
limit_req zone=vas3k_blog_limit burst=50 nodelay;
|
|
|
|
add_header "Access-Control-Allow-Origin" "*";
|
|
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
|
|
add_header "Access-Control-Allow-Headers" "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
|
|
add_header "Access-Control-Expose-Headers" "Content-Length,Content-Range";
|
|
add_header "Strict-Transport-Security" "max-age=31536000;includeSubDomains";
|
|
add_header "X-Content-Type-Options" "nosniff";
|
|
add_header "Referrer-Policy" "strict-origin-when-cross-origin";
|
|
add_header "Permissions-Policy" "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()";
|
|
|
|
proxy_set_header "Host" $http_host;
|
|
proxy_set_header "X-Forwarded-For" $proxy_add_x_forwarded_for;
|
|
proxy_set_header "X-Forwarded-Proto" $scheme;
|
|
proxy_redirect off;
|
|
proxy_buffering off;
|
|
|
|
proxy_pass http://0.0.0.0:8022;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name vas3k.com;
|
|
|
|
ssl_certificate /home/vas3k/certs/vas3k.com.cert.pem;
|
|
ssl_certificate_key /home/vas3k/certs/vas3k.com.key.pem;
|
|
|
|
root /home/vas3k/vas3k_com_static;
|
|
|
|
location / {
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
listen 443 ssl http2 default_server;
|
|
listen [::]:443 ssl http2 default_server;
|
|
|
|
ssl_certificate /home/vas3k/certs/vas3k.blog.cert.pem;
|
|
ssl_certificate_key /home/vas3k/certs/vas3k.blog.key.pem;
|
|
|
|
server_name _;
|
|
|
|
return 404;
|
|
}
|