nalalangan/fiddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
828bb301d6
fiddy/docker/nginx/fiddy.conf

60 lines
1.7 KiB
Plaintext
Raw Blame History

limit_req_zone $binary_remote_addr zone=fiddy_auth:10m rate=10r/m;
limit_req_zone $binary_remote_addr zone=fiddy_write:10m rate=60r/m;
upstream fiddy_web {
server 127.0.0.1:3000;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name fiddy.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name fiddy.example.com;
ssl_certificate /etc/letsencrypt/live/fiddy.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fiddy.example.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
client_max_body_size 10m;
client_body_timeout 15s;
client_header_timeout 15s;
keepalive_timeout 30s;
send_timeout 30s;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
location /api/auth/login {
limit_req zone=fiddy_auth burst=15 nodelay;
include /etc/nginx/includes/fiddy-proxy.conf;
}
location /api/auth/register {
limit_req zone=fiddy_auth burst=15 nodelay;
include /etc/nginx/includes/fiddy-proxy.conf;
}
location ~ ^/api/(entries|buckets|groups|tags|recurring-entries) {
if ($request_method ~* "(POST|PATCH|PUT|DELETE)") {
limit_req zone=fiddy_write burst=40 nodelay;
}
include /etc/nginx/includes/fiddy-proxy.conf;
}
location / {
include /etc/nginx/includes/fiddy-proxy.conf;
}
}
Reference in New Issue View Git Blame Copy Permalink