nalalangan/fiddy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eef058027d
fiddy/docker/nginx/fiddy.conf

83 lines
2.6 KiB
Plaintext
Raw Blame History

limit_req_zone $binary_remote_addr zone=fiddy_auth:10m rate=10r/m;
limit_req_zone $binary_remote_addr zone=fiddy_write:10m rate=60r/m;
limit_conn_zone $binary_remote_addr zone=fiddy_conn:10m;
log_format fiddy_json escape=json
'{'
'"time":"$time_iso8601",'
'"remote_addr":"$remote_addr",'
'"request_id":"$request_id",'
'"request_method":"$request_method",'
'"uri":"$request_uri",'
'"status":$status,'
'"bytes_sent":$body_bytes_sent,'
'"request_time":$request_time,'
'"upstream_addr":"$upstream_addr",'
'"upstream_status":"$upstream_status",'
'"upstream_response_time":"$upstream_response_time",'
'"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
upstream fiddy_web {
server 127.0.0.1:3000;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name fiddy.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name fiddy.example.com;
server_tokens off;
access_log /var/log/nginx/fiddy-access.log fiddy_json;
error_log /var/log/nginx/fiddy-error.log warn;
ssl_certificate /etc/letsencrypt/live/fiddy.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fiddy.example.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
client_max_body_size 10m;
client_body_timeout 15s;
client_header_timeout 15s;
keepalive_timeout 30s;
send_timeout 30s;
limit_conn fiddy_conn 50;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-Request-Id $request_id always;
location /api/auth/login {
limit_req zone=fiddy_auth burst=15 nodelay;
include /etc/nginx/includes/fiddy-proxy.conf;
}
location /api/auth/register {
limit_req zone=fiddy_auth burst=15 nodelay;
include /etc/nginx/includes/fiddy-proxy.conf;
}
location ~ ^/api/(entries|buckets|groups|tags|recurring-entries) {
if ($request_method ~* "(POST|PATCH|PUT|DELETE)") {
limit_req zone=fiddy_write burst=40 nodelay;
}
include /etc/nginx/includes/fiddy-proxy.conf;
}
location / {
include /etc/nginx/includes/fiddy-proxy.conf;
}
}
Reference in New Issue View Git Blame Copy Permalink