|
1 | 1 | server { |
2 | | - listen [% modproxyPort %]; |
3 | | - server_name [% sitename %] [% domain %]; |
4 | | - access_log [% domainRoot %]/[% sitename %]/logs/access.log combined |
| 2 | + server_name [% config.get('demo.hostname') %]; |
5 | 3 |
|
6 | | - client_max_body_size 20M; |
7 | | - proxy_set_header X-Real-IP $remote_addr; |
8 | | - proxy_set_header Host $host; |
9 | | - |
10 | | - # block IIS related attacks from getting to WebGUI |
11 | | - location = /^scripts/ { |
12 | | - return 400 |
13 | | - } |
| 4 | + listen [% config.get('nginx/port') %]; ## listen for ipv4 |
14 | 5 |
|
15 | | - location = /^default.ida/ { |
16 | | - return 400 |
17 | | - } |
| 6 | + access_log [% domainRoot %]/[% config.get('demo.hostname') %]/logs/access.log combined; |
| 7 | + root [% domainRoot %]/[% config.get('demo.hostname') %]/public; |
| 8 | + client_max_body_size 20M; |
18 | 9 |
|
19 | | - location = /_vti_bin/ { |
20 | | - return 400 |
| 10 | + # proxy webgui to starman listening on 127.0.0.1 |
| 11 | + location / { |
| 12 | + # proxy_cache static; |
| 13 | + # proxy_cache_valid 200 1s; |
| 14 | + proxy_set_header X-Real-IP $remote_addr; |
| 15 | + proxy_set_header X-Forwarded-For $remote_addr; |
| 16 | + proxy_set_header Host $host; |
| 17 | + proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; |
21 | 18 | } |
22 | 19 |
|
23 | | - location = /_mem_bin/ { |
24 | | - return 400 |
| 20 | + location /extras/ { |
| 21 | + add_header Cache-Control public; |
| 22 | + expires 24h; |
| 23 | + root /data/WebGUI/www/; |
| 24 | + add_header Access-Control-Allow-Origin *; |
25 | 25 | } |
26 | 26 |
|
27 | | - # proxy webgui pages |
28 | | - #ProxyPreserveHost On |
29 | | - #RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P] |
| 27 | + location /uploads/filepump { expires max; } |
| 28 | + location = /default.ida { access_log off; deny all; } |
| 29 | + location /_vti_bin { access_log off; deny all; } |
| 30 | + location /_mem_bin { access_log off; deny all; } |
| 31 | + location ~ /\.(ht|wg) { access_log off; deny all; } |
| 32 | + location = /alive { access_log off; } |
30 | 33 | } |
31 | 34 |
|
32 | | -# Uncomment the following lines to enable SSL for this host. Also, |
33 | | -# change the 10.0.0.1 to the IP address you wish to bind the SSL host |
34 | | -# to. |
35 | 35 |
|
36 | | -#server { |
37 | | -# listen 443; |
38 | | -# server_name [% sitename %] [% domain %]; |
39 | | -# access_log [% domainRoot %]/[% sitename %]/logs/access.log combined |
40 | | -# |
41 | | -# client_max_body_size 20M; |
42 | | -# proxy_set_header X-Real-IP $remote_addr; |
43 | | -# proxy_set_header Host $host; |
44 | | -# |
45 | | -# # block IIS related attacks from getting to WebGUI |
46 | | -# location = /^scripts/ { |
47 | | -# return 400 |
48 | | -# } |
49 | | -# |
50 | | -# location = /^default.ida/ { |
51 | | -# return 400 |
52 | | -# } |
53 | | -# |
54 | | -# location = /_vti_bin/ { |
55 | | -# return 400 |
56 | | -# } |
57 | | -# |
58 | | -# location = /_mem_bin/ { |
59 | | -# return 400 |
60 | | -# } |
61 | | -# |
62 | | -# # For chained certificates, concatenate all the certs together, starting with the |
63 | | -# # site certificate and then the chained certificates |
64 | | -# ssl_certificate [% domainRoot %]/[% sitename %]/certs/server.crt |
65 | | -# ssl_certificate_key [% domainRoot %]/[% sitename %]/certs/server.key |
66 | | -# |
67 | | -#} |
0 commit comments