|
1 | 1 | server { |
2 | | - listen [% modproxyPort %]; |
3 | | - server_name [% sitename %] [% domain %]; |
4 | | - access_log [% domainRoot %]/[% sitename %]/logs/access.log combined |
5 | | - |
6 | | - client_max_body_size 20M; |
7 | | - proxy_set_header X-Real-IP $remote_addr; |
8 | | - proxy_set_header Host $host; |
| 2 | + server_name [% sitename %] [%domain %] |
9 | 3 |
|
10 | | - # block IIS related attacks from getting to WebGUI |
11 | | - location = /^scripts/ { |
12 | | - return 400 |
13 | | - } |
| 4 | + listen [% config.get('nginx/port') %]; ## listen for ipv4 |
14 | 5 |
|
15 | | - location = /^default.ida/ { |
16 | | - return 400 |
17 | | - } |
| 6 | + access_log [% domainRoot %]/[% sitename %]/logs/access.log combined |
| 7 | + root [% domainRoot %]/www.example.com/public; |
| 8 | + client_max_body_size 20M; |
18 | 9 |
|
19 | | - location = /_vti_bin/ { |
20 | | - return 400 |
| 10 | + # proxy webgui to starman listening on 127.0.0.1 |
| 11 | + location / { |
| 12 | + # proxy_cache static; |
| 13 | + # proxy_cache_valid 200 1s; |
| 14 | + proxy_set_header X-Real-IP $remote_addr; |
| 15 | + proxy_set_header X-Forwarded-For $remote_addr; |
| 16 | + proxy_set_header Host $host; |
| 17 | + proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; |
21 | 18 | } |
22 | | - |
23 | | - location = /_mem_bin/ { |
24 | | - return 400 |
| 19 | + location /uploads { |
| 20 | + expires 2h; |
| 21 | + if ( $request_filename ~ "^(.*/)" ) { |
| 22 | + set $request_directory $document_root$1; |
| 23 | + } |
| 24 | + if ( -f "$request_directory/.wgaccess" ) { |
| 25 | + proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; |
| 26 | + } |
25 | 27 | } |
26 | | - |
27 | | - # proxy webgui pages |
28 | | - #ProxyPreserveHost On |
29 | | - #RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P] |
| 28 | + location /uploads/filepump { expires max; } |
| 29 | + location /extras/ { expires 24h; } |
| 30 | + location = /default.ida { access_log off; deny all; } |
| 31 | + location /_vti_bin { access_log off; deny all; } |
| 32 | + location /_mem_bin { access_log off; deny all; } |
| 33 | + location ~ /\.(ht|wg) { access_log off; deny all; } |
| 34 | + location = /alive { access_log off; } |
30 | 35 | } |
31 | 36 |
|
32 | | -# Uncomment the following lines to enable SSL for this host. Also, |
33 | | -# change the 10.0.0.1 to the IP address you wish to bind the SSL host |
34 | | -# to. |
35 | | - |
36 | 37 | #server { |
37 | | -# listen 443; |
38 | | -# server_name [% sitename %] [% domain %]; |
39 | | -# access_log [% domainRoot %]/[% sitename %]/logs/access.log combined |
| 38 | +# listen 443; |
| 39 | +# server_name [% sitename %] [%domain %] |
| 40 | +# |
| 41 | +# ssl on; |
| 42 | +# ssl_certificate [% domainRoot %]/[% sitename %]/certs/server.crt |
| 43 | +# ssl_certificate_key [% domainRoot %]/[% sitename %]/certs/server.key |
40 | 44 | # |
41 | | -# client_max_body_size 20M; |
42 | | -# proxy_set_header X-Real-IP $remote_addr; |
43 | | -# proxy_set_header Host $host; |
| 45 | +# ssl_session_timeout 5m; |
44 | 46 | # |
45 | | -# # block IIS related attacks from getting to WebGUI |
46 | | -# location = /^scripts/ { |
47 | | -# return 400 |
48 | | -# } |
| 47 | +# ssl_protocols SSLv3 TLSv1; |
| 48 | +# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; |
| 49 | +# ssl_prefer_server_ciphers on; |
49 | 50 | # |
50 | | -# location = /^default.ida/ { |
51 | | -# return 400 |
52 | | -# } |
| 51 | +# access_log [% domainRoot %]/[% sitename %]/logs/access.log combined |
| 52 | +# root [% domainRoot %]/www.example.com/public; |
53 | 53 | # |
54 | | -# location = /_vti_bin/ { |
55 | | -# return 400 |
| 54 | +# # proxy webgui to starman listening on 127.0.0.1 |
| 55 | +# location / { |
| 56 | +# # proxy_cache static; |
| 57 | +# # proxy_cache_valid 200 1s; |
| 58 | +# proxy_set_header X-Real-IP $remote_addr; |
| 59 | +# proxy_set_header X-Forwarded-For $remote_addr; |
| 60 | +# proxy_set_header Host $host; |
| 61 | +# proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; |
56 | 62 | # } |
57 | | -# |
58 | | -# location = /_mem_bin/ { |
59 | | -# return 400 |
| 63 | +# location /uploads { |
| 64 | +# expires 2h; |
| 65 | +# if ( $request_filename ~ "^(.*/)" ) { |
| 66 | +# set $request_directory $document_root$1; |
| 67 | +# } |
| 68 | +# if ( -f "$request_directory/.wgaccess" ) { |
| 69 | +# proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; |
| 70 | +# } |
60 | 71 | # } |
61 | | -# |
62 | | -# # For chained certificates, concatenate all the certs together, starting with the |
63 | | -# # site certificate and then the chained certificates |
64 | | -# ssl_certificate [% domainRoot %]/[% sitename %]/certs/server.crt |
65 | | -# ssl_certificate_key [% domainRoot %]/[% sitename %]/certs/server.key |
66 | | -# |
| 72 | +# location /uploads/filepump { expires max; } |
| 73 | +# location /extras/ { expires 24h; } |
| 74 | +# location = /default.ida { access_log off; deny all; } |
| 75 | +# location /_vti_bin { access_log off; deny all; } |
| 76 | +# location /_mem_bin { access_log off; deny all; } |
| 77 | +# location ~ /\.(ht|wg) { access_log off; deny all; } |
| 78 | +# location = /alive { access_log off; } |
67 | 79 | #} |
| 80 | + |
| 81 | + |
0 commit comments