Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
662e341
commit ff57acb
Showing
1 changed file
with
65 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,67 +1,81 @@ | ||
| server { | ||
| listen [% modproxyPort %]; | ||
| server_name [% sitename %] [% domain %]; | ||
| access_log [% domainRoot %]/[% sitename %]/logs/access.log combined | ||
|
|
||
| client_max_body_size 20M; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header Host $host; | ||
| server_name [% sitename %] [%domain %] | ||
|
|
||
| # block IIS related attacks from getting to WebGUI | ||
| location = /^scripts/ { | ||
| return 400 | ||
| } | ||
| listen [% config.get('nginx/port') %]; ## listen for ipv4 | ||
|
|
||
| location = /^default.ida/ { | ||
| return 400 | ||
| } | ||
| access_log [% domainRoot %]/[% sitename %]/logs/access.log combined | ||
| root [% domainRoot %]/www.example.com/public; | ||
| client_max_body_size 20M; | ||
|
|
||
| location = /_vti_bin/ { | ||
| return 400 | ||
| # proxy webgui to starman listening on 127.0.0.1 | ||
| location / { | ||
| # proxy_cache static; | ||
| # proxy_cache_valid 200 1s; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $remote_addr; | ||
| proxy_set_header Host $host; | ||
| proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; | ||
| } | ||
|
|
||
| location = /_mem_bin/ { | ||
| return 400 | ||
| location /uploads { | ||
| expires 2h; | ||
| if ( $request_filename ~ "^(.*/)" ) { | ||
| set $request_directory $document_root$1; | ||
| } | ||
| if ( -f "$request_directory/.wgaccess" ) { | ||
| proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; | ||
| } | ||
| } | ||
|
|
||
| # proxy webgui pages | ||
| #ProxyPreserveHost On | ||
| #RewriteRule ^/(.*) http://127.0.0.1:[% modperlPort %]/$1 [P] | ||
| location /uploads/filepump { expires max; } | ||
| location /extras/ { expires 24h; } | ||
| location = /default.ida { access_log off; deny all; } | ||
| location /_vti_bin { access_log off; deny all; } | ||
| location /_mem_bin { access_log off; deny all; } | ||
| location ~ /\.(ht|wg) { access_log off; deny all; } | ||
| location = /alive { access_log off; } | ||
| } | ||
|
|
||
| # Uncomment the following lines to enable SSL for this host. Also, | ||
| # change the 10.0.0.1 to the IP address you wish to bind the SSL host | ||
| # to. | ||
|
|
||
| #server { | ||
| # listen 443; | ||
| # server_name [% sitename %] [% domain %]; | ||
| # access_log [% domainRoot %]/[% sitename %]/logs/access.log combined | ||
| # listen 443; | ||
| # server_name [% sitename %] [%domain %] | ||
| # | ||
| # ssl on; | ||
| # ssl_certificate [% domainRoot %]/[% sitename %]/certs/server.crt | ||
| # ssl_certificate_key [% domainRoot %]/[% sitename %]/certs/server.key | ||
| # | ||
| # client_max_body_size 20M; | ||
| # proxy_set_header X-Real-IP $remote_addr; | ||
| # proxy_set_header Host $host; | ||
| # ssl_session_timeout 5m; | ||
| # | ||
| # # block IIS related attacks from getting to WebGUI | ||
| # location = /^scripts/ { | ||
| # return 400 | ||
| # } | ||
| # ssl_protocols SSLv3 TLSv1; | ||
| # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; | ||
| # ssl_prefer_server_ciphers on; | ||
| # | ||
| # location = /^default.ida/ { | ||
| # return 400 | ||
| # } | ||
| # access_log [% domainRoot %]/[% sitename %]/logs/access.log combined | ||
| # root [% domainRoot %]/www.example.com/public; | ||
| # | ||
| # location = /_vti_bin/ { | ||
| # return 400 | ||
| # # proxy webgui to starman listening on 127.0.0.1 | ||
| # location / { | ||
| # # proxy_cache static; | ||
| # # proxy_cache_valid 200 1s; | ||
| # proxy_set_header X-Real-IP $remote_addr; | ||
| # proxy_set_header X-Forwarded-For $remote_addr; | ||
| # proxy_set_header Host $host; | ||
| # proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; | ||
| # } | ||
| # | ||
| # location = /_mem_bin/ { | ||
| # return 400 | ||
| # location /uploads { | ||
| # expires 2h; | ||
| # if ( $request_filename ~ "^(.*/)" ) { | ||
| # set $request_directory $document_root$1; | ||
| # } | ||
| # if ( -f "$request_directory/.wgaccess" ) { | ||
| # proxy_pass http://127.0.0.1:[% config.get('starman/port') %]; | ||
| # } | ||
| # } | ||
| # | ||
| # # For chained certificates, concatenate all the certs together, starting with the | ||
| # # site certificate and then the chained certificates | ||
| # ssl_certificate [% domainRoot %]/[% sitename %]/certs/server.crt | ||
| # ssl_certificate_key [% domainRoot %]/[% sitename %]/certs/server.key | ||
| # | ||
| # location /uploads/filepump { expires max; } | ||
| # location /extras/ { expires 24h; } | ||
| # location = /default.ida { access_log off; deny all; } | ||
| # location /_vti_bin { access_log off; deny all; } | ||
| # location /_mem_bin { access_log off; deny all; } | ||
| # location ~ /\.(ht|wg) { access_log off; deny all; } | ||
| # location = /alive { access_log off; } | ||
| #} | ||
|
|
||
|
|