diff --git a/sites-available/rspamd.linuxiarz.pl.conf b/sites-available/rspamd.linuxiarz.pl.conf index 71b5501..bb82616 100644 --- a/sites-available/rspamd.linuxiarz.pl.conf +++ b/sites-available/rspamd.linuxiarz.pl.conf @@ -1,7 +1,7 @@ upstream rspamd { - zone rspamd 1m; - server 127.0.0.1:11334; - keepalive 16; + zone rspamd 1m; + server 127.0.0.1:11334; + keepalive 16; } limit_req_zone $binary_remote_addr zone=rspamd_limit:10m rate=10r/s; @@ -11,47 +11,49 @@ server { listen 443 ssl; http2 on; http3 on; - ssl_protocols TLSv1.3 TLSv1.2; + ssl_protocols TLSv1.3 TLSv1.2; ssl_early_data on; add_header Alt-Svc 'h3=":$server_port"; ma=86400'; - server_name rspamd.linuxiarz.pl; + server_name rspamd.linuxiarz.pl; - include config/wildcard.conf; - - # security - #include config/security.conf; + include config/wildcard.conf; status_zone rspamd.linuxiarz.pl; limit_req zone=rspamd_limit burst=20 nodelay; - # restrict methods + # Restrict methods if ($request_method !~ ^(GET|POST)$) { - return '405'; + return 405; } - # logging - access_log off; - error_log off; + # Logging + access_log /var/log/angie/rspamd.linuxiarz.pl.access.log; + error_log /var/log/angie/rspamd.linuxiarz.pl.error.log warn; location / { proxy_pass http://rspamd/; - include config/proxy.conf; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_buffering off; + proxy_request_buffering off; } - - # additional config - # include config/general.conf; } # HTTP redirect server { - listen 80; - server_name rspamd.linuxiarz.pl; - add_header Alt-Svc 'h3=":443"; ma=86400'; + listen 80; + server_name rspamd.linuxiarz.pl; - # restrict methods if ($request_method !~ ^(GET)$) { - return '405'; + return 405; } location / {