gru/linuxiarz_vps_angie
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87abf0f76ebb36d358fefb27fff5d95c0a2158b5
linuxiarz_vps_angie/sites-available/linuxiarz.pl_new.conf
Mateusz Gruszczyński 9e67770ca3 limit req
2025-11-17 08:10:58 +01:00

155 lines
4.0 KiB
Plaintext
Raw Blame History

upstream linuxiarz_app {
zone linuxiarz_app 1m;
server 127.0.0.1:8000;
keepalive 16;
}
upstream redirector_app {
zone redirector_app 1m;
server 127.0.0.1:8282;
keepalive 16;
}
# limit req
limit_req_zone $binary_remote_addr zone=linuxiarz_limit:10m rate=10r/s;
# HTTP -> HTTPS + normalizacja do www
server {
listen 80;
server_name linuxiarz.pl www.linuxiarz.pl;
rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;
return 301 https://www.linuxiarz.pl$request_uri;
}
server {
listen 443 ssl;
server_name linuxiarz.pl;
include config/wildcard.conf;
ssl_protocols TLSv1.3 TLSv1.2;
return 301 https://www.linuxiarz.pl$request_uri;
}
server {
# TCP (HTTP/1.1 + HTTP/2)
listen 443 ssl;
http2 on;
# UDP (QUIC + HTTP/3)
listen 443 quic;
http3 on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_early_data on;
# Alt-Svc tylko tu, gdzie serwowana jest treść
add_header Alt-Svc 'h3=":443"; ma=86400';
server_name www.linuxiarz.pl;
include config/wildcard.conf;
# logging
access_log /var/log/angie/linuxiarz.pl.access.log main;
error_log /var/log/angie/linuxiarz.pl.error.log warn;
status_zone www.linuxiarz.pl_frontend;
limit_req zone=linuxiarz_limit burst=20 nodelay;
# Dozwolone metody
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 405;
}
# Ścieżkowe redirecty również z HTTPS na www
rewrite ^/sk/?$ https://sk.linuxiarz.pl/ permanent;
rewrite ^/feed/?$ https://blog.linuxiarz.pl/feed/ permanent;
# Główne proxy do Varnish na 6081
location / {
proxy_pass http://varnish/;
include config/proxy.conf;
}
}
##################################
# 3) Backend HTTP na porcie 8080
##################################
server {
listen 8080;
server_name www.linuxiarz.pl linuxiarz.pl;
# Domyślna ścieżka: pliki -> fallback do aplikacji na :8000
error_page 404 = @redirect_check;
status_zone www.linuxiarz.pl_backend;
location / {
try_files $uri $uri/ @to8000;
}
location @to8000 {
proxy_intercept_errors on; # pozwala przechwycić 404/5xx i skierować do @redirect_check
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://linuxiarz_app;
proxy_request_buffering off;
client_body_timeout 120s;
proxy_read_timeout 120s;
proxy_connect_timeout 120s;
proxy_send_timeout 120s;
proxy_http_version 1.1;
error_page 404 = @redirect_check;
}
location @redirect_check {
add_header Cache-Control "no-cache, max-age=0, no-store";
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
proxy_pass http://redirector_app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Endpointy bez cache
location ~ ^/(stats|user-info|health)$ {
add_header Cache-Control "no-cache, max-age=0, no-store";
proxy_cache off;
proxy_pass http://redirector_app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Pliki RBL z lokalnego root
location ~ ^/(id-rbl\.txt|domain-rbl\.txt)$ {
add_header Cache-Control "no-cache, no-store";
root /var/www/www.linuxiarz.pl;
try_files $uri =404;
}
# Stały redirect do osobnej subdomeny
location /listapp/ {
return 301 https://listapp.linuxiarz.pl$request_uri;
}
# PHP przez FastCGI
location ~ \.php$ {
include config/php_fastcgi.conf;
}
}
Reference in New Issue View Git Blame Copy Permalink