-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.conf
95 lines (76 loc) · 2.68 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
access_log /var/www/snapfile/logs/nginx_access.log;
error_log /var/www/snapfile/logs/nginx_err.log;
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream backend {
server localhost:8080;
}
server {
listen 80;
listen [::]:80;
server_name snapfile.yanxurui.cc; # works for both snapfile.yanxurui.cc and www.snapfile.yanxurui.cc
return 301 https://$host$request_uri;
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name snapfile.yanxurui.cc;
client_max_body_size 1024m;
client_body_buffer_size 1m;
limit_req zone=mylimit burst=5 nodelay;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
root /var/www/snapfile/static;
ssl_certificate /etc/letsencrypt/live/snapfile.yanxurui.cc/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/snapfile.yanxurui.cc/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# serve static files
# internal redirect from / to /index.html
location / {
}
# restricted to only logged users
location = /index.html {
auth_request /auth;
# tell client to redirect on 401
# it's also possible to construct the redirect URL manually
error_page 401 = @login_required;
}
location @login_required {
return 302 /login.html;
}
# APIs handled by python backend
location ~ ^/(signup|login|logout|auth|files)$ {
proxy_pass http://backend;
# do not save to the temp file when uploading
proxy_request_buffering off;
# support chunked transfer encoding
# otherwise the request body will be buffered
proxy_http_version 1.1;
# do not buffer when downloading files from upstream
proxy_buffering off;
}
# websocket proxy
location /ws {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_read_timeout 3600s;
}
# handle requests redirected by the "X-Accel-Redirect" response header field from an upstream server;
location /download {
internal;
alias /var/www/snapfile/files;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}