cygnal/support/nginx/cyclassist.conf

77 lines
2.3 KiB
Plaintext
Raw Normal View History

2018-10-16 15:42:55 +02:00
# Define API rate limitation
2018-07-18 15:07:40 +02:00
limit_req_zone $binary_remote_addr zone=cycloAPI:10m rate=1r/s;# UWSGI proxy pass
2018-10-16 15:42:55 +02:00
# Define the server to use upstream, here we assume we serve Cyclassist using
# UWSGI.
upstream _cyclassist {
server unix:/run/uwsgi/app/cyclassist/socket;
}
2018-10-16 15:42:55 +02:00
# Expires map, to ensure correct caching of the assets.
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 443 ssl http2;
server_name SERVER_NAME;
root /var/www/cyclassist/dist;
access_log /var/log/nginx/cyclo-access.log combined;
error_log /var/log/nginx/cyclo-error.log warn;
ssl on;
ssl_certificate /etc/letsencrypt/live/cyclo.phyks.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cyclo.phyks.me/privkey.pem;
# Tweak the SSL ciphers and so on, see https://wiki.mozilla.org/Security/Server_Side_TLS.
# Enable GZIP
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
# Cache control
expires $expires;
location ~* \.(?:woff2?|eot|ttf|otf?g) {
expires max; # Max caching for font files
}
# No caching for the service worker file
location = /sw.js {
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
# Proxy pass the API calls to the server part
location /api {
2018-10-16 15:42:55 +02:00
limit_req zone=cycloAPI burst=3 nodelay; # Add rate-limiting on top of the API
include uwsgi_params;
uwsgi_pass _cyclassist;
}
}
server {
listen 80;
server_name SERVER_NAME;
root /dev/null;
include /etc/nginx/snippets/common_vhost.conf;
return 301 https://$server_name$request_uri; # Redirect to HTTPS
}