77 lines
2.3 KiB
Plaintext
77 lines
2.3 KiB
Plaintext
# Define API rate limitation
|
|
limit_req_zone $binary_remote_addr zone=cycloAPI:10m rate=1r/s;# UWSGI proxy pass
|
|
|
|
# Define the server to use upstream, here we assume we serve Cyclassist using
|
|
# UWSGI.
|
|
upstream _cyclassist {
|
|
server unix:/run/uwsgi/app/cyclassist/socket;
|
|
}
|
|
|
|
# Expires map, to ensure correct caching of the assets.
|
|
map $sent_http_content_type $expires {
|
|
default off;
|
|
text/html epoch;
|
|
text/css max;
|
|
application/javascript max;
|
|
~image/ max;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name SERVER_NAME;
|
|
root /var/www/cyclassist/dist;
|
|
|
|
access_log /var/log/nginx/cyclo-access.log combined;
|
|
error_log /var/log/nginx/cyclo-error.log warn;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/letsencrypt/live/cyclo.phyks.me/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/cyclo.phyks.me/privkey.pem;
|
|
# Tweak the SSL ciphers and so on, see https://wiki.mozilla.org/Security/Server_Side_TLS.
|
|
|
|
# Enable GZIP
|
|
gzip on;
|
|
gzip_disable "msie6";
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_min_length 256;
|
|
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
|
|
|
|
# Cache control
|
|
expires $expires;
|
|
location ~* \.(?:woff2?|eot|ttf|otf?g) {
|
|
expires max; # Max caching for font files
|
|
}
|
|
|
|
# No caching for the service worker file
|
|
location = /sw.js {
|
|
add_header Last-Modified $date_gmt;
|
|
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
if_modified_since off;
|
|
expires off;
|
|
etag off;
|
|
}
|
|
|
|
# Proxy pass the API calls to the server part
|
|
location /api {
|
|
limit_req zone=cycloAPI burst=3 nodelay; # Add rate-limiting on top of the API
|
|
include uwsgi_params;
|
|
uwsgi_pass _cyclassist;
|
|
}
|
|
}
|
|
|
|
|
|
server {
|
|
listen 80;
|
|
server_name SERVER_NAME;
|
|
|
|
root /dev/null;
|
|
|
|
include /etc/nginx/snippets/common_vhost.conf;
|
|
|
|
return 301 https://$server_name$request_uri; # Redirect to HTTPS
|
|
}
|