AndreiD · July 13, 2020 10:27
diff --git a/MY NGINX CHEAT SHEET b/MY NGINX CHEAT SHEET



 limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s;


 server {
        listen 80 default_server;
        listen [::]:80 default_server;
        client_max_body_size 5M;
        root /home/ubuntu/iqlaw_pictures;

        location /api/auth/ {
          limit_req zone=mylimit;
          proxy_pass http://localhost:5555/api/auth/;
          proxy_set_header  X-Real-IP $remote_addr;
          proxy_set_header  X-Forwarded-Proto https;
          proxy_buffering off;
        }

        location /api/ {
           proxy_pass http://localhost:5555/api/;
           proxy_set_header  X-Real-IP $remote_addr;
           proxy_set_header  X-Forwarded-Proto https;
           proxy_buffering off;
         }


   location ~ ^/(app/|images/|img/|javascript/|js/|css/|dist/|media/|static/|robots.txt|humans.txt|favicon.ico) {
            root /home/ubuntu/iqlaw_pictures;
            access_log off;
            expires 1M;
            add_header Cache-Control "public";
            autoindex off;
        }

 }


 //--------- for blocking -------------
 // ssh: AllowUsers *@34.90.53.171
 server {
        listen 80;
        listen [::]:80;
        root /home/ubuntu/what/where_frontend/dist/;
        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;
        server_name _;
        
        allow 127.0.0.1/32;
        allow 34.90.53.171/32;
        deny all;
        
        location / {
                try_files $uri $uri/ =404;
                error_page 403 /403.html;
        }
       
        # allow everyone to see the forbidden page
        location = /403.html {
          root   /var/www/static/errors/;
                 allow all;
        }
       
        location /api_proxy/ {
        
        #error_page 403 /403.html;
        #allow 127.0.0.1/32;
        #allow 34.90.53.171/32;
        #deny all;
   
           proxy_pass http://localhost:1010/api/v1/;
           proxy_buffering off;
         }
 }

 ==== NETSTATS

 limit_req_zone $binary_remote_addr zone=one:10m rate=20r/s;

 map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
 }

 upstream netstats {
  server 127.0.0.1:3000;
 }


 # Main website
 server {
         listen 80 default_server;
         listen [::]:80 default_server;

         server_name b.to.wtf;
         root /var/www/main_website;
         index index.html;

 }



 # Netstats
 server {
         listen 80;
         listen [::]:80;

         server_name s.to.wtf;
         root /var/www/stats;
         index index.html;


        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;

            proxy_set_header    X-Forwarded-Proto $scheme;

            # WebSocket specific
            proxy_http_version 1.1;
            proxy_set_header    Upgrade           $http_upgrade;
            proxy_set_header    Connection        $connection_upgrade;

            #
            # Specific for comet or long running HTTP requests, don't buffer up the
            # response from origin servers but send them directly to the client.
            #
            proxy_buffering     off;

            #
            # Bump the timeout's so someting sensible so our connections don't
            # disconnect automatically. We've set it to 12 hours.
            #
            proxy_connect_timeout 43200000;
            proxy_read_timeout    43200000;
            proxy_send_timeout    43200000;

            proxy_pass http://netstats;
            proxy_redirect off;
        }
 }


 /var/www/static/errors/403.html

 <!DOCTYPE html><html><head> <link href="https://fonts.googleapis.com/css?family=Ropa+Sans" rel="stylesheet"> <style>body{font-family: 'Ropa Sans', sans-serif; margin-top: 30px; background-color: #F0CA00; background-color: #F3661C; text-align: center; color: #fff;}.error-heading{margin: 50px auto; width: 250px; border: 5px solid #fff; font-size: 126px; line-height: 126px;}.error-heading img{width: 100%;}.error-main h1{font-size: 72px; margin: 0px; color: #F3661C; text-shadow: 0px 0px 5px #fff;}</style></head><body> <div class="error-main"> <h1>Oops!</h1> <div class="error-heading">403</div><p>Seems you do not have permission to access this...</p></div></body></html>



	limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s;


	server {
	listen 80 default_server;
	listen [::]:80 default_server;
	client_max_body_size 5M;
	root /home/ubuntu/iqlaw_pictures;

	location /api/auth/ {
	limit_req zone=mylimit;
	proxy_pass http://localhost:5555/api/auth/;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-Proto https;
	proxy_buffering off;
	}

	location /api/ {
	proxy_pass http://localhost:5555/api/;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-Proto https;
	proxy_buffering off;
	}


	location ~ ^/(app/\|images/\|img/\|javascript/\|js/\|css/\|dist/\|media/\|static/\|robots.txt\|humans.txt\|favicon.ico) {
	root /home/ubuntu/iqlaw_pictures;
	access_log off;
	expires 1M;
	add_header Cache-Control "public";
	autoindex off;
	}

	}


	//--------- for blocking -------------
	// ssh: AllowUsers *@34.90.53.171
	server {
	listen 80;
	listen [::]:80;
	root /home/ubuntu/what/where_frontend/dist/;
	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;
	server_name _;

	allow 127.0.0.1/32;
	allow 34.90.53.171/32;
	deny all;

	location / {
	try_files $uri $uri/ =404;
	error_page 403 /403.html;
	}

	# allow everyone to see the forbidden page
	location = /403.html {
	root /var/www/static/errors/;
	allow all;
	}

	location /api_proxy/ {

	#error_page 403 /403.html;
	#allow 127.0.0.1/32;
	#allow 34.90.53.171/32;
	#deny all;

	proxy_pass http://localhost:1010/api/v1/;
	proxy_buffering off;
	}
	}

	==== NETSTATS

	limit_req_zone $binary_remote_addr zone=one:10m rate=20r/s;

	map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
	}

	upstream netstats {
	server 127.0.0.1:3000;
	}


	# Main website
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name b.to.wtf;
	root /var/www/main_website;
	index index.html;

	}



	# Netstats
	server {
	listen 80;
	listen [::]:80;

	server_name s.to.wtf;
	root /var/www/stats;
	index index.html;


	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-NginX-Proxy true;

	proxy_set_header X-Forwarded-Proto $scheme;

	# WebSocket specific
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection $connection_upgrade;

	#
	# Specific for comet or long running HTTP requests, don't buffer up the
	# response from origin servers but send them directly to the client.
	#
	proxy_buffering off;

	#
	# Bump the timeout's so someting sensible so our connections don't
	# disconnect automatically. We've set it to 12 hours.
	#
	proxy_connect_timeout 43200000;
	proxy_read_timeout 43200000;
	proxy_send_timeout 43200000;

	proxy_pass http://netstats;
	proxy_redirect off;
	}
	}


	/var/www/static/errors/403.html

	<!DOCTYPE html><html><head> <link href="https://fonts.googleapis.com/css?family=Ropa+Sans" rel="stylesheet"> <style>body{font-family: 'Ropa Sans', sans-serif; margin-top: 30px; background-color: #F0CA00; background-color: #F3661C; text-align: center; color: #fff;}.error-heading{margin: 50px auto; width: 250px; border: 5px solid #fff; font-size: 126px; line-height: 126px;}.error-heading img{width: 100%;}.error-main h1{font-size: 72px; margin: 0px; color: #F3661C; text-shadow: 0px 0px 5px #fff;}</style></head><body> <div class="error-main"> <h1>Oops!</h1> <div class="error-heading">403</div><p>Seems you do not have permission to access this...</p></div></body></html>