Created
July 31, 2024 09:05
-
-
Save JPBM135/c0edb8b9e267c2f34afc12b63933e32e to your computer and use it in GitHub Desktop.
Nginx config for server client and /api with cloudflare
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd ~ | |
| mkdir sslcertificates | |
| openssl req -x509 -newkey rsa:4096 -keyout privatekey.pem -out certificate.pem -days 365 -nodes -subj '/CN=localhost' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.9' | |
| name: 'global-nginx' | |
| services: | |
| nginx: | |
| restart: unless-stopped | |
| image: nginx:latest | |
| network_mode: host | |
| volumes: | |
| - ./nginx.conf:/etc/nginx/nginx.conf | |
| - ./sslcertificates/certificate.pem:/etc/nginx/ssl/selfsigned.crt | |
| - ./sslcertificates/privatekey.pem:/etc/nginx/ssl/selfsigned.key | |
| - ./global-nginx:/var/log/nginx/ | |
| logging: | |
| driver: json-file | |
| options: | |
| max-size: "10m" | |
| max-file: "3" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| events{} | |
| http { | |
| include /etc/nginx/mime.types; | |
| # Define the rate limit zone | |
| limit_req_zone $http_cf_connecting_ip zone=one:10m rate=20r/s; | |
| limit_conn_status 429; | |
| limit_req_status 429; | |
| server { | |
| listen 443 ssl; | |
| server_name site.dev; | |
| # Define access and error logs | |
| access_log /var/log/nginx/recall.jpbm.dev.access.log; | |
| error_log /var/log/nginx/recall.jpbm.dev.error.log; | |
| gzip on; | |
| gzip_vary on; | |
| gzip_static on; | |
| gzip_min_length 256; | |
| gzip_types | |
| application/atom+xml | |
| application/geo+json | |
| application/javascript | |
| application/x-javascript | |
| application/json | |
| application/ld+json | |
| application/manifest+json | |
| application/rdf+xml | |
| application/rss+xml | |
| application/xhtml+xml | |
| application/xml | |
| font/eot | |
| font/otf | |
| font/ttf | |
| image/svg+xml | |
| text/css | |
| text/javascript | |
| text/plain | |
| text/xml; | |
| gzip_disable "MSIE [1-6]\."; | |
| ssl_certificate /etc/nginx/ssl/selfsigned.crt; | |
| ssl_certificate_key /etc/nginx/ssl/selfsigned.key; | |
| ssl_protocols TLSv1.2 TLSv1.3; # Adjust as needed for compatibility | |
| ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256'; # Example cipher suite, adjust based on requirements | |
| location / { | |
| proxy_pass http://127.0.0.1:80; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $http_cf_connecting_ip; | |
| # Apply the rate limiting | |
| limit_req zone=one burst=20 nodelay; | |
| } | |
| location /api { | |
| rewrite ^/api/(.*)$ /$1 break; | |
| proxy_pass http://127.0.0.1:8000; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $http_cf_connecting_ip; | |
| # Apply the rate limiting | |
| limit_req zone=one burst=20 nodelay; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment