SethWilson · August 29, 2015 14:18
diff --git a/nginx.conf b/nginx.conf
 ##
 ##  This nginx.conf servers as the main config file for webflow reverse proxy
 ##
 ##  RCS:
 ##  https://gist.github.com/sansmischevia/5617402
 ##  
 ##  Hardening tips:
 ##  http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html
 ##  

 #user  nobody;
 worker_processes  1;
 worker_rlimit_nofile 10480;

 #error_log  logs/error.log;
 #error_log  logs/error.log  notice;
 # error_log  logs/error.log  debug;

 #pid        logs/nginx.pid;

 events {
    worker_connections  1024;
 }

 http {
    include       mime.types;
    default_type  text/html;

    ## Start: Size Limits & Buffer Overflows ##
    client_body_buffer_size  1k;
    client_header_buffer_size 1k;
    client_max_body_size 1k;
    large_client_header_buffers 2 1k;
     ## END: Size Limits & Buffer Overflows ##

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for" $host';

    log_format customLog '[$time_local] $remote_addr - $remote_user - $host $uri  to: $upstream_addr: $request uResponse_time $upstream_response_time msec $msec request_time $request_time http://$backend/$host$uri';
    log_format subdomainLog '[$time_local] $remote_addr - $remote_user - $host $uri  to: $upstream_addr: $request uResponse_time $upstream_response_time msec $msec request_time $request_time http://$backend/$subdomain$uri';

    #access_log  logs/access.log  main;

    proxy_cache_path  /var/www/cache levels=1:2 keys_zone=webflow_cache:8m max_size=1000m inactive=60m;
    proxy_temp_path /var/www/cache/tmp; # place used to buffer large proxied requests to the fs

    sendfile        on;
    #tcp_nopush     on;

    # keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;
    # index index.html;

    # Subdomain directive, catches *.webflow.io
    server {
      listen       80;
      server_name  *.webflow.io;
      access_log  logs/sudomain.access.log  subdomainLog;

      location / {
          resolver        8.8.8.8; # OpenDNS
          resolver_timeout 5s;

          set $backend "webflow-sites.s3-website-us-east-1.amazonaws.com";
          
          # Remove the www. if it exists. Other subdomains will be ignored, or fail.
          if ($host ~* (.*)\.webflow\.io) {
            set $subdomain $1;
            proxy_pass      http://$backend/$subdomain$uri;
          }
          
          proxy_pass      http://$backend/$host$uri;
          
          proxy_cache webflow_cache;
          proxy_cache_valid  200 302  90s; # cache successful responses for 3min
          proxy_cache_valid  404      30s; # cache missing responses for 1min

          proxy_redirect off;
          proxy_set_header        Host    $backend;       # need to set the hot to be $backend here so s3 static website hosting service knows what bucket to use
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          add_header              X-Cache-Status $upstream_cache_status;
          proxy_hide_header       x-amz-id-2;
          proxy_hide_header       x-amz-request-id;
      }
    }

    # Custom domain directive, catches everything!!!
    server {
        listen       80;
        server_name  _; # Respond to all domains here.

        #charset koi8-r;

        access_log  logs/custom.access.log  customLog;

        location / {
            resolver        8.8.8.8; # OpenDNS
            resolver_timeout 5s;

            set $backend "webflow-sites.s3-website-us-east-1.amazonaws.com";
            
            # Remove the www. if it exists. Other subdomains will be ignored, or fail.
            if ($host ~* www\.(.*)) {
              set $host_without_www $1;
              proxy_pass      http://$backend/$host_without_www$uri;
            }
            
            proxy_pass      http://$backend/$host$uri;
            
            proxy_cache webflow_cache;
            proxy_cache_valid  200 302  1m; # cache successful responses for 3min
            proxy_cache_valid  404      10s; # cache missing responses for 1min

            proxy_redirect off;
            proxy_set_header        Host    $backend;       # need to set the hot to be $backend here so s3 static website hosting service knows what bucket to use
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            add_header              X-Cache-Status $upstream_cache_status;
            proxy_hide_header       x-amz-id-2;
            proxy_hide_header       x-amz-request-id;
        }
    }
 }
	##
	## This nginx.conf servers as the main config file for webflow reverse proxy
	##
	## RCS:
	## https://gist.github.com/sansmischevia/5617402
	##
	## Hardening tips:
	## http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html
	##

	#user nobody;
	worker_processes 1;
	worker_rlimit_nofile 10480;

	#error_log logs/error.log;
	#error_log logs/error.log notice;
	# error_log logs/error.log debug;

	#pid logs/nginx.pid;

	events {
	worker_connections 1024;
	}

	http {
	include mime.types;
	default_type text/html;

	## Start: Size Limits & Buffer Overflows ##
	client_body_buffer_size 1k;
	client_header_buffer_size 1k;
	client_max_body_size 1k;
	large_client_header_buffers 2 1k;
	## END: Size Limits & Buffer Overflows ##

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for" $host';

	log_format customLog '[$time_local] $remote_addr - $remote_user - $host $uri to: $upstream_addr: $request uResponse_time $upstream_response_time msec $msec request_time $request_time http://$backend/$host$uri';
	log_format subdomainLog '[$time_local] $remote_addr - $remote_user - $host $uri to: $upstream_addr: $request uResponse_time $upstream_response_time msec $msec request_time $request_time http://$backend/$subdomain$uri';

	#access_log logs/access.log main;

	proxy_cache_path /var/www/cache levels=1:2 keys_zone=webflow_cache:8m max_size=1000m inactive=60m;
	proxy_temp_path /var/www/cache/tmp; # place used to buffer large proxied requests to the fs

	sendfile on;
	#tcp_nopush on;

	# keepalive_timeout 0;
	keepalive_timeout 65;

	gzip on;
	# index index.html;

	# Subdomain directive, catches *.webflow.io
	server {
	listen 80;
	server_name *.webflow.io;
	access_log logs/sudomain.access.log subdomainLog;

	location / {
	resolver 8.8.8.8; # OpenDNS
	resolver_timeout 5s;

	set $backend "webflow-sites.s3-website-us-east-1.amazonaws.com";

	# Remove the www. if it exists. Other subdomains will be ignored, or fail.
	if ($host ~* (.*)\.webflow\.io) {
	set $subdomain $1;
	proxy_pass http://$backend/$subdomain$uri;
	}

	proxy_pass http://$backend/$host$uri;

	proxy_cache webflow_cache;
	proxy_cache_valid 200 302 90s; # cache successful responses for 3min
	proxy_cache_valid 404 30s; # cache missing responses for 1min

	proxy_redirect off;
	proxy_set_header Host $backend; # need to set the hot to be $backend here so s3 static website hosting service knows what bucket to use
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	add_header X-Cache-Status $upstream_cache_status;
	proxy_hide_header x-amz-id-2;
	proxy_hide_header x-amz-request-id;
	}
	}

	# Custom domain directive, catches everything!!!
	server {
	listen 80;
	server_name _; # Respond to all domains here.

	#charset koi8-r;

	access_log logs/custom.access.log customLog;

	location / {
	resolver 8.8.8.8; # OpenDNS
	resolver_timeout 5s;

	set $backend "webflow-sites.s3-website-us-east-1.amazonaws.com";

	# Remove the www. if it exists. Other subdomains will be ignored, or fail.
	if ($host ~* www\.(.*)) {
	set $host_without_www $1;
	proxy_pass http://$backend/$host_without_www$uri;
	}

	proxy_pass http://$backend/$host$uri;

	proxy_cache webflow_cache;
	proxy_cache_valid 200 302 1m; # cache successful responses for 3min
	proxy_cache_valid 404 10s; # cache missing responses for 1min

	proxy_redirect off;
	proxy_set_header Host $backend; # need to set the hot to be $backend here so s3 static website hosting service knows what bucket to use
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	add_header X-Cache-Status $upstream_cache_status;
	proxy_hide_header x-amz-id-2;
	proxy_hide_header x-amz-request-id;
	}
	}
	}