Created
July 4, 2018 10:47
-
-
Save liwsakilive/3cd1a644832a7a292de60b9ed342d7ce to your computer and use it in GitHub Desktop.
magento use nginx reverse proxy protection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proxy_cache_path /var/nginx/cache levels=1:2 keys_zone=STATIC:10m | |
| inactive=24h max_size=1g; | |
| limit_req_zone $binary_remote_addr zone=clientlimit:10m rate=5r/s; | |
| limit_conn_zone $binary_remote_addr zone=name:10m; | |
| server { | |
| listen 80; | |
| server_name _; | |
| set $do_not_cache "0"; | |
| set $bypass "0"; | |
| set $block "2"; | |
| if ( $request_method !~ ^(GET|HEAD)$ ) { | |
| set $do_not_cache "1"; | |
| } | |
| # if ($http_cookie ~* "frontend_cid|frontend|sid|adminhtml") { | |
| # set $block 3; | |
| # } | |
| location /customer/account/createpost/ { | |
| if ($http_cookie ~* "frontend_cid|frontend|sid|adminhtml") { | |
| return 404; | |
| } | |
| proxy_pass http://127.0.0.1:8080; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt|wof)$ { | |
| access_log off; | |
| expires max; | |
| proxy_pass http://127.0.0.1:8080; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_cache STATIC; | |
| proxy_cache_valid 200 1d; | |
| proxy_cache_use_stale error timeout invalid_header updating | |
| http_500 http_502 http_503 http_504; | |
| proxy_cache_bypass $bypass $do_not_cache; | |
| proxy_no_cache $do_not_cache; | |
| } | |
| location / { | |
| limit_conn name 1; | |
| limit_req zone=clientlimit burst=5; | |
| limit_rate 5m; | |
| proxy_pass http://127.0.0.1:8080; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_cache STATIC; | |
| proxy_cache_valid 200 1d; | |
| proxy_cache_use_stale error timeout invalid_header updating | |
| http_500 http_502 http_503 http_504; | |
| proxy_cache_bypass $bypass $do_not_cache; | |
| proxy_no_cache $do_not_cache; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment