pristavu

# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

pristavu

- certain endpoints are always blocked
if nginx_uri == "/_access_token" or nginx_uri == "/_me" then
    ngx.exit(403)
end

-- import requirements
local cjson = require "cjson"

-- setup some app-level vars
local app_id = "APP_ID"

pristavu

#
# Slightly tighter CORS config for nginx
#
# A modification of https://gist.github.com/1064640/ to include a white-list of URLs
#
# Despite the W3C guidance suggesting that a list of origins can be passed as part of
# Access-Control-Allow-Origin headers, several browsers (well, at least Firefox) 
# don't seem to play nicely with this.
#

pristavu

# Feel free to change this path of course (and keys_zone value as well, but also change the usage of it below).
proxy_cache_path /var/www/cache/resized levels=1:2 keys_zone=resizedimages:10m max_size=1G;

# Gzip was on in another conf file of mine...You may need to uncomment the next line.
#gzip on;
gzip_disable msie6;
gzip_static on;
gzip_comp_level 4;
gzip_proxied any;
# Again, be careful that you aren't overwriting some other setting from another config's http {} section.

pristavu

/*
 * Example how to preload HTML5 video on the iPad (iOS 3.2+)
 * @author Miller Medeiros
 * Released under WTFPL
 */

var vid = document.createElement('video');
vid.src = 'lol_catz.mp4';
document.getElementById('video-holder').appendChild(vid);

pristavu

server {
	#listen   80; ## listen for ipv4; this line is default and implied
	#listen   [::]:80 default ipv6only=on; ## listen for ipv6


	server_name media.resize.dev;
	error_log /var/log/nginx/debug.log debug;
   log_subrequest on;
    rewrite_log on;

pristavu

Client-side SSL

For excessively paranoid client authentication.

Using self-signed certificate.

Create a Certificate Authority root (which represents this server)

Organization & Common Name: Some human identifier for this server CA.

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

pristavu

# Feel free to change this path of course (and keys_zone value as well, but also change the usage of it below).
proxy_cache_path /var/www/cache/resized levels=1:2 keys_zone=resizedimages:10m max_size=1G;

# Gzip was on in another conf file of mine...You may need to uncomment the next line.
#gzip on;
gzip_disable msie6;
gzip_static on;
gzip_comp_level 4;
gzip_proxied any;
# Again, be careful that you aren't overwriting some other setting from another config's http {} section.

pristavu

user www-data;

#worker_processes 4;
#worker_priority 0;
#worker_cpu_affinity 0001 0010 0100 1000;
#worker_rlimit_nofile 163840;

#worker_processes 8;
#worker_priority 0;
#worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

pristavu

# Nginx can serve FLV/MP4 files by pseudo-streaming way without any specific media-server software. 
# To do the custom build we use 2 modules: --with-http_secure_link_module --with-http_flv_module
# This module "secure-link" helps you to protect links from stealing away.
#
# NOTE: see more details at coderwall: http://coderwall.com/p/3hksyg

cd /usr/src
wget http://nginx.org/download/nginx-1.5.13.tar.gz
tar xzvf ./nginx-1.5.13.tar.gz && rm -f ./nginx-1.5.13.tar.gz