mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
add-aurweb-tracing
infrastructure/roles/fluxbb/templates/nginx.conf.j2
Robin Candau 7b14027a45 Switch to http2 directive in nginx configs 
> 2024/06/02 11:05:53 \[warn\] 30324#30324: the "listen ... http2" directive is deprecated, use the "http2" directive instead

Fixes https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/589
2024-06-02 12:25:27 +00:00

110 lines
3.4 KiB
Django/Jinja
Raw Permalink Blame History

server {
listen 80;
listen [::]:80;
server_name {{ fluxbb_domain }};
access_log /var/log/nginx/{{ fluxbb_domain }}/access.log;
access_log /var/log/nginx/{{ fluxbb_domain }}/access.log.json json_reduced;
error_log /var/log/nginx/{{ fluxbb_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
return 301 https://$server_name$request_uri;
}
}
# a limiter to stop abuse of the rss feed.
# limit to 1 requests per minute, with a burst defined when we use this
# limiter in the location directive below
limit_req_zone $binary_remote_addr zone=rsslimit:8m rate=1r/m;
limit_req_zone $binary_remote_addr zone=searchlimit:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=bbslimit:10m rate=10r/s;
limit_req_status 429;
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name {{ fluxbb_domain }};
root {{ fluxbb_dir }};
index index.php;
access_log /var/log/nginx/{{ fluxbb_domain }}/access.log;
access_log /var/log/nginx/{{ fluxbb_domain }}/access.log.json json_reduced;
error_log /var/log/nginx/{{ fluxbb_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ fluxbb_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ fluxbb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ fluxbb_domain }}/chain.pem;
location /.git {
deny all;
}
location = /search.php {
limit_req zone=searchlimit burst=10;
fastcgi_pass unix:/run/php-fpm/fluxbb.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_param HTTPS on;
include fastcgi_params;
}
location ~ /extern\.php {
limit_req zone=rsslimit burst=10 nodelay;
fastcgi_pass unix:/run/php-fpm/fluxbb.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_param HTTPS on;
include fastcgi_params;
}
location ~ ^/(?:config|header|footer)\.php {
log_not_found off;
deny all;
return 403;
}
location ~ /(cache|include|lang|plugins) {
log_not_found off;
deny all;
return 403;
}
location ^~ /style/ {
expires 7d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location ^~ /img/ {
expires 7d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location ~ ^/(?:db_update|install)\.php {
auth_basic "Administration";
auth_basic_user_file auth/{{ fluxbb_domain }};
fastcgi_pass unix:/run/php-fpm/fluxbb.socket;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_param HTTPS on;
include fastcgi_params;
}
location ~ ^/[^/]+\.php$ {
fastcgi_pass unix:/run/php-fpm/fluxbb.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
fastcgi_param HTTPS on;
include fastcgi_params;
limit_req zone=bbslimit burst=10 nodelay;
}
}
View Git Blame Copy Permalink