mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
add-aurweb-tracing
infrastructure/roles/security_tracker/templates/nginx.d.conf.j2
Robin Candau 7b14027a45 Switch to http2 directive in nginx configs 
> 2024/06/02 11:05:53 \[warn\] 30324#30324: the "listen ... http2" directive is deprecated, use the "http2" directive instead

Fixes https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/589
2024-06-02 12:25:27 +00:00

79 lines
2.6 KiB
Django/Jinja
Raw Permalink Blame History

# uwsgi caching zone
uwsgi_cache_path /var/lib/nginx/cache/ levels=1:2 keys_zone=sec_cache:5m max_size=1g inactive=60m use_temp_path=off;
# limit requests to 5 r/s to block DoS attempts with a burst of 10.
limit_req_zone $binary_remote_addr zone=sec_req_limit:10m rate=5r/s;
# limit http status: 429 Too Many Requests
limit_req_status 429;
upstream security-tracker {
server unix:///run/uwsgi/security-tracker.sock;
}
server {
listen 80;
listen [::]:80;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log reduced;
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log.json json_reduced;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log reduced;
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log.json json_reduced;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem;
location = /google9fb65bdd43709b25.html {
# verification code for anthraxx
return 200 "google-site-verification: google9fb65bdd43709b25.html";
}
location /static/ {
alias {{ security_tracker_dir }}/tracker/static/;
}
# API/RSS endpoint
location ~* .*(atom|json)$ {
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log main;
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log.json json_main;
include uwsgi_params;
uwsgi_pass security-tracker;
uwsgi_cache sec_cache;
uwsgi_cache_valid 5m;
uwsgi_cache_key "$request_method$request_uri";
limit_req zone=sec_req_limit burst=5 nodelay;
}
# Web UI endpoint
location / {
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log main;
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log.json json_main;
include uwsgi_params;
uwsgi_pass security-tracker;
limit_req zone=sec_req_limit burst=10 nodelay;
}
}
View Git Blame Copy Permalink