74 lines
2 KiB
Text
74 lines
2 KiB
Text
# rate limiting: https://www.nginx.com/blog/rate-limiting-nginx/
|
|
limit_req_zone $binary_remote_addr zone=ip:10m rate=5r/s;
|
|
limit_req_zone $binary_remote_addr zone=restricted_ip:10m rate=10r/m;
|
|
|
|
# http server
|
|
server {
|
|
server_name _;
|
|
listen 8080 default_server;
|
|
|
|
return 404;
|
|
}
|
|
|
|
# https server
|
|
server {
|
|
listen 443 ssl;
|
|
server_name home_vod_server;
|
|
|
|
ssl_certificate /certificate/cert.pem;
|
|
ssl_certificate_key /certificate/key.pem;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
|
|
ssl_prefer_server_ciphers on;
|
|
server_tokens off; # hide nginx version in response
|
|
|
|
# static media
|
|
location /media {
|
|
root /media-data/;
|
|
autoindex on;
|
|
auth_request /require_media_access;
|
|
limit_req zone=ip burst=12 delay=8;
|
|
|
|
# enable cache
|
|
expires 1d;
|
|
add_header Cache-Control "public, no-transform";
|
|
|
|
# kill cache
|
|
# add_header Last-Modified $date_gmt;
|
|
# add_header Cache-Control 'no-store, no-cache';
|
|
# if_modified_since off;
|
|
# expires off;
|
|
# etag off;
|
|
}
|
|
|
|
# auth request, passes query as header
|
|
location /require_media_access {
|
|
internal;
|
|
proxy_pass https://localhost:443/has_media_access;
|
|
proxy_pass_request_body off;
|
|
proxy_pass_request_headers on;
|
|
proxy_set_header Content-Length: "";
|
|
proxy_set_header X-Original-URI $request_uri;
|
|
}
|
|
|
|
# flask server
|
|
location / {
|
|
include uwsgi_params;
|
|
uwsgi_pass unix:///tmp/myapp.sock;
|
|
limit_req zone=ip burst=12 delay=8;
|
|
}
|
|
|
|
# flask server login
|
|
location /login {
|
|
include uwsgi_params;
|
|
uwsgi_pass unix:///tmp/myapp.sock;
|
|
limit_req zone=restricted_ip burst=4;
|
|
}
|
|
|
|
# flask server otp_verification
|
|
location /otp_verification {
|
|
include uwsgi_params;
|
|
uwsgi_pass unix:///tmp/myapp.sock;
|
|
limit_req zone=restricted_ip burst=4;
|
|
}
|
|
}
|