discours.io/core
5
0
Fork 0
Code Pull Requests Actions Projects Activity

debug: layer with logs added for debug allow_orrigin missing for dscrs.site domain

Browse Source
This commit is contained in:
Stepan Vladovskiy 2025-01-26 16:47:41 -03:00
parent a05f0afa8b
commit 0bbe1d428a
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nginx.conf.sigil
View File

@ -1,3 +1,7 @@
log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
'status=$status allow_origin=$allow_origin '
'"$http_referer" "$http_user_agent"';
{{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }} {{ $proxy_settings := "proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Host $http_host; proxy_set_header X-Request-Start $msec;" }}
{{ $gzip_settings := "gzip on; gzip_min_length 1100; gzip_buffers 4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_vary on; gzip_comp_level 6;" }} {{ $gzip_settings := "gzip on; gzip_min_length 1100; gzip_buffers 4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml; gzip_vary on; gzip_comp_level 6;" }}
@ -14,7 +18,7 @@ map $http_origin $allow_origin {
default ""; default "";
} }
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g \
inactive=60m use_temp_path=off; inactive=60m use_temp_path=off;
limit_conn_zone $binary_remote_addr zone=addr:10m; limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=20r/s; limit_req_zone $binary_remote_addr zone=req_zone:10m rate=20r/s;
@ -30,7 +34,7 @@ server {
listen [::]:{{ $listen_port }}; listen [::]:{{ $listen_port }};
listen {{ $listen_port }}; listen {{ $listen_port }};
server_name {{ $.NOSSL_SERVER_NAME }}; server_name {{ $.NOSSL_SERVER_NAME }};
access_log /var/log/nginx/{{ $.APP }}-access.log; access_log /var/log/nginx/{{ $.APP }}-access.log custom;
error_log /var/log/nginx/{{ $.APP }}-error.log; error_log /var/log/nginx/{{ $.APP }}-error.log;
client_max_body_size 100M; client_max_body_size 100M;
@ -38,7 +42,7 @@ server {
listen [::]:{{ $listen_port }} ssl http2; listen [::]:{{ $listen_port }} ssl http2;
listen {{ $listen_port }} ssl http2; listen {{ $listen_port }} ssl http2;
server_name {{ $.NOSSL_SERVER_NAME }}; server_name {{ $.NOSSL_SERVER_NAME }};
access_log /var/log/nginx/{{ $.APP }}-access.log; access_log /var/log/nginx/{{ $.APP }}-access.log custom;
error_log /var/log/nginx/{{ $.APP }}-error.log; error_log /var/log/nginx/{{ $.APP }}-error.log;
ssl_certificate {{ $.APP_SSL_PATH }}/server.crt; ssl_certificate {{ $.APP_SSL_PATH }}/server.crt;
ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key; ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
@ -69,7 +73,6 @@ server {
proxy_cache_lock on; proxy_cache_lock on;
# Connections and request limits increase (bad for DDos) # Connections and request limits increase (bad for DDos)
limit_conn addr 10000;
limit_req zone=req_zone burst=10 nodelay; limit_req zone=req_zone burst=10 nodelay;
} }
@ -84,11 +87,13 @@ server {
# } # }
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d; # This means that the client can cache these resources for 30 days. proxy_pass http://{{ $.APP }}-{{ $upstream_port }};
expires 30d;
add_header Cache-Control "public, no-transform"; add_header Cache-Control "public, no-transform";
} }
location ~* \.(mp3|wav|ogg|flac|aac|aif|webm)$ { location ~* \.(mp3|wav|ogg|flac|aac|aif|webm)$ {
proxy_pass http://{{ $.APP }}-{{ $upstream_port }};
if ($request_method = 'GET') { if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' $allow_origin always; add_header 'Access-Control-Allow-Origin' $allow_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
@ -123,11 +128,6 @@ server {
internal; internal;
} }
log_format custom '$remote_addr - $remote_user [$time_local] "$request" '
'status=$status allow_origin=$allow_origin '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log custom;
include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf; include {{ $.DOKKU_ROOT }}/{{ $.APP }}/nginx.conf.d/*.conf;
} }
{{ end }} {{ end }}