Update README instructions and nginx.conf for v2.0 release
This commit is contained in:
wiz
153
nginx.conf
153
nginx.conf
@@ -1,81 +1,126 @@
|
||||
user www-data;
|
||||
user nobody;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
worker_processes auto;
|
||||
pid /run/nginx.pid;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
worker_rlimit_nofile 100000;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
# multi_accept on;
|
||||
worker_connections 9000;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 300s;
|
||||
types_hash_max_size 2048;
|
||||
|
||||
server_tokens off;
|
||||
server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
proxy_cache off;
|
||||
# reset timed out connections freeing ram
|
||||
reset_timedout_connection on;
|
||||
# maximum time between packets the client can pause when sending nginx any data
|
||||
client_body_timeout 10s;
|
||||
# maximum time the client has to send the entire header to nginx
|
||||
client_header_timeout 10s;
|
||||
# timeout which a single keep-alive client connection will stay open
|
||||
keepalive_timeout 69s;
|
||||
# maximum time between packets nginx is allowed to pause when sending the client data
|
||||
send_timeout 10s;
|
||||
|
||||
# number of requests per connection, does not affect SPDY
|
||||
keepalive_requests 100;
|
||||
|
||||
# enable gzip compression
|
||||
gzip on;
|
||||
gzip_comp_level 5;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied any;
|
||||
gzip_vary on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 6;
|
||||
gzip_min_length 1000;
|
||||
gzip_proxied expired no-cache no-store private auth;
|
||||
# text/html is always compressed by gzip module
|
||||
gzip_types application/javascript application/json application/ld+json application/manifest+json application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard;
|
||||
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # text/html is always compressed by gzip module
|
||||
# limit request body size
|
||||
client_max_body_size 10m;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name example.com;
|
||||
# proxy cache
|
||||
proxy_cache off;
|
||||
proxy_cache_path /var/cache/nginx keys_zone=cache:20m levels=1:2 inactive=600s max_size=500m;
|
||||
types_hash_max_size 2048;
|
||||
|
||||
if ($host = example.com) {
|
||||
return 301 https://$host$request_uri;
|
||||
} # managed by Certbot
|
||||
# exempt localhost from rate limit
|
||||
geo $limited_ip {
|
||||
default 1;
|
||||
127.0.0.1 0;
|
||||
}
|
||||
map $limited_ip $limited_ip_key {
|
||||
1 $binary_remote_addr;
|
||||
0 '';
|
||||
}
|
||||
|
||||
return 404; # managed by Certbot
|
||||
# rate limit requests
|
||||
limit_req_zone $limited_ip_key zone=api:5m rate=200r/m;
|
||||
limit_req_zone $limited_ip_key zone=electrs:5m rate=2000r/m;
|
||||
limit_req_status 429;
|
||||
|
||||
# rate limit connections
|
||||
limit_conn_zone $limited_ip_key zone=websocket:10m;
|
||||
limit_conn_status 429;
|
||||
|
||||
map $http_accept_language $header_lang {
|
||||
default en-US;
|
||||
~*^en-US en-US;
|
||||
~*^en en-US;
|
||||
~*^ar ar;
|
||||
~*^cs cs;
|
||||
~*^de de;
|
||||
~*^es es;
|
||||
~*^fa fa;
|
||||
~*^fr fr;
|
||||
~*^ja ja;
|
||||
~*^ka ka;
|
||||
~*^nl nl;
|
||||
~*^nn nn;
|
||||
~*^pt pt;
|
||||
~*^sl sl;
|
||||
~*^sv sv;
|
||||
~*^tr tr;
|
||||
~*^uk uk;
|
||||
~*^vi vi;
|
||||
~*^zh zh;
|
||||
}
|
||||
|
||||
map $cookie_lang $lang {
|
||||
default $header_lang;
|
||||
~*^en-US en-US;
|
||||
~*^en en-US;
|
||||
~*^ar ar;
|
||||
~*^cs cs;
|
||||
~*^de de;
|
||||
~*^es es;
|
||||
~*^fa fa;
|
||||
~*^fr fr;
|
||||
~*^ja ja;
|
||||
~*^ka ka;
|
||||
~*^nl nl;
|
||||
~*^nn nn;
|
||||
~*^pt pt;
|
||||
~*^sl sl;
|
||||
~*^sv sv;
|
||||
~*^tr tr;
|
||||
~*^uk uk;
|
||||
~*^vi vi;
|
||||
~*^zh zh;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl http2; # managed by Certbot
|
||||
listen 443 ssl http2; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
server_name example.com; # managed by Certbot
|
||||
|
||||
index index.html;
|
||||
root /var/www/html;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html =404;
|
||||
}
|
||||
|
||||
location /api {
|
||||
proxy_pass http://127.0.0.1:8999/api;
|
||||
}
|
||||
|
||||
location /electrs/ {
|
||||
proxy_pass http://127.0.0.1:3000/;
|
||||
}
|
||||
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:8999/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
listen 127.0.0.1:80;
|
||||
include /etc/nginx/nginx-mempool.conf;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user