|
|
|
limit_req_zone $binary_remote_addr zone=loginlimit:10m rate=1r/s;
|
|
|
|
|
|
|
|
server {
|
|
|
|
server_name ${BOOKWYRM_HOSTNAME} ${BOOKWYRM_HOSTNAME}.${DOMAIN_NAME};
|
|
|
|
|
|
|
|
sendfile on;
|
|
|
|
tcp_nopush on;
|
|
|
|
tcp_nodelay on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
types_hash_max_size 2048;
|
|
|
|
#include /etc/nginx/mime.types;
|
|
|
|
#default_type application/octet-stream;
|
|
|
|
|
|
|
|
gzip on;
|
|
|
|
gzip_disable "msie6";
|
|
|
|
|
|
|
|
proxy_read_timeout 1800s;
|
|
|
|
chunked_transfer_encoding on;
|
|
|
|
|
|
|
|
client_body_buffer_size 10M;
|
|
|
|
client_max_body_size 10M;
|
|
|
|
|
|
|
|
location ~ ^/(login[^-/]|password-reset|resend-link|2fa-check) {
|
|
|
|
limit_req zone=loginlimit;
|
|
|
|
|
|
|
|
proxy_pass http://bookwyrm-web:8000;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location ~ ^/(api|oidc|preferences) {
|
|
|
|
proxy_pass http://bookwyrm-web:8000;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_redirect off;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location / {
|
|
|
|
proxy_cache mycache;
|
|
|
|
add_header X-Cache-Status $upstream_cache_status;
|
|
|
|
proxy_ignore_headers Cache-Control Set-Cookie Expires;
|
|
|
|
#proxy_ignore_headers Cache-Control;
|
|
|
|
|
|
|
|
# logged in sessions and PUT bypass the cache
|
|
|
|
proxy_cache_methods GET HEAD;
|
|
|
|
proxy_no_cache $cookie_session;
|
|
|
|
proxy_cache_bypass $cookie_session;
|
|
|
|
|
|
|
|
proxy_cache_valid any 1m;
|
|
|
|
|
|
|
|
proxy_pass http://bookwyrm-web:8000;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_redirect off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /images/ {
|
|
|
|
alias /bookwyrm/app/images/;
|
|
|
|
#access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /static/ {
|
|
|
|
alias /bookwyrm/app/static/;
|
|
|
|
#access_log off;
|
|
|
|
}
|
|
|
|
|
|
|
|
include /etc/nginx/includes/ssl.conf;
|
|
|
|
}
|