iampeter/pixelplanet
1
Fork 0
forked from ppfun/pixelplanet
Code Pull Requests Activity
master
pixelplanet/deployment/nginx/includes/canvas.conf
HF 5743276ea9 update nginx config 
reinstate temporary turk cooldown increase to 1.2
2023-06-10 13:22:17 +02:00

140 lines
3.3 KiB
Plaintext
Raw Permalink Blame History

# For maintenance
#location / {
# autoindex off;
# expires -1;
# access_log off;
# add_header Cache-Control "public";
# proxy_set_header X-Real-IP $remote_addr;
# root /home/pixelpla/pixelplace-redirect/wait;
#}
include /etc/nginx/includes/certbotroot.conf;
set $test 0;
if ($cloudflare_ip != 1) {
return 404;
}
if ($http_cf_ipcountry = "UA") {
set $test 1;
}
if ($deny_ws) {
set $test 1;
}
if ($allow_ws) {
set $test 0;
}
location / {
limit_req zone=general burst=20 delay=10;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 3M;
proxy_pass http://$ppfun$request_uri;
}
location = / {
proxy_no_cache 1;
if ( $query_string ) { return 403; }
limit_req zone=captcha burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://$ppfun$request_uri;
}
# for matrix
location /.well-known/matrix/client {
return 200 '{"m.homeserver": {"base_url": "https://matrix.pixelplanet.fun"}}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
# for matrix delegations
location /.well-known/matrix/server {
return 200 '{"m.server":"matrix.pixelplanet.fun:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
}
# block adminapi
location /adminapi {
return 403 '{"errors": ["Not allowed from nginx"]}';
default_type application/json;
}
location ~ ^/tiles/([0-9]+)/([0-9]+)/([0-9]+)/([0-9]+).webp$ {
proxy_no_cache 1;
expires $extile;
add_header Cache-Control "public";
add_header Access-Control-Allow-Origin *;
root /home/pixelpla/pixelplanet/tiles;
try_files /$1/$2/$3/$4.webp /$1/emptytile.webp =404;
}
location /chunks {
proxy_no_cache 1;
if ( $query_string ) { return 404; }
limit_req zone=chunks burst=400 delay=200;
access_log off;
proxy_pass http://$ppfun$request_uri;
}
location /ws {
limit_req zone=websocket burst=5;
if ($test) {
return 403;
}
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://$ppfun$request_uri;
}
location /captcha.svg {
proxy_no_cache 1;
limit_req zone=captcha burst=5;
limit_req_status 429;
if ($test) {
return 403;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://$ppfun$request_uri;
}
location /reset_password {
limit_req zone=authimp burst=3;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://$ppfun$request_uri;
}
location /mcws {
proxy_no_cache 1;
limit_req zone=websocket burst=5;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://$ppfun$request_uri;
}
location /api/auth {
proxy_no_cache 1;
if ($test) {
return 403;
}
limit_req zone=websocket burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://$ppfun$request_uri;
}
location /moderation {
autoindex on;
expires 15m;
add_header Cache-Control "public";
root /home/pixelpla/pixelplanet/log;
}
View Git Blame Copy Permalink