140 lines
3.3 KiB
Plaintext
140 lines
3.3 KiB
Plaintext
# For maintenance
|
|
#location / {
|
|
# autoindex off;
|
|
# expires -1;
|
|
# access_log off;
|
|
# add_header Cache-Control "public";
|
|
# proxy_set_header X-Real-IP $remote_addr;
|
|
# root /home/pixelpla/pixelplace-redirect/wait;
|
|
#}
|
|
|
|
include /etc/nginx/includes/certbotroot.conf;
|
|
|
|
set $test 0;
|
|
if ($cloudflare_ip != 1) {
|
|
return 404;
|
|
}
|
|
if ($http_cf_ipcountry = "UA") {
|
|
set $test 1;
|
|
}
|
|
if ($deny_ws) {
|
|
set $test 1;
|
|
}
|
|
if ($allow_ws) {
|
|
set $test 0;
|
|
}
|
|
|
|
location / {
|
|
limit_req zone=general burst=20 delay=10;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
client_max_body_size 3M;
|
|
proxy_pass http://$ppfun$request_uri;
|
|
}
|
|
|
|
location = / {
|
|
proxy_no_cache 1;
|
|
if ( $query_string ) { return 403; }
|
|
limit_req zone=captcha burst=5;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_pass http://$ppfun$request_uri;
|
|
}
|
|
|
|
# for matrix
|
|
location /.well-known/matrix/client {
|
|
return 200 '{"m.homeserver": {"base_url": "https://matrix.pixelplanet.fun"}}';
|
|
default_type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
}
|
|
|
|
# for matrix delegations
|
|
location /.well-known/matrix/server {
|
|
return 200 '{"m.server":"matrix.pixelplanet.fun:443"}';
|
|
default_type application/json;
|
|
add_header Access-Control-Allow-Origin *;
|
|
}
|
|
|
|
# block adminapi
|
|
location /adminapi {
|
|
return 403 '{"errors": ["Not allowed from nginx"]}';
|
|
default_type application/json;
|
|
}
|
|
|
|
location ~ ^/tiles/([0-9]+)/([0-9]+)/([0-9]+)/([0-9]+).webp$ {
|
|
proxy_no_cache 1;
|
|
expires $extile;
|
|
add_header Cache-Control "public";
|
|
add_header Access-Control-Allow-Origin *;
|
|
root /home/pixelpla/pixelplanet/tiles;
|
|
try_files /$1/$2/$3/$4.webp /$1/emptytile.webp =404;
|
|
}
|
|
|
|
location /chunks {
|
|
proxy_no_cache 1;
|
|
if ( $query_string ) { return 404; }
|
|
limit_req zone=chunks burst=400 delay=200;
|
|
access_log off;
|
|
proxy_pass http://$ppfun$request_uri;
|
|
}
|
|
|
|
location /ws {
|
|
limit_req zone=websocket burst=5;
|
|
if ($test) {
|
|
return 403;
|
|
}
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_pass http://$ppfun$request_uri;
|
|
}
|
|
|
|
location /captcha.svg {
|
|
proxy_no_cache 1;
|
|
limit_req zone=captcha burst=5;
|
|
limit_req_status 429;
|
|
if ($test) {
|
|
return 403;
|
|
}
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://$ppfun$request_uri;
|
|
}
|
|
|
|
location /reset_password {
|
|
limit_req zone=authimp burst=3;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass http://$ppfun$request_uri;
|
|
}
|
|
|
|
location /mcws {
|
|
proxy_no_cache 1;
|
|
limit_req zone=websocket burst=5;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_pass http://$ppfun$request_uri;
|
|
}
|
|
|
|
location /api/auth {
|
|
proxy_no_cache 1;
|
|
if ($test) {
|
|
return 403;
|
|
}
|
|
limit_req zone=websocket burst=5;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_pass http://$ppfun$request_uri;
|
|
}
|
|
|
|
location /moderation {
|
|
autoindex on;
|
|
expires 15m;
|
|
add_header Cache-Control "public";
|
|
root /home/pixelpla/pixelplanet/log;
|
|
}
|