I am trying to implement Dynamic Rendering for google.
I have a server on Laravel Forge for serving a Nuxt.js application and I want to use prerender.io
Prerender.io gives an nginx config to use but my current config seems a lot different from it. I don't have any experience with it so I am asking for help if there is anyone who can help.
This is my current nginx config
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/beta.example.com/before/*;
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name beta.example.com;
root /home/forge/beta.example.com/dist;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/beta.example.com/50331/server.crt;
ssl_certificate_key /etc/nginx/ssl/beta.example.com/50331/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/beta.example.com/server/*;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000; # set the adress of the Node.js
}
access_log off;
error_log /var/log/nginx/beta.example.com-error.log error;
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/beta.example.com/after/*;
This is how it should look like
https://gist.github.com/thoop/8165802
My main question basically is what happens to the current location / block.
You have two ways to achieve your goal:
Nuxt.js has its own pre-render solution. you could find it here.
If you still want to use prerender.io, here is an example:
I saw that your Nginx is proxying all traffic to http://127.0.0.1:3000, which is presumably a backend written in Node.js. So you could directly update your location / block to use prerender.io to catch everything.
...
location / {
proxy_set_header X-Prerender-Token YOUR_TOKEN;
set $prerender 0;
if ($http_user_agent ~* "googlebot|bingbot|yandex|baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~* "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff|svg|eot)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /$scheme://$host$request_uri? break;
proxy_pass http://$prerender;
}
try_files #backend;
}
location #backend {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000; # set the adress of the Node.js
}
...
Related
We would like to launch a NextJS 10 app using NGINX so we use a configuration similar to:
location /_next/static/ {
alias /home/ec2-user/my-app/.next/static/;
expires 1y;
access_log on;
}
It works great, it caches for a year our statics but as we use NextJS images I'm failing to add an expires tag on on-the-fly resized images.
If I do:
location /_next/image/ {
alias /home/ec2-user/my-app/.next/image;
expires 1y;
access_log on;
}
It just returns a 404 on images.
Here is my server part NGINX config :
server {
listen 80;
server_name *.my-website.com;
# root /usr/share/nginx/html;
# root /home/ec2-user/my-app;
charset utf-8;
client_max_body_size 20M;
client_body_buffer_size 20M;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
underscores_in_headers on;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin" always;
location = /robots.txt {
proxy_pass https://api.my-website.com/robots.txt;
}
location /_next/static/ {
alias /home/ec2-user/my-app/.next/static/;
expires 1y;
access_log on;
}
location / {
# reverse proxy for merchant next server
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_cache_bypass $http_upgrade;
proxy_buffering off;
}
}
Here is an example how you can rely of upstream Content-Type header to set up the Expires and Cache-Control headers:
map $upstream_http_content_type $expire {
~^image/ 1y; # 'image/*' content type
default off;
}
server {
...
location / {
# reverse proxy for merchant next server
proxy_pass http://localhost:3000;
...
expires $expire;
}
}
The same way you can tune cache control headers for any other content type of proxied response. The $upstream_http_<name> nginx variable is described here.
Update
To add cache control headers only by specific URIs you can use two chained map blocks:
map $uri $expire_by_uri {
~^/_next/image/ 1y;
default off;
}
map $upstream_http_content_type $expire {
~^image/ $expire_by_uri;
default off;
}
And if you don't expect anything but the images from /_next/image/... URIs, you can just use the
map $uri $expire {
~^/_next/image/ 1y;
default off;
}
So I am trying to setup a nginx reverse proxy in my network to only have 2 external ports out to the world. I am taking in both http and https traffic and using HSTS to force https. I am able to reverse proxy to applications running on the standard port 80/443, but when I try to reverse proxy to a application running on a docker host it gets weird. In the address bar it changes from fireampersand.ca/website to fireampersand.ca:8050/website. Im not sure why. Im still fairly new to nginx so maybe it is something obvious. Any help would be appreciated.
nginx.conf
events {
}
http {
server {
listen 80 default_server;
server_name fireampersand.ca;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
return 301 https://$host;
}
server {
listen 443 ssl http2 default_server;
server_name fireampersand.ca;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate "/etc/letsencrypt/live/fireampersand.ca-0001/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/fireampersand.ca-0001/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
location ~* ^/owa { proxy_pass https://starscream.fireampersand.ca; }
location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://starscream.fireampersand.ca; }
location ~* ^/ecp { proxy_pass https://starscream.fireampersand.ca; }
location ~* ^/rpc { proxy_pass https://starscream.fireampersand.ca; }
location ~* ^/portainer { proxy_pass http://docker.fireampersand.ca:9000; }
location ~* ^/foodbank { proxy_pass https://docker.fireampersand.ca:8002; }
location ~* ^/website/ { proxy_pass http://docker.fireampersand.ca:8050; }
location / { root /usr/share/nginx/html;}
}
}
I have an Odoo app running on port 8069, and while this setup worked fine in my old server, my new server is using Engintron which seems to have a different method of working with vhosts. The standout issue is that under common_http.conf, this line becomes a duplicate of the vhost needed to run the app but is included in the automatically generated config that gets overridden whenever a new cpanel account is created, deleted, or when Engintron is updated.
What would be the correct way of setting this up properly within Engintron?
common_http.conf
location / {
try_files $uri $uri/ #backend;
}
# This location / ends up getting included in the custom
# vhost which is needed for all of the sites except this Odoo app.
custom_vhost.com.conf
upstream example{
server 127.0.0.1:8069 weight=1 fail_timeout=0;
}
upstream example-chat {
server 127.0.0.1:8072 weight=1 fail_timeout=0;
}
server {
listen [::]:80;
server_name delegates.example.com;
return 301 https://delegates.example.com$request_uri;
}
server {
listen [::]:80;
server_name vendors.example.com;
return 301 https://vendors.example.com$request_uri;
}
server {
listen [::]:80;
server_name example.com;
return 301 https://example.com;
}
server {
listen [::]:80;
server_name *.example.com;
return 301 https://example.com;
}
server {
listen [::]:443 ssl;
server_name pgadmin.example.com;
# well-known_start
location ^~ /.well-known {
add_header Host-Header 192fc2e7e50945beb8231a492d6a8024;
root /home/example/public_html;
}
# well-known_end
ssl_certificate /var/cpanel/ssl/apache_tls/*.example.com/combined;
ssl_certificate_key /var/cpanel/ssl/apache_tls/*.example.com/combined;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Content-Type-Options nosniff;
add_header Cache-Control public;
location / {
deny all;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:5050;
}
}
server {
listen [::]:443 ssl;
server_name example.com www.example.com;
return 301 https://example.com;
}
server {
listen [::]:443 ssl http2;
server_name vendors.example.com delegates.example.com;
client_max_body_size 200m;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
#proxy_set_header X-Odoo-dbfilter ^%d\Z;
proxy_redirect off;
proxy_buffering off;
# well-known_start
location ^~ /.well-known {
add_header Host-Header 192fc2e7e50945beb8231a492d6a8024;
root /home/example/public_html;
}
# well-known_end
ssl_certificate /var/cpanel/ssl/apache_tls/*.example.com/combined;
ssl_certificate_key /var/cpanel/ssl/apache_tls/*.example.com/combined;
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# adds gzip options
gzip on;
gzip_types text/css text/plain text/xml application/xml application/javascript application/x-javascript text/javascript application/json text/x-json;
gzip_proxied no-store no-cache private expired auth;
#gzip_min_length 1000;
gzip_disable "MSIE [1-6]\.";
location /longpolling {
proxy_pass http://example-chat;
}
location ~* /web/static/ {
gzip_static on;
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
add_header Cache-Control public;
proxy_pass http://example;
}
location / {
error_page 403 = https://example.com;
proxy_pass http://example;
proxy_redirect off;
gzip_static on;
}
# The above location becomes a duplicate of the previous default location - which in turn fails the validity of the configuration.
location ~* /web/content/ {
gzip_static on;
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
add_header Cache-Control public;
proxy_pass http://example;
}
location /web/database/manager {
deny all;
error_page 403 https://example.com;
proxy_pass http://example;
}
}
Since the conf files are added in alphabetical order, and any conflicting or duplicate settings are ignored - I ended up changing the name of the file so that it's included before the other ones. Also made the file immutable with the following command:
chattr +ai 1_custom_vhost.com.conf
I'm quite sure this is not a graceful solution, but it does the job for now.
I m creating a website and it works fine on Chrome and FireFox, but i m getting a error on Safari:
"NSPOSIXErrorDomain:100"
I found a post telling about apparently Safari doesn’t like multiple line HTTP headers under HTTP/2, and telling to me edit my config files and remove all mutiple line config.
My server uses CPnginx, and thath is my config file:
#:hybrid:Nginx serve static files apache serve dynamic files:2.0:
server {
listen 107.161.189.242:443 ssl http2 ;
server_name meusite.com.br www.meusite.com.br;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl.cert.d/meusite.com.br_cert;
ssl_certificate_key /usr/local/nginx/conf/ssl.key.d/meusite.com.br_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
#.............. Cpnginx OCSP stapling protection for security start ....................
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /usr/local/nginx/conf/ssl.ca.d/meusite.com.br_ca-bundle;
resolver 127.0.0.1 8.8.8.8 4.2.2.1 8.8.4.4 4.2.2.2 valid=300s;
resolver_timeout 5s;
#.............. Cpnginx OCSP stapling protection for security end....................
location = /favicon.ico {
log_not_found off;
}
access_log /usr/local/apache/domlogs/meusite.com.br-bytes_log bytes_log buffer=32k flush=5m;
access_log /usr/local/apache/domlogs/meusite.com.br-ssl_log combined buffer=32k flush=5m;
referer_hash_bucket_size 512;
# Static files directly from nginx
location ~* ^.+.(jpg|jpeg|gif|png|svg|webp|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css|3gp|sis|sisx|nth)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
root /home/meusitecom/public_html;
error_page 404 = #apache;
log_not_found off;
}
keepalive_requests 100;
keepalive_timeout 60s;
# Symlink attack
disable_symlinks on from=$document_root;
autoindex on;
# Disable direct access to .ht files and folders
location ~ /\.ht {
deny all;
}
# Access all cpanel services
location ~* ^/(cpanel|webmail|whm|bandwidth|img-sys|java-sys|mailman/archives|pipermail|sys_cpanel|cgi-sys|mailman) {
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Enabled MP4 streaming
location ~ .mp4$ {
mp4;
mp4_buffer_size 4M;
mp4_max_buffer_size 10M;
}
# X-FRAME attach protection
add_header X-Frame-Options "SAMEORIGIN";
# Protect sql injections
set $block_sql_injections 0;
if ($query_string ~ "union.*select.*\(") {
set $block_sql_injections 1;
}
if ($query_string ~ "union.*all.*select.*") {
set $block_sql_injections 1;
}
if ($query_string ~ "concat.*\(") {
set $block_sql_injections 1;
}
if ($block_sql_injections = 1) {
return 403;
}
# common exploit protection
set $block_common_exploits 0;
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
set $block_common_exploits 1;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "proc/self/environ") {
set $block_common_exploits 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
set $block_common_exploits 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
set $block_common_exploits 1;
}
if ($block_common_exploits = 1) {
return 403;
}
# Hot Link protections
location ~ \.(jpe?g|png|gif|svg|tiff|bmp|webp|bpg)$ {
valid_referers none blocked meusite.com.br *.meusite.com.br;
if ($invalid_referer) {
return 403;
}
}
location #apache {
internal;
# Internal 404 redirect of static file to apache
access_log off;
log_not_found off;
client_max_body_size 2000m;
client_body_buffer_size 512k;
proxy_buffering on;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 32 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_connect_timeout 300s;
proxy_http_version 1.1;
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
location / {
access_log off;
# include /usr/local/nginx/conf/vhost.ssl.d/meusite.com.br.rewrite;
log_not_found off;
client_max_body_size 2000m;
client_body_buffer_size 512k;
proxy_buffering on;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_buffer_size 64k;
proxy_buffers 32 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_connect_timeout 300s;
proxy_http_version 1.1;
proxy_pass https://107.161.189.242:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
# include /usr/local/nginx/conf/vhost.ssl.d/meusite.com.br.include;
}
server {
listen 107.161.189.242:443 ssl http2 ;
server_name cpanel.meusite.com.br whm.meusite.com.br webmail.meusite.com.br webdisk.meusite.com.br cpcalendars.meusite.com.br cpcontacts.meusite.com.br mail.meusite.com.br;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl.cert.d/meusite.com.br_cert;
ssl_certificate_key /usr/local/nginx/conf/ssl.key.d/meusite.com.br_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log off;
location / {
location ~ /.well-known{
root /home/meusitecom/public_html;
}
proxy_pass https://127.0.0.1:9443;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
What i m need to change on this file?
Well, after many tests, i found a solution to my problem.
I have add the directive "proxy_hide_header Upgrade;" on my nginx.conf, to ignore the header Upgrade, for some reason it's crashing on Safari.
I can't answer your question; but, I can help you with strategy to diagnose your problem.
First, the nginx config (as big as it is) does not contain the answer. What I do see are several proxy_pass lines. One (or more) of these upstream servers are returning content that violates RFC7230.
You can prove that nginx is not causing your problem by pointing you bowser directly at https://107.161.189.242:9443. Or you can stop nginx and move the process serving port 9443 to port 443.
I have installed Nginx 1.8.0 that works with a reversed proxy to a Tomcat 8, everything's works perfectly. However, I would like to enable proxy-cache ONLY for images, CSS and js (primarily static content); I would not like to cache any get to the server because the values may change from one request to other.
I found some configuration but still not working for me, do you guys know how to configure it correctly?
I saw this https://serverfault.com/questions/494669/setting-up-a-reverse-proxy-to-cache-images post; however is not clear for me that it will cache only static content, seems that it will cache any 200 response.
Thanks a lot...
-- UPDATE --
I have my images (blablasite.com/images), same for js and css; just replace images for js and css
I have something like this
server {
listen 80;
server_name blablasite.com;
# add ssl settings
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name blablasite.com;
root html;
keepalive_timeout 70;
client_max_body_size 50m;
#charset koi8-r;
ssl_certificate /blablasite.com-combined.crt;
ssl_certificate_key /ssl/blablasite.com.key;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
# HTTP Strict Transport Security
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options "DENY";
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
access_log /var/log/nginx/host.access.log main;
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1d;
access_log off;
add_header Cache-Control "public";
# boilerplate copied from location /
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location / {
if (-f /webapps/blablasite/maintenance_on.html) {
return 503;
}
index index.html index.jsp;
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location /login {
# apply rate limiting
limit_req zone=login burst=5;
# boilerplate copied from location /
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}