# template for your own domain

# this defines ratelimit parameters.
# You can remove this if you don't want ratelimiting but it's a very good idea
# and will heavily limit the effectiveness of attacks so it's probably best to leave it in place.
limit_req_zone $binary_remote_addr zone=reqlimit_yourdomain:10m rate=20r/s; # CHANGE

# an example upstream for reverse proxying
#upstream myservice { 
#	server 127.0.0.1:3002;
#}

server {
	server_name yourdomain.net; # CHANGE
	root /srv/http/yourdomain.net; # CHANGE

	# TODO SSL

	listen (ipv4):80; # CHANGE to your ipv4 address if using ipv4

	listen [(ipv6)]:80; # CHANGE to your ipv6 address if you want ipv6,
					   # or comment/remove if you don't have ipv6
					   # (likewise, for ipv4 if you don't want ipv4)

	index index.php index.html; # CHANGE if not using php

	#autoindex on; # CHANGE if you want to use fancyindex, comment out the next line,
	#fancyindex on; # CHANGE or just comment out the line above if you only want

	limit_req zone=reqlimit_yourdomain burst=20 delay=8; # CHANGE zone=
	limit_req_status 429;

	# Example of doing reverse proxying
	#location ^~ /myapi {
	#	include bits/wsproxy_params;
	#	proxy_pass http://myservice/;
	#}


	# CHANGE comment or remove this if your domain doesn't use php
	location ~ \.php$ {
		include fastcgi.conf;
		fastcgi_pass unix:/run/php-fpm/php-fpm.sock;		
	}
}