# template for your own domain # this defines ratelimit parameters. # You can remove this if you don't want ratelimiting but it's a very good idea # and will heavily limit the effectiveness of attacks so it's probably best to leave it in place. limit_req_zone $binary_remote_addr zone=reqlimit_yourdomain:10m rate=20r/s; # CHANGE # an example upstream for reverse proxying #upstream myservice { # server 127.0.0.1:3002; #} server { server_name yourdomain.net; # CHANGE root /srv/http/yourdomain.net; # CHANGE # TODO SSL listen (ipv4):80; # CHANGE to your ipv4 address if using ipv4 listen [(ipv6)]:80; # CHANGE to your ipv6 address if you want ipv6, # or comment/remove if you don't have ipv6 # (likewise, for ipv4 if you don't want ipv4) index index.php index.html; # CHANGE if not using php #autoindex on; # CHANGE if you want to use fancyindex, comment out the next line, #fancyindex on; # CHANGE or just comment out the line above if you only want limit_req zone=reqlimit_yourdomain burst=20 delay=8; # CHANGE zone= limit_req_status 429; # Example of doing reverse proxying #location ^~ /myapi { # include bits/wsproxy_params; # proxy_pass http://myservice/; #} # CHANGE comment or remove this if your domain doesn't use php location ~ \.php$ { include fastcgi.conf; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; } }