45 lines
1.3 KiB
Text
45 lines
1.3 KiB
Text
# template for your own domain
|
|
|
|
# this defines ratelimit parameters.
|
|
# You can remove this if you don't want ratelimiting but it's a very good idea
|
|
# and will heavily limit the effectiveness of attacks so it's probably best to leave it in place.
|
|
limit_req_zone $binary_remote_addr zone=reqlimit_yourdomain:10m rate=20r/s; # CHANGE
|
|
|
|
# an example upstream for reverse proxying
|
|
#upstream myservice {
|
|
# server 127.0.0.1:3002;
|
|
#}
|
|
|
|
server {
|
|
server_name yourdomain.net; # CHANGE
|
|
root /srv/http/yourdomain.net; # CHANGE
|
|
|
|
# TODO SSL
|
|
|
|
listen (ipv4):80; # CHANGE to your ipv4 address if using ipv4
|
|
|
|
listen [(ipv6)]:80; # CHANGE to your ipv6 address if you want ipv6,
|
|
# or comment/remove if you don't have ipv6
|
|
# (likewise, for ipv4 if you don't want ipv4)
|
|
|
|
index index.php index.html; # CHANGE if not using php
|
|
|
|
#autoindex on; # CHANGE if you want to use fancyindex, comment out the next line,
|
|
#fancyindex on; # CHANGE or just comment out the line above if you only want
|
|
|
|
limit_req zone=reqlimit_yourdomain burst=20 delay=8; # CHANGE zone=
|
|
limit_req_status 429;
|
|
|
|
# Example of doing reverse proxying
|
|
#location ^~ /myapi {
|
|
# include bits/wsproxy_params;
|
|
# proxy_pass http://myservice/;
|
|
#}
|
|
|
|
|
|
# CHANGE comment or remove this if your domain doesn't use php
|
|
location ~ \.php$ {
|
|
include fastcgi.conf;
|
|
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
|
|
}
|
|
}
|