diff --git a/nginx-config/https/https-bodypainter-eu.conf b/nginx-config/https/https-bodypainter-eu.conf index 9013a63..25f430c 100755 --- a/nginx-config/https/https-bodypainter-eu.conf +++ b/nginx-config/https/https-bodypainter-eu.conf @@ -1,49 +1,70 @@ -limit_req_zone $binary_remote_addr zone=ip_limit:10m rate=2r/s; + # Limitowanie requestów (pozostawiamy bez zmian) + limit_req_zone $binary_remote_addr zone=ip_limit:10m rate=2r/s; -server { + # Konfiguracja cache (nowa część) + proxy_cache_path /var/cache/nginx/static levels=1:2 keys_zone=STATIC:50m inactive=24h max_size=500m use_temp_path=off; + proxy_cache_path /var/cache/nginx/media levels=1:2 keys_zone=MEDIA:100m inactive=7d max_size=2g use_temp_path=off; - listen 443 ssl; - - server_name www.bodypainter.eu; - - ssl_protocols TLSv1.2 TLSv1.3; - - ssl_ciphers HIGH:!aNULL:!MD5; - - ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem; - ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem; - - return 301 https://bodypainter.eu$request_uri; - -} - -server { - - listen 443 ssl; - server_name bodypainter.eu; - - server_tokens off; - - ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem; - ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; - - - location / { - - # Ograniczenie liczby żądań - limit_req zone=ip_limit burst=20 nodelay; + server { + listen 443 ssl; + server_name www.bodypainter.eu; - proxy_pass http://arti24-container:3000; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem; + ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - } - -} \ No newline at end of file + return 301 https://bodypainter.eu$request_uri; + } + + server { + listen 443 ssl; + server_name bodypainter.eu; + server_tokens off; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem; + ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem; + + location / { + limit_req zone=ip_limit burst=20 nodelay; + proxy_pass http://arti24-container:3000; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + } + + # Nowe lokacje dla cache'owania + location ~* \.(jpg|jpeg|png|gif|ico|webp)$ { + proxy_pass http://arti24-container:3000; + proxy_cache MEDIA; + proxy_cache_valid 200 30d; + proxy_cache_use_stale error timeout updating; + proxy_cache_lock on; + add_header X-Cache-Status $upstream_cache_status; + expires 1y; + access_log off; + + proxy_ignore_headers Cache-Control Set-Cookie; + proxy_hide_header Set-Cookie; + } + + location ~* \.(css|js)$ { + proxy_pass http://arti24-container:3000; + proxy_cache STATIC; + proxy_cache_valid 200 7d; + proxy_cache_use_stale error timeout updating; + proxy_cache_lock on; + add_header X-Cache-Status $upstream_cache_status; + expires 1y; + access_log off; + + proxy_ignore_headers Cache-Control Set-Cookie; + proxy_hide_header Set-Cookie; + } + } \ No newline at end of file