new limits of cache

nginx-config/https/https-bodypainter-eu.conf

@@ -1,77 +1,80 @@
-        error_log /var/log/nginx/error.log warn;  # tylko warningi i błęd
+error_log /var/log/nginx/error.log warn;
-         # Limitowanie requestów (pozostawiamy bez zmian)
+
-        limit_req_zone $binary_remote_addr zone=ip_limit:10m rate=30r/s;
+# Globalne limity z uwzględnieniem botów
-    
+map $http_user_agent $limit_key {
-        proxy_cache_path /var/cache/nginx 
+    default           $binary_remote_addr;
-            levels=1:2 
+    "~*Googlebot"     "";
-            keys_zone=COMBINED_CACHE:320m  # 256m + 64m
+    "~*Bingbot"       "";
-            inactive=7d 
+    "~*Slurp"         "";
-            max_size=2500m # Zostawiamy margines
+    "~*DuckDuckBot"   "";
-            use_temp_path=off
+    "~*Cloudflare"    "";
-            manager_files=0
+}
-            loader_files=0
+
-            loader_threshold=300
+limit_req_zone $limit_key zone=ip_limit:10m rate=200r/s;
-            loader_sleep=50;
+limit_req_status 429;
-            
+
-        server {
+proxy_cache_path /var/cache/nginx 
-            listen 443 ssl;
+    levels=1:2 
-            server_name www.bodypainter.eu;
+    keys_zone=COMBINED_CACHE:320m
-            
+    inactive=7d 
-            ssl_protocols TLSv1.2 TLSv1.3;
+    max_size=2500m
-            ssl_ciphers HIGH:!aNULL:!MD5;
+    use_temp_path=off
-            ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem;
+    manager_files=0
-            ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem;
+    loader_files=0
-            
+    loader_threshold=300
-            return 301 https://bodypainter.eu$request_uri;
+    loader_sleep=50;
-        }
+
-    
+server {
-        server {
+    listen 443 ssl;
-            listen 443 ssl;
+    server_name www.bodypainter.eu;
-            server_name bodypainter.eu;
+    ssl_protocols TLSv1.2 TLSv1.3;
-            server_tokens off;
+    ssl_ciphers HIGH:!aNULL:!MD5;
-    
+    ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem;
-            ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem;
-            ssl_ciphers HIGH:!aNULL:!MD5;
+    return 301 https://bodypainter.eu$request_uri;
-            ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem;
+}
-            ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem;
+
-    
+server {
-            location / {
+    listen 443 ssl;
-                limit_req zone=ip_limit burst=20 nodelay;
+    server_name bodypainter.eu;
-                proxy_pass http://arti24-container:3000;
+    server_tokens off;
-                
+
-                proxy_set_header X-Real-IP $remote_addr;
+    ssl_protocols TLSv1.2 TLSv1.3;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    ssl_ciphers HIGH:!aNULL:!MD5;
-                proxy_set_header X-Forwarded-Proto $scheme;
+    ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem;
-                proxy_set_header Host $host;
+    ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem;
-                proxy_set_header X-Forwarded-Host $host;
+
-                proxy_set_header X-Forwarded-Port $server_port;
+    # Główna lokalizacja
-            }
+    location / {
-    
+        limit_req zone=ip_limit burst=100 delay=50;
-            location ~* \.(jpg|jpeg|png|gif|ico|webp|svg)$ {
+        proxy_pass http://arti24-container:3000;
-                access_log off;
+        
-                proxy_pass http://arti24-container:3000;
+        proxy_http_version 1.1;
-                proxy_cache COMBINED_CACHE;
+        proxy_set_header Upgrade $http_upgrade;
-                proxy_cache_valid 200 30d;
+        proxy_set_header Connection "upgrade";
-                proxy_cache_min_uses 2;
+        proxy_set_header X-Real-IP $remote_addr;
-                proxy_cache_lock on;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_cache_lock_timeout 3s;
+        proxy_set_header X-Forwarded-Proto $scheme;
-                proxy_cache_key "$scheme$host$request_uri";
+        proxy_set_header Host $host;
-                add_header X-Cache-Status $upstream_cache_status;
+    }
-                
+
-                # Lepsza obsługa nagłówków
+    # Statyczne zasoby (obrazy, css, js, fonts)
-                proxy_ignore_headers "Set-Cookie";
+    location ~* \.(jpg|jpeg|png|gif|ico|webp|svg|css|js|woff2)$ {
-                proxy_cache_bypass $http_cache_purge;
+        limit_req off;
-                
+        proxy_cache COMBINED_CACHE;
-                # Optymalizacja buforowania
+        proxy_pass http://arti24-container:3000;
-                open_file_cache max=1000 inactive=20s;
+        proxy_cache_valid 200 30d;
-                open_file_cache_valid 30s;
+        proxy_cache_min_uses 2;
-                open_file_cache_min_uses 2;
+        proxy_cache_lock on;
-                open_file_cache_errors on;
+        proxy_cache_use_stale error timeout updating;
-                
+        add_header X-Cache-Status $upstream_cache_status;
-                expires 1y;
+        expires 1y;
-                access_log off;
+        access_log off;
-                proxy_cache_revalidate on;  # Dodaj dla świeżości danych
+    }
-                proxy_cache_background_update on;  # Lepsza wydajność
+
-            }
+    # Wyjątek dla API
-    
+    location ~ ^/(api|auth|webhook) {
-        }
+        limit_req off;
+        proxy_pass http://arti24-container:3000;
+    }
+}