diff --git a/nginx-config/https/bodypainter-eu.conf b/nginx-config/https/bodypainter-eu.conf index 0d52fcc..6f595ae 100755 --- a/nginx-config/https/bodypainter-eu.conf +++ b/nginx-config/https/bodypainter-eu.conf @@ -2,53 +2,59 @@ error_log /var/log/nginx/error.log warn; # Globalne limity z uwzględnieniem botów map $http_user_agent $limit_key { - default $binary_remote_addr; - "~*Googlebot" ""; - "~*Bingbot" ""; - "~*Slurp" ""; - "~*DuckDuckBot" ""; - "~*Cloudflare" ""; + default $binary_remote_addr; + "~*Googlebot" ""; + "~*Bingbot" ""; + "~*Slurp" ""; + "~*DuckDuckBot" ""; + "~*Cloudflare" ""; } limit_req_zone $limit_key zone=ip_limit:10m rate=200r/s; limit_req_status 429; -proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=COMBINED_CACHE:320m inactive=7d max_size=2500m use_temp_path=off manager_files=0 loader_files=0 loader_threshold=300 loader_sleep=50; +proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=COMBINED_CACHE:320m inactive=7d + max_size=2500m use_temp_path=off manager_files=100 loader_files=100 + loader_threshold=300 loader_sleep=50; +# ------------------------------------------------------ +# REDIRECT WWW -> NON-WWW +# ------------------------------------------------------ server { listen 443 ssl; server_name www.bodypainter.eu; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; + ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem; ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem; + return 301 https://bodypainter.eu$request_uri; } +# ------------------------------------------------------ +# GŁÓWNY SERWER +# ------------------------------------------------------ server { listen 443 ssl; - server_name bodypainter.eu www.bodypainter.eu; + server_name bodypainter.eu; + server_tokens off; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; ssl_certificate /letsencrypt/live/bodypainter.eu/fullchain.pem; ssl_certificate_key /letsencrypt/live/bodypainter.eu/privkey.pem; # Główna lokalizacja location / { - # Optymalizacja buforowania - proxy_buffering on; - proxy_buffer_size 128k; # Pojedynczy bufor (większy niż domyślne 4k/8k) - proxy_buffers 8 1M; # 8 buforów po 1MB każdy (łącznie 8MB na żądanie) - proxy_busy_buffers_size 2M; # Bufor "w trakcie wysyłki" - proxy_max_temp_file_size 0; # Wyłącz zapis na dysk (jeśli masz wystarczająco RAM) - - - limit_req zone=ip_limit burst=100 delay=50; + proxy_buffering on; + proxy_buffer_size 128k; + proxy_buffers 8 1M; + proxy_busy_buffers_size 2M; + proxy_max_temp_file_size 0; + + limit_req zone=ip_limit burst=200 nodelay; + proxy_pass http://arti24-container:3000; - + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -58,21 +64,21 @@ server { proxy_set_header Host $host; } - # Statyczne zasoby (obrazy, fonts) + # Statyczne zasoby (obrazy, fonty) location ~* \.(jpg|jpeg|png|gif|ico|webp|avif|svg|woff2)$ { + proxy_cache COMBINED_CACHE; - proxy_pass http://arti24-container:3000; - - # Optymalizacja buforowania (specjalnie dla obrazów) - proxy_buffers 16 1M; # 16 buforów po 1MB - proxy_busy_buffers_size 4M; - proxy_cache_valid 200 30d; proxy_cache_min_uses 2; proxy_cache_lock on; proxy_cache_use_stale error timeout updating; + + proxy_pass http://arti24-container:3000; + + proxy_buffers 16 1M; + proxy_busy_buffers_size 4M; + add_header X-Cache-Status $upstream_cache_status; expires 1y; - } -} \ No newline at end of file +}