75 lines
2.5 KiB
Text
Executable file
75 lines
2.5 KiB
Text
Executable file
#=========================================================================#
|
|
# Default Web Domain Template #
|
|
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
|
|
# https://docs.hestiacp.com/admin_docs/web.html#how-do-web-templates-work #
|
|
#=========================================================================#
|
|
proxy_cache_path /tmp/nginx-cache-jiji levels=1:2 keys_zone=r2_cache:10m max_size=10g inactive=48h use_temp_path=off;
|
|
|
|
server {
|
|
listen %ip%:%proxy_ssl_port% ssl;
|
|
listen [::]:%proxy_ssl_port% ssl;
|
|
server_name %domain_idn% %alias_idn%;
|
|
ssl_certificate %ssl_pem%;
|
|
ssl_certificate_key %ssl_key%;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
|
|
# TLS 1.3 0-RTT anti-replay
|
|
if ($anti_replay = 307) { return 307 https://$host$request_uri; }
|
|
if ($anti_replay = 425) { return 425; }
|
|
|
|
error_log /var/log/%web_system%/domains/%domain%.error.log error;
|
|
|
|
include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;
|
|
|
|
root /home/mastodon/public/system;
|
|
|
|
set $s3_backend 'https://img-r2.jiji.su';
|
|
|
|
keepalive_timeout 30;
|
|
|
|
location = / {
|
|
index index.html;
|
|
}
|
|
location / {
|
|
try_files $uri @r2;
|
|
}
|
|
|
|
location @r2 {
|
|
limit_except GET {
|
|
deny all;
|
|
}
|
|
|
|
#resolver 9.9.9.9;
|
|
proxy_set_header Host 'img-r2.jiji.su';
|
|
proxy_set_header Connection '';
|
|
proxy_set_header Authorization '';
|
|
proxy_hide_header Set-Cookie;
|
|
proxy_hide_header 'Access-Control-Allow-Origin';
|
|
proxy_hide_header 'Access-Control-Allow-Methods';
|
|
proxy_hide_header 'Access-Control-Allow-Headers';
|
|
proxy_hide_header x-amz-id-2;
|
|
proxy_hide_header x-amz-request-id;
|
|
proxy_hide_header x-amz-meta-server-side-encryption;
|
|
proxy_hide_header x-amz-server-side-encryption;
|
|
proxy_hide_header x-amz-bucket-region;
|
|
proxy_hide_header x-amzn-requestid;
|
|
proxy_ignore_headers Set-Cookie;
|
|
proxy_pass $r2_backend$uri;
|
|
proxy_intercept_errors off;
|
|
|
|
proxy_cache r2_cache;
|
|
proxy_cache_valid 200 304 48h;
|
|
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
|
proxy_cache_lock on;
|
|
proxy_cache_revalidate on;
|
|
|
|
expires 1y;
|
|
add_header Cache-Control public;
|
|
add_header 'Access-Control-Allow-Origin' '*';
|
|
add_header X-Cache-Status $upstream_cache_status;
|
|
}
|
|
|
|
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
|
|
}
|
|
|