From 298d39f8dbf1055caa192e79102001e89e9b2997 Mon Sep 17 00:00:00 2001 From: noah Date: Mon, 9 Jan 2023 00:04:52 -0600 Subject: [PATCH 1/2] Default site --- default/_.conf | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 default/_.conf diff --git a/default/_.conf b/default/_.conf new file mode 100644 index 0000000..2a1b571 --- /dev/null +++ b/default/_.conf @@ -0,0 +1,22 @@ +server { + listen 443 ssl default_server; + listen [::]:443; + server_name _; + return 301 https://www.theschricks.com$request_uri; + root /var/www/theschricks.com; + index index.html; + + ssl_certificate /etc/letsencrypt/live/theschricks.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/theschricks.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +#HTTP +server { + listen 80 default_server deferred; + listen [::]:80; + server_name _; + return 301 https://www.theschricks.com$request_uri; +} + From 0fd9612adf1fec1826eb8145083959b4e5711dc6 Mon Sep 17 00:00:00 2001 From: noah Date: Thu, 6 Jul 2023 09:50:41 -0500 Subject: [PATCH 2/2] Nginx json log formatting. Commented geoip blocks --- nginx.conf | 81 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 64 insertions(+), 17 deletions(-) diff --git a/nginx.conf b/nginx.conf index bf9d360..67aee26 100644 --- a/nginx.conf +++ b/nginx.conf @@ -2,6 +2,8 @@ user www-data; worker_processes auto; pid /run/nginx.pid; +#include /etc/nginx/modules-enabled/*.conf; + events { worker_connections 768; # multi_accept on; @@ -17,8 +19,9 @@ http { fastcgi_read_timeout 600; client_header_timeout 600; client_body_timeout 600; - client_max_body_size 512M; - + #client_max_body_size 512M; + client_max_body_size 10000M; + ## # Basic Settings ## @@ -49,11 +52,64 @@ http { # Logging Settings ## - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - #add_header Set-Cookie "Path=/; HttpOnly; Secure"; + #geoip2 /etc/GeoLite2-Country.mmdb { + # auto_reload 5m; + # $geoip2_metadata_country_build metadata build_epoch; + # $geoip2_data_country_code default=US source=$http_x_forwarded_for country iso_code; + # $geoip2_data_country_name source=$http_x_forwarded_for country names en; + #} + #geoip2 /etc/GeoLite2-City.mmdb { + # $geoip2_data_city_name source=$http_x_forwarded_for city names en; + # $geoip2_data_time_zone source=$http_x_forwarded_for location time_zone; + #} + + log_format json_analytics escape=json '{' + '"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution + '"connection": "$connection", ' # connection serial number + '"connection_requests": "$connection_requests", ' # number of requests made in connection + '"pid": "$pid", ' # process pid + '"request_id": "$request_id", ' # the unique request id + '"request_length": "$request_length", ' # request length (including headers and body) + '"remote_addr": "$remote_addr", ' # client IP + '"remote_user": "$remote_user", ' # client HTTP username + '"remote_port": "$remote_port", ' # client port + '"time_local": "$time_local", ' + '"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format + '"request": "$request", ' # full path no arguments if the request + '"request_uri": "$request_uri", ' # full path and arguments if the request + '"args": "$args", ' # args + '"status": "$status", ' # response status code + '"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client + '"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client + '"http_referer": "$http_referer", ' # HTTP referer + '"http_user_agent": "$http_user_agent", ' # user agent + '"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for + '"http_host": "$http_host", ' # the request Host: header + '"server_name": "$server_name", ' # the name of the vhost serving the request + '"request_time": "$request_time", ' # request processing time in seconds with msec resolution + '"upstream": "$upstream_addr", ' # upstream backend server for proxied requests + '"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS + '"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers + '"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body + '"upstream_response_length": "$upstream_response_length", ' # upstream response length + '"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable + '"ssl_protocol": "$ssl_protocol", ' # TLS protocol + '"ssl_cipher": "$ssl_cipher", ' # TLS cipher + '"scheme": "$scheme", ' # http or https + '"request_method": "$request_method", ' # request method + '"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0 + '"pipe": "$pipe", ' # "p" if request was pipelined, "." otherwise + '"gzip_ratio": "$gzip_ratio", ' + '"http_cf_ray": "$http_cf_ray"' + #'"geoip_country_code": "$geoip_country_code"' + '}'; + + + #access_log /var/log/nginx/access.log; + access_log /var/log/nginx/json_access.log json_analytics; + error_log /var/log/nginx/error.log; + ## # Buffer Policy ## @@ -78,17 +134,8 @@ http { # Virtual Host Configs ## - upstream pi3 { - server 192.168.1.13; - } - - upstream pi2 { - server 192.168.1.12:8107; - - } - - upstream pi1 { - server 192.168.1.11:3000; + upstream gitea { + server 192.168.50.5:3000; } map $http_upgrade $connection_upgrade {