From 5b7865ac4ebccd83116fe886828bb4c84dee5800 Mon Sep 17 00:00:00 2001 From: hrupi Date: Thu, 19 Sep 2024 10:44:00 +0300 Subject: [PATCH] update description --- .gitignore | 4 ++-- Dockerfile | 12 ----------- configuration/cache.conf | 20 +++++++++--------- sites-enabled/default.conf | 1 + sites-enabled/http_redirect.conf | 2 ++ .../{example.conf.tplm => reverse.conf.tplm} | 0 ...lm.expanded => reverse.conf.tplm.expanded} | 21 +++++++++++++------ 7 files changed, 30 insertions(+), 30 deletions(-) delete mode 100644 Dockerfile rename sites-enabled/{example.conf.tplm => reverse.conf.tplm} (100%) rename sites-enabled/{example.conf.tplm.expanded => reverse.conf.tplm.expanded} (94%) diff --git a/.gitignore b/.gitignore index 4c0cb9e..0429dae 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ logs/* ssl/* sites-enabled/* -!sites-enabled/example.conf.tplm +!sites-enabled/reverse.conf.tplm !sites-enabled/http_redirect.conf !sites-enabled/default.conf -!sites-enabled/example.conf.tplm.expanded \ No newline at end of file +!sites-enabled/reverse.conf.tplm.expanded \ No newline at end of file diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index d0a406a..0000000 --- a/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -ARG ubu_tag -FROM ubuntu:${ubu_tag} -ENV TZ="Europe/Moscow" -ARG nginx_ssl_path -ARG nginx_config_path -ARG nginx_proxy_config_path -RUN apt-get update \ - && apt-get install nginx libnginx-mod-http-geoip2 nginx-common nginx-core curl tzdata -y \ - && apt-get clean \ - && rm -fr /var/lib/apt/lists/* -COPY ./nginx.conf ${nginx_config_path}/nginx.conf -ENTRYPOINT ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/configuration/cache.conf b/configuration/cache.conf index 714b761..48aa3d6 100644 --- a/configuration/cache.conf +++ b/configuration/cache.conf @@ -1,12 +1,12 @@ -proxy_cache all; -proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=all:20m max_size=4096m; -proxy_cache_key "$host$request_uri$cookie_user"; +# proxy_cache all; +proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=all:10m max_size=4096m inactive=60m use_temp_path=off; +# proxy_cache_key "$host$request_uri$cookie_user"; proxy_cache_valid 200 301 302 10m; proxy_cache_valid 502 404 10s; -proxy_cache_lock on; -proxy_cache_lock_age 10s; -proxy_cache_lock_timeout 10s; -proxy_ignore_headers "Set-Cookie"; -proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; -proxy_cache_bypass -proxy_no_cache \ No newline at end of file +# proxy_cache_lock on; +# proxy_cache_lock_age 10s; +# proxy_cache_lock_timeout 10s; +# proxy_ignore_headers "Set-Cookie"; +# proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; +# proxy_cache_bypass +# proxy_no_cache \ No newline at end of file diff --git a/sites-enabled/default.conf b/sites-enabled/default.conf index 2455c85..f0e5281 100644 --- a/sites-enabled/default.conf +++ b/sites-enabled/default.conf @@ -1,3 +1,4 @@ +#Эта страница будет открыта, если совпадений server_name не будет найдено server { listen 443 ssl default_server; listen [::]:443 ssl default_server; diff --git a/sites-enabled/http_redirect.conf b/sites-enabled/http_redirect.conf index d34c3d7..598e989 100644 --- a/sites-enabled/http_redirect.conf +++ b/sites-enabled/http_redirect.conf @@ -1,3 +1,5 @@ +#Перманентное перенаправление с порта 80 на порт 443, https + #Для сложных маршрутов с регулярным выражением #Требует ресурсы на обработку регулярного выражения # server { diff --git a/sites-enabled/example.conf.tplm b/sites-enabled/reverse.conf.tplm similarity index 100% rename from sites-enabled/example.conf.tplm rename to sites-enabled/reverse.conf.tplm diff --git a/sites-enabled/example.conf.tplm.expanded b/sites-enabled/reverse.conf.tplm.expanded similarity index 94% rename from sites-enabled/example.conf.tplm.expanded rename to sites-enabled/reverse.conf.tplm.expanded index 0a73a28..e28b261 100644 --- a/sites-enabled/example.conf.tplm.expanded +++ b/sites-enabled/reverse.conf.tplm.expanded @@ -1,7 +1,10 @@ +#Резолвер для преобразования имён, без DNS на ipv6, TTL овтетов 60 сек. resolver 127.0.0.11 valid=60s ipv6=off; + +#таймаут для преобразования имени в адрес resolver_timeout 10s; -#Расширенное описание +#Расширенное описание конфигурации #Универсален #Пример конфигурации, оптимизированный для долгоживущих соединений (WebSocket и др.), vnc, rdp, потоковые @@ -14,6 +17,9 @@ server { #ipv6 listen [::]:443 ssl; + #Разрешает использование http2 + http2 on; + #Определяет имя сервера (доменное имя), для которого эта конфигурация будет применяться. server_name nginx1.example.com; ssl_certificate /etc/nginx/ssl/live/nginx1.example.com/fullchain.pem; @@ -134,6 +140,7 @@ server { server { listen 443 ssl; listen [::]:443 ssl; + http2 on; server_name nginx1.example.com; ssl_certificate /etc/nginx/ssl/live/nginx1.example.com/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/nginx1.example.com/privkey.pem; @@ -161,6 +168,7 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; + http2 on; server_name nginx2.example.com; ssl_certificate /etc/nginx/ssl/live/nginx2.example.com/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/nginx2.example.com/privkey.pem; @@ -179,10 +187,11 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header Referrer-Policy no-referrer-when-downgrade; - add_header Content-Security-Policy "default-src 'self';"; + + #? add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + #? add_header X-Frame-Options DENY; + #? add_header X-Content-Type-Options nosniff; + #? add_header Referrer-Policy no-referrer-when-downgrade; + #? add_header Content-Security-Policy "default-src 'self';"; } } \ No newline at end of file