encounter/decomp.me
0
0
Fork 0
mirror of https://github.com/encounter/decomp.me.git synced 2026-03-30 11:06:27 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
codex/enable-objdiff-tab-by-default
decomp.me/nginx/production.conf
T
Mark Street 4b8d81e634 nginx logging as json (#1733) 
* nginx logging as json

* string the values that could be - when empty
2025-11-08 08:12:25 +00:00

137 lines
3.4 KiB
Plaintext
Raw Permalink Blame History

server {
listen 80;
server_name decomp.me www.decomp.me;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
log_format latency_log escape=json
'{ "cf_ip":"$http_cf_connecting_ip", "remote":"$remote_addr", '
'"time":"$time_iso8601", "request":"$request", "status":$status, '
'"bytes":$body_bytes_sent, "referer":"$http_referer", "agent":"$http_user_agent", '
'"rt":$request_time, "urt":"$upstream_response_time", '
'"uht":"$upstream_header_time", "uct":"$upstream_connect_time" }';
# {{HTTPS_SERVER_BLOCK_START}}
server {
listen 443 ssl;
http2 on;
server_name decomp.me www.decomp.me;
access_log /var/log/nginx/access.log latency_log;
root /var/www/decomp.me;
index index.html;
error_page 502 503 504 =200 /down.html;
proxy_connect_timeout 3s;
proxy_send_timeout 10s;
proxy_read_timeout 60s;
# Hardening
client_max_body_size 5M;
ignore_invalid_headers on;
# Increase buffers to avoid disk writes
client_body_buffer_size 1M;
proxy_buffers 16 256k;
proxy_buffer_size 256k;
proxy_busy_buffers_size 1M;
# SSL
ssl_certificate /etc/letsencrypt/live/decomp.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/decomp.me/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Compression
gzip on;
gzip_static on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/javascript
application/json
application/xml
text/css
text/plain
text/xml;
brotli on;
brotli_static on;
brotli_comp_level 5;
brotli_min_length 256;
brotli_types
application/javascript
application/json
application/xml
text/css
text/plain
text/xml;
location / {
try_files /dummy.html @proxy_frontend;
}
location ~ ^/api(/.*)?$ {
try_files /dummy.html @proxy_api;
}
location /admin {
try_files /dummy.html @proxy_api;
}
location /static/ {
try_files $uri @proxy_api;
}
location /media/ {
root /;
}
location @proxy_api {
proxy_intercept_errors on;
error_page 502 503 504 =200 @backend_down;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://backend:8000;
}
location @proxy_frontend {
proxy_intercept_errors on;
error_page 502 503 504 =200 /down.html;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://frontend:8080;
}
# Avoid returning HTML from the /api endpoint if backend is unavailable
location @backend_down {
add_header X-Backend-Down true always;
default_type application/json;
return 200 '{}';
}
}
# {{HTTPS_SERVER_BLOCK_END}}
Reference in New Issue View Git Blame Copy Permalink