forked from exozyme/nginx
Track global nginx config options, block Bytespider from redlib
This commit is contained in:
parent
057107d9c5
commit
84c65e5506
3 changed files with 28 additions and 0 deletions
|
@ -1,3 +1,5 @@
|
|||
log_format 1a-simple '[$time_local] "$request" $status $bytes_sent "$http_referer"';
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
|
22
nginx.conf
Normal file
22
nginx.conf
Normal file
|
@ -0,0 +1,22 @@
|
|||
# SSL
|
||||
ssl_certificate /etc/letsencrypt/live/exozy.me/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/exozy.me/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/exozy.me/chain.pem;
|
||||
|
||||
# Log to system journal
|
||||
access_log syslog:server=unix:/dev/log;
|
||||
error_log syslog:server=unix:/dev/log;
|
||||
|
||||
# Disable symlinks so users can't make nginx follow symlinks to sensitive files
|
||||
disable_symlinks if_not_owner;
|
||||
|
||||
# Force UTF-8 because why not
|
||||
charset utf-8;
|
||||
|
||||
# Yay HTTP/2!
|
||||
http2 on;
|
4
x.conf
4
x.conf
|
@ -31,6 +31,10 @@ server {
|
|||
listen [::]:443 ssl;
|
||||
server_name reddit.exozy.me;
|
||||
|
||||
if ($http_user_agent = "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)") {
|
||||
return 444;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:7633;
|
||||
proxy_set_header Host $host;
|
||||
|
|
Loading…
Reference in a new issue