generated from cassidoo/blahg
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnginx.conf
More file actions
122 lines (101 loc) · 4.6 KB
/
nginx.conf
File metadata and controls
122 lines (101 loc) · 4.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
# Events block
events {
worker_connections 1024;
}
# HTTP block
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# log_format proxy_debug '$remote_addr - $remote_user [$time_local] '
# '"$request" '
# 'status=$status bytes=$body_bytes_sent '
# 'referer="$http_referer" '
# 'valid_referer=$valid_referer '
# 'host="$http_host" '
# 'upstream_status="$upstream_status" '
# 'upstream_response_time="$upstream_response_time" '
# 'request_uri="$request_uri" '
# 'args="$args" '
# 'location="$sent_http_location" '
# 'upstream_http_location="$upstream_http_location" '
# 'captured_path="$captured_path" '
# 'proxied_url="$proxied_url"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
server {
listen 80;
server_name _;
# Security headers
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
# Gzip compression
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# Specify DNS resolver for variables
resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s; # Timeout for DNS resolution
location ~ ^/gobble/static/(.*)$ {
# access_log /var/log/nginx/proxy_debug.log proxy_debug;
set $captured_path $1;
# Check Referer header
set $valid_referer 0;
if ($http_referer ~* "^https?://(localhost|([a-zA-Z0-9-]+)\.?vivekraman\.dev)") {
set $valid_referer 1;
}
if ($valid_referer = 0) {
return 403; # Return forbidden if the Referer header is invalid
}
set $posthog_static "https://us-assets.i.posthog.com/static/";
set $proxied_url "$posthog_static$captured_path$is_args$args";
# use variable to force proper DNS re-resolution, also must manually pass along path
proxy_pass $proxied_url;
proxy_set_header Host "us-assets.i.posthog.com";
proxy_ssl_server_name on;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Authorization $http_authorization;
}
location ~ ^/gobble/(.*)$ {
# access_log /var/log/nginx/proxy_debug.log proxy_debug;
set $captured_path $1;
# Check Referer header
set $valid_referer 0;
if ($http_referer ~* "^https?://(localhost:?[0-9]*|([a-zA-Z0-9-]+)\.?vivekraman\.dev)") {
set $valid_referer 1;
}
if ($valid_referer = 0) {
return 403; # Return forbidden if the Referer header is invalid
}
set $posthog_main "https://us.i.posthog.com/";
set $proxied_url "$posthog_main$captured_path$is_args$args";
# use variable to force proper DNS re-resolution, also must manually pass along path
proxy_pass $proxied_url;
proxy_set_header Host "us.i.posthog.com";
proxy_ssl_server_name on;
proxy_set_header Cookie $http_cookie;
# proxy_set_header Authorization $http_authorization;
}
# Error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# Serve static files
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
}