Last active
June 2, 2022 16:21
-
-
Save JoshuaSchlichting/8a32888266c248b58dafa8e054e90b25 to your computer and use it in GitHub Desktop.
NGINX with https and www redirects, and also with DoS protection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 30 requests per minute limit for DDoS protection | |
| limit_req_zone $binary_remote_addr zone=landing:20m rate=7000r/m; | |
| server { | |
| listen 443 ssl; | |
| server_name yoursite.com; | |
| ssl_certificate /etc/nginx/ssl/certificate.crt; | |
| ssl_certificate_key /etc/nginx/ssl/private.key; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_session_timeout 5m; | |
| ssl_session_cache shared:SSL:50m; | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; | |
| client_body_timeout 7s; | |
| client_header_timeout 7s; | |
| location / { | |
| proxy_pass http://TheHostnameOrIPToRedirectTo; | |
| limit_req zone=landing burst=70 nodelay; | |
| } | |
| } | |
| server { | |
| listen 80; | |
| server_name yoursite.com; | |
| return 301 https://$server_name$request_uri; | |
| client_body_timeout 7s; | |
| client_header_timeout 7s; | |
| error_page 500 502 503 504 /50x.html; | |
| location = /50x.html { | |
| root /usr/share/nginx/html; | |
| limit_req zone=landing burst=70 nodelay; | |
| } | |
| } | |
| server { | |
| server_name ~^(www\.)(?<domain>.+)$; | |
| return 301 $scheme://$domain$request_uri; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment