mechiko
8/20/2016 - 1:26 PM

nginx example config files

nginx example config files

upstream support {
  # Адрес back-end'a
  server 127.0.0.1:8080;
}

server {
    server_name example.com;
    listen 192.168.0.1:80;
    return 301 https://$host$request_uri;
}

server {
    listen 192.168.0.1:443 ssl;
    server_name example.com;
    root /var/www/osticket;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    access_log /var/log/nginx/support.access.log main;
    error_log  /var/log/nginx/support.error.log warn;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

     ## Deny illegal Host headers
      if ($host !~* ^(example.com)$ ) {
        return 444;
      }

     ## Deny certain User-Agents (case insensitive)
     ## The ~* makes it case insensitive as opposed to just a ~
     if ($http_user_agent ~* (Baiduspider|Jullo) ) {
        return 444;
     }

     ## Deny certain Referers (case insensitive)
     ## The ~* makes it case insensitive as opposed to just a ~
     if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo) ) {
        return 444;
     }

     ## Stop Image and Document Hijacking
     # location ~* (\.jpg|\.png|\.css)$ {
     #   if ($http_referer !~ ^(https://example.com) ) {
     #     return 444;
     #   }
     # }

    ## All other errors get the generic error page
    error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497
               500 501 502 503 504 505 506 507 /error_page.html;
    location  /error_page.html {
         internal;
    }

        # Prevent clients from accessing hidden files (starting with a dot)
        # This is particularly important if you store .htpasswd files in the site hierarchy
        location ~* (?:^|/)\. {
            deny all;
        }

        # Prevent clients from accessing to backup/config/source files
        location ~* (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ {
            deny all;
        }
        location  /include {
           return 301 $scheme://example.com;
        }

    location /scp {
        allow 192.168.0.0/16;
        deny all;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        # Fix the “It appears that your reverse proxy set up is broken" error.
        proxy_pass          http://support;
        proxy_read_timeout  90;

        proxy_redirect      http://localhost:8080 https://example.com;
    }

    location / {
      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the “It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://support;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:8080 https://example.com;
    }
}
server {
    listen       80;
    server_name  example.com;
    root   /www/osticket;
    index index.php;
    access_log  /var/log/nginx/osticket.access.log  main;

    set $path_info "";

    location ~ /include {
        deny all;
        return 403;
    }

    if ($request_uri ~ "^/api(/[^\?]+)") {
        set $path_info $1;
    }

    location ~ ^/api/(?:tickets|tasks).*$ {
        try_files $uri $uri/ /api/http.php?$query_string;
    }

    if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
        set $path_info $1;
    }

    location ~ ^/scp/ajax.php/.*$ {
        try_files $uri $uri/ /scp/ajax.php?$query_string;
    }

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
        fastcgi_param  PATH_INFO        $path_info;
        fastcgi_pass   osticket:9000;
    }

}