-
Notifications
You must be signed in to change notification settings - Fork 206
/
imagesweserv.conf
165 lines (131 loc) · 4.59 KB
/
imagesweserv.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# Please adjust cache size (max_size=250m) to a value that you can accommodate in RAM! Advised values: 2 GB RAM: 500m, 4 GB RAM: 1g, 8 GB RAM: 2g, etc..
proxy_cache_path /dev/shm/proxy_cache inactive=8h levels=1:2 keys_zone=images:512m max_size=250m loader_files=5000 use_temp_path=off;
proxy_cache_min_uses 2;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
proxy_buffers 256 8k;
proxy_buffering on;
# Denies access to loopback IP addresses
weserv_deny_ip 127.0.0.0/8;
weserv_deny_ip ::1/128;
# Denies access to link-local and multicast IP addresses
weserv_deny_ip 169.254.0.0/16;
weserv_deny_ip 224.0.0.0/4;
weserv_deny_ip fe80::/64;
weserv_deny_ip ff00::/8;
# Denies access to private IP addresses
weserv_deny_ip 10.0.0.0/8;
weserv_deny_ip 172.16.0.0/12;
weserv_deny_ip 192.168.0.0/16;
weserv_deny_ip fc00::/7;
upstream images {
server 127.0.0.1:80;
# a pool with at most 200 connections
keepalive 200;
}
#upstream redis {
# server 127.0.0.1:6379;
#
# # Or: server unix:/var/run/redis/redis.sock;
#
# # a pool with at most 1024 connections
# keepalive 1024;
#}
#geo $limit {
# default 1;
# 10.0.0.0/8 0;
# 192.168.0.0/24 0;
#}
#map $limit $limit_key {
# 0 '';
# 1 $remote_addr;
#}
server {
listen 80;
server_name images.weserv.local;
access_log off;
error_log /var/log/nginx/weserv-local-error.log;
root /var/www/imagesweserv/public;
absolute_redirect off;
error_page 404 /404.html;
allow 127.0.0.1;
allow ::1;
deny all;
location / {
resolver 8.8.8.8; # Use Google's open DNS server
weserv proxy;
add_header X-Upstream-Response-Length $weserv_response_length;
}
location /static {
weserv filter;
alias /var/www/imagesweserv/public;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name _;
access_log /var/log/nginx/weserv-access.log main buffer=4096 flush=5m;
access_log /var/log/nginx/weserv-stats.log stats buffer=4096 flush=5m;
error_log /var/log/nginx/weserv-error.log;
root /var/www/imagesweserv/public;
add_header Last-Modified '' always; # Always remove the Last-Modified header
add_header Cross-Origin-Resource-Policy 'cross-origin' always; # CORP
add_header Access-Control-Allow-Origin '*' always; # CORS
add_header Timing-Allow-Origin '*' always;
add_header X-Images-Api '5' always;
add_header X-Cache-Status $upstream_cache_status;
location / {
expires 1y; # Far-future expiration for static files
try_files $uri $uri.html$is_args @proxy;
}
location = /clear-cache/ {
return 301 /clear-cache;
}
location = /clear-cache {
default_type application/json;
add_header Cache-Control 'no-store, must-revalidate';
add_header Clear-Site-Data '"cache", "storage"';
return 200 '{"status":"success", "code":200, "message":"Browser cache successfully cleared!"}';
}
# location = /quota/ {
# return 301 /quota;
# }
# location = /quota {
# rate_limit $limit_key requests=2500 period=10m burst=2499;
# rate_limit_quantity 0;
# rate_limit_pass redis;
# rate_limit_headers on;
#
# error_page 404 =200 @quota;
# }
# location @quota {
# default_type application/json;
# add_header Cache-Control 'no-store, must-revalidate';
# if ($limit = 0) {
# return 200 '{"status":"success", "code":200, "message":"Your IP address ($remote_addr) bypasses the rate limiter, have fun!"}';
# }
# return 200 '{"X-RateLimit-Limit":$sent_http_x_ratelimit_limit, "X-RateLimit-Remaining":$sent_http_x_ratelimit_remaining, "X-RateLimit-Reset":$sent_http_x_ratelimit_reset}';
# }
location @proxy {
proxy_cache images;
proxy_cache_key '$request_method|wsrv.nl|$request_uri';
proxy_cache_methods GET HEAD;
proxy_cache_bypass $http_pragma $http_authorization;
proxy_cache_valid 200 301 410 7d;
proxy_cache_valid 429 500 0;
proxy_cache_valid any 15m;
proxy_cache_use_stale error timeout updating;
proxy_pass http://images;
proxy_set_header Host images.weserv.local;
proxy_set_header X-Original-Host $http_host;
proxy_set_header X-Original-Scheme $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
# Enable the upstream persistent connection
proxy_http_version 1.1;
proxy_set_header Connection '';
# 2500 allowed requests in 10 minutes
# rate_limit $limit_key requests=2500 period=10m burst=2499;
# rate_limit_pass redis;
}
}