# Sistema Cadaris - Host proxy with SSL # # sudo nano /etc/nginx/conf.d/virtual.conf # sudo service nginx restart # ## Request Limit #limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; ## Sistema Cadaris Proxy with SSL server { server_name sistema.cadarisdigital.com.br; error_log /var/log/nginx/error_sistema.log; access_log /var/log/nginx/access_sistema.log; # CERTBOT MOCK BEGIN # location / { # index index.html index.htm; # root /var/www/html; # } # CERTBOT END ### Block wget user agent ### if ($http_user_agent ~* (wget|curl) ) { return 403; } # ProxyPass location / { ## Request Limit # limit_req zone=mylimit burst=20 nodelay; proxy_pass http://0.0.0.0:801; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/sistema.cadarisdigital.com.br/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/sistema.cadarisdigital.com.br/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } # Force HTTPS server { ### Block wget user agent ### if ($http_user_agent ~* (wget|curl) ) { return 403; } if ($host = sistema.cadarisdigital.com.br) { # return 301 https://$host$request_uri; ## Disable redirect to container/443 return 301 https://$host; } # managed by Certbot listen 80; server_name sistema.cadarisdigital.com.br; error_log /var/log/nginx/error_sistema_redirect.log; access_log /var/log/nginx/access_sistema_redirect.log; return 404; # managed by Certbot } ## Redirect 'cadarisdigital.com.br' to 'www.cadaris.com.br' server { listen 80; server_name cadarisdigital.com.br; error_log /var/log/nginx/error_cadaris_redirect.log; access_log /var/log/nginx/access_cadaris_redirect.log; return 301 http://www.cadaris.com.br; } server { listen 443; server_name cadarisdigital.com.br; error_log /var/log/nginx/error_cadaris_redirect_ssl.log; access_log /var/log/nginx/access_cadaris_redirect_ssl.log; return 301 https://www.cadaris.com.br; }