Created
March 15, 2017 09:39
-
-
Save MrYoda/06c9d01c4223244a5091a11e7290ac1f to your computer and use it in GitHub Desktop.
Nginx CouchDB proxy without authentication for safe HTTP methods only, with named location and images 404 fallback
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# HTTP server: Enforce HTTPS by HTTP 301 | |
server { | |
listen 80; | |
listen [::]:80 ipv6only=on; | |
server_name couch-gateway.site.ru; | |
return 301 https://$server_name$request_uri; | |
} | |
# SSL server | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ipv6only=on ssl http2; | |
server_name couch-gateway.site.ru; | |
ssl_certificate /etc/letsencrypt/live/couch-gateway.site.ru/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/couch-gateway.site.ru/privkey.pem; | |
include snippets/ssl-params.conf; | |
include snippets/ssl-hsts.conf; | |
access_log /var/log/nginx/couch-gateway.site.ru.access.log; | |
error_log /var/log/nginx/couch-gateway.site.ru.error.log; | |
root /var/www/html; | |
add_header Allow "GET, OPTIONS, HEAD" always; | |
location = /favicon.ico { | |
access_log off; | |
log_not_found off; | |
} | |
# All requests except sized images | |
location / { | |
try_files $uri @couch_proxy; | |
} | |
# Sized images requests | |
location ~* ([0-9]+)x([0-9]+)([_0-9a-zA-Z]*)\.(jpg|jpeg|gif|png)$ { | |
set $X $1; | |
set $Y $2; | |
set $LABEL $3; | |
set $EXT $4; | |
try_files $uri @couch_proxy; | |
} | |
# Couch proxy for all requests | |
location @couch_proxy{ | |
if ( $request_method !~ ^(GET|OPTIONS|HEAD)$ ) { | |
return 405; | |
} | |
proxy_pass http://localhost:5984; | |
proxy_set_header Authorization "Basic BASE64OFADMINPASSWORD=="; # base64 of "admin:adminpassword" | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_redirect off; | |
proxy_intercept_errors on; | |
error_page 404 /images/unavailable/${X}x${Y}.jpg; | |
} | |
# LetsEncrypt acme challenge | |
location ~ /.well-known { | |
root /var/www/html; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@couch_proxy
/images/unavailable/${X}x${Y}.jpg;
TODO: nginx cache of successful image responses