ralsina/personal-servers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
7b5ce1a5e8889c41f5b373b2178f80eee9a91f69
personal-servers/reverse_proxy/nginx.conf
Roberto Alsina 7b5ce1a5e8 Add GoAccess metrics dashboard with WebSocket support 
- Add GoAccess package to Docker container
- Create GoAccess startup script with real-time HTML generation
- Add metrics.ralsina.me server block with authentication
- Configure WebSocket proxy for live metrics updates
- Add password protection with .htpasswd
- Fix WebSocket URL to use proper HTTPS endpoint
- Update all server blocks to listen on 0.0.0.0:8080 for Fly.io compatibility

Co-Authored-By: z.ai LGM 4.5 <noreply@z.ai>
2025-10-03 10:53:26 -03:00

347 lines
10 KiB
Nginx Configuration File
Raw Blame History

# Map for CORS
map $upstream_http_access_control_allow_origin $allow_origin {
'' "*";
}
# Rate limiting zones for bot protection
limit_req_zone $binary_remote_addr zone=global:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=post_requests:10m rate=3r/s;
limit_req_zone $binary_remote_addr zone=api_services:10m rate=5r/s;
limit_req_zone $binary_remote_addr zone=unknown_ua:10m rate=2r/s;
# Map for unknown user agents (empty or generic ones)
map $http_user_agent $is_unknown_ua {
default 0;
~*^$ 1;
~*^curl 1;
~*^wget 1;
~*^python-requests 1;
~*^java 1;
~*^Go-http-client 1;
~*^okhttp 1;
~*^PostmanRuntime 1;
~*^insomnia 1;
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name faaso-prod.ralsina.me;
add_header 'Access-Control-Allow-Origin' $allow_origin;
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Allow' 'POST, GET, OPTIONS';
if ($request_method = 'OPTIONS' ) {
return 200;
}
location / {
limit_req zone=global burst=20 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://rocky.tail20c16.ts.net:8888;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name tocry-demo.ralsina.me;
add_header 'Access-Control-Allow-Origin' $allow_origin;
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Allow' 'POST, GET, OPTIONS';
if ($request_method = 'OPTIONS' ) {
return 200;
}
location / {
limit_req zone=global burst=20 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://rocky.tail20c16.ts.net:8182;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name grafito-demo.ralsina.me;
add_header 'Access-Control-Allow-Origin' $allow_origin;
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Allow' 'POST, GET, OPTIONS';
if ($request_method = 'OPTIONS' ) {
return 200;
}
location / {
limit_req zone=global burst=20 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://rocky.tail20c16.ts.net:1112;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name code.ralsina.me;
location / {
limit_req zone=global burst=20 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://mindy.tail20c16.ts.net:8088;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Accept-Encoding gzip;
}
error_page 500 502 503 504 /custom_50x.html;
error_page 429 /429.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
location = /429.html {
return 429 '<html><body><h1>Too Many Requests</h1><p>Rate limit exceeded. Please try again later.</p></body></html>';
add_header Content-Type text/html;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name home.ralsina.me;
server_name ralsina.me;
server_name faaso.ralsina.me;
server_name nicolino.ralsina.me;
server_name crycco.ralsina.me;
server_name nombres.ralsina.me;
server_name grafito.ralsina.me;
server_name tocry.ralsina.me;
server_name kv.ralsina.me;
if ($http_user_agent ~* "(AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT-User|ClaudeBot|Claude-Web|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|FriendlyCrawler|Google-Extended|GoogleOther|GPTBot|img2dataset|ImagesiftBot|magpie-crawler|Meltwater|omgili|omgilibot|peer39_crawler|peer39_crawler/1.0|PerplexityBot|PiplBot|scoop.it|Seekr|YouBot)") {
return 307 https://ash-speed.hetzner.com/10GB.bin;
}
location / {
# Apply stricter limits for unknown user agents
limit_req zone=unknown_ua burst=3 nodelay;
limit_req zone=global burst=20 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://rocky.tail20c16.ts.net:8080;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $host;
}
error_page 500 502 503 504 /custom_50x.html;
error_page 429 /429.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
location = /429.html {
return 429 '<html><body><h1>Too Many Requests</h1><p>Rate limit exceeded. Please try again later.</p></body></html>';
add_header Content-Type text/html;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name links.ralsina.me;
location / {
limit_req zone=global burst=20 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://rocky.tail20c16.ts.net:8086;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $host;
}
error_page 500 502 503 504 /custom_50x.html;
error_page 429 /429.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
location = /429.html {
return 429 '<html><body><h1>Too Many Requests</h1><p>Rate limit exceeded. Please try again later.</p></body></html>';
add_header Content-Type text/html;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name git.ralsina.me;
location / {
limit_req zone=global burst=20 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://rocky.tail20c16.ts.net:3000;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $host;
}
error_page 403 404 500 502 503 504 /custom_50x.html;
error_page 429 /429.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
location = /429.html {
return 429 '<html><body><h1>Too Many Requests</h1><p>Rate limit exceeded. Please try again later.</p></body></html>';
add_header Content-Type text/html;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name gotify.ralsina.me;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Allow' 'POST, GET, OPTIONS';
if ($request_method = 'OPTIONS' ) {
return 200;
}
location / {
limit_req zone=api_services burst=10 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://rocky.tail20c16.ts.net:7777;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Host $host;
}
location /stream {
# No rate limiting for WebSocket connections
proxy_pass http://rocky.tail20c16.ts.net:7777;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
error_page 403 404 500 502 503 504 /custom_50x.html;
error_page 429 /429.html;
location = /custom_50x.html {
root /usr/share/nginx/html;
internal;
}
location = /429.html {
return 429 '<html><body><h1>Too Many Requests</h1><p>Rate limit exceeded. Please try again later.</p></body></html>';
add_header Content-Type text/html;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name faas.ralsina.me;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Allow' 'POST, GET, OPTIONS';
if ($request_method = 'OPTIONS' ) {
return 200;
}
location / {
limit_req zone=api_services burst=10 nodelay;
limit_req zone=post_requests burst=5 nodelay;
proxy_pass http://rocky.tail20c16.ts.net:8082;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name snips.ralsina.me;
location / {
# No rate limiting for WebSocket connections
proxy_pass http://rocky.tail20c16.ts.net:8091 ;
proxy_set_header X-Forwarded-Host $http_host;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name metrics.ralsina.me;
auth_basic "Metrics Dashboard - Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
# Serve static HTML directly
location / {
root /usr/share/nginx/html/goaccess;
try_files /index.html @goaccess;
}
location @goaccess {
proxy_pass http://127.0.0.1:7890;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# WebSocket endpoint for GoAccess
location /ws {
proxy_pass http://127.0.0.1:7890;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
}
}
server {
listen 0.0.0.0:8080;
listen [::]:8080;
server_name covers.ralsina.me;
return 301 https://ralsina.me/stories/covers/;
}
Reference in New Issue View Git Blame Copy Permalink