diff --git a/static/nginx.conf b/static/nginx.conf
index 5ceaf68..3f05cec 100644
--- a/static/nginx.conf
+++ b/static/nginx.conf
@@ -1,13 +1,10 @@
# Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues
# Problems? => https://github.com/theraw/The-World-Is-Yours/issues
# Errors? => https://github.com/theraw/The-World-Is-Yours/issues
-
user root;
pid /var/run/nginx.pid;
-
worker_processes auto;
worker_rlimit_nofile 65535;
-
events {
multi_accept on;
use epoll;
@@ -15,6 +12,8 @@ events {
}
http {
+ # ////////////////////////////////////////////////////// #
+ # =================== START L7 ========================= #
# turn this 'on' if you want to use L7 For every domain hosted in your server
testcookie off;
testcookie_name DOPEHOSTING;
@@ -31,280 +30,29 @@ http {
# Those are some ip's whitelisted by me. mostly are search engines. But not everything!
testcookie_whitelist {
8.8.8.8/32;
- 64.18.0.0/20;
- 64.233.160.0/19;
- 66.102.0.0/20;
- 72.14.192.0/18;
- 145.239.77.50;
- 74.125.0.0/16;
- 108.177.8.0/21;
- 172.217.0.0/19;
- 173.194.0.0/16;
- 207.126.144.0/20;
- 209.85.128.0/17;
- 216.58.192.0/19;
- 216.239.32.0/19;
- 104.16.160.0/20;
- 2001:4860:4000::/36;
- 2404:6800:4000::/36;
- 2607:f8b0:4000::/36;
- 2800:3f0:4000::/36;
- 2a00:1450:4000::/36;
- 2c0f:fb50:4000::/36;
- 31.13.24.0/21;
- 31.13.64.0/18;
- 66.220.144.0/20;
- 69.63.176.0/20;
- 69.171.224.0/19;
- 74.119.76.0/22;
- 103.4.96.0/22;
- 173.252.64.0/18;
- 204.15.20.0/22;
- 2620:0:1c00::/40;
- 2620:0:1cff::/48;
- 2a03:2880:1000::/36;
- 2a03:2880:2000::/36;
- 2a03:2880:3000::/36;
- 2a03:2880::/32;
- 2a03:2880::/36;
- 2a03:2880:4000::/36;
- 2a03:2880:f001::/48;
- 2a03:2880:f002::/48;
- 2a03:2880:f003::/48;
- 2a03:2880:f004::/48;
- 2a03:2880:f005::/48;
- 2a03:2880:f006::/48;
- 2a03:2880:f007::/48;
- 2a03:2880:f008::/48;
- 2a03:2880:f009::/48;
- 2a03:2880:f00a::/48;
- 2a03:2880:f00c::/48;
- 2a03:2880:f00d::/48;
- 2a03:2880:f00e::/48;
- 2a03:2880:f00f::/48;
- 2a03:2880:f010::/48;
- 2a03:2880:f011::/48;
- 2a03:2880:f012::/48;
- 2a03:2880:f013::/48;
- 2a03:2880:f015::/48;
- 2a03:2880:f016::/48;
- 2a03:2880:f019::/48;
- 2a03:2880:f01a::/48;
- 2a03:2880:f01b::/48;
- 2a03:2880:f01c::/48;
- 2a03:2880:f01f::/48;
- 2a03:2880:f021::/48;
- 2a03:2880:f022::/48;
- 2a03:2880:f023::/48;
- 2a03:2880:f024::/48;
- 2a03:2880:f026::/48;
- 2a03:2880:f027::/48;
- 2a03:2880:f028::/48;
- 2a03:2880:f029::/48;
- 2a03:2880:f02a::/48;
- 2a03:2880:f02c::/48;
- 2a03:2880:f02d::/48;
- 2a03:2880:f02e::/48;
- 2a03:2880:f02f::/48;
- 2a03:2880:f030::/48;
- 2a03:2880:f032::/48;
- 2a03:2880:f101::/48;
- 2a03:2880:f102::/48;
- 2a03:2880:f103::/48;
- 2a03:2880:f104::/48;
- 2a03:2880:f105::/48;
- 2a03:2880:f106::/48;
- 2a03:2880:f107::/48;
- 2a03:2880:f108::/48;
- 2a03:2880:f109::/48;
- 2a03:2880:f10a::/48;
- 2a03:2880:f10c::/48;
- 2a03:2880:f10d::/48;
- 2a03:2880:f10e::/48;
- 2a03:2880:f10f::/48;
- 2a03:2880:f110::/48;
- 2a03:2880:f111::/48;
- 2a03:2880:f112::/48;
- 2a03:2880:f113::/48;
- 2a03:2880:f115::/48;
- 2a03:2880:f116::/48;
- 2a03:2880:f119::/48;
- 2a03:2880:f11a::/48;
- 2a03:2880:f11b::/48;
- 2a03:2880:f11c::/48;
- 2a03:2880:f11f::/48;
- 2a03:2880:f121::/48;
- 2a03:2880:f122::/48;
- 2a03:2880:f124::/48;
- 2a03:2880:f126::/48;
- 2a03:2880:f127::/48;
- 2a03:2880:f128::/48;
- 2a03:2880:f129::/48;
- 2a03:2880:f12a::/48;
- 2a03:2880:f12c::/48;
- 2a03:2880:f12d::/48;
- 2a03:2880:f12e::/48;
- 2a03:2880:f12f::/48;
- 2a03:2880:f130::/48;
- 2a03:2880:f132::/48;
- 2a03:2880:f201::/48;
- 2a03:2880:f202::/48;
- 2a03:2880:f203::/48;
- 2a03:2880:f204::/48;
- 2a03:2880:f205::/48;
- 2a03:2880:f206::/48;
- 2a03:2880:f207::/48;
- 2a03:2880:f208::/48;
- 2a03:2880:f209::/48;
- 2a03:2880:f20a::/48;
- 2a03:2880:f20c::/48;
- 2a03:2880:f20d::/48;
- 2a03:2880:f20e::/48;
- 2a03:2880:f20f::/48;
- 2a03:2880:f210::/48;
- 2a03:2880:f211::/48;
- 2a03:2880:f212::/48;
- 2a03:2880:f213::/48;
- 2a03:2880:f215::/48;
- 2a03:2880:f216::/48;
- 2a03:2880:f219::/48;
- 2a03:2880:f21a::/48;
- 2a03:2880:f21b::/48;
- 2a03:2880:f21c::/48;
- 2a03:2880:f21f::/48;
- 2a03:2880:f221::/48;
- 2a03:2880:f222::/48;
- 2a03:2880:f224::/48;
- 2a03:2880:f226::/48;
- 2a03:2880:f227::/48;
- 2a03:2880:f228::/48;
- 2a03:2880:f229::/48;
- 2a03:2880:f22a::/48;
- 2a03:2880:f22c::/48;
- 2a03:2880:f22d::/48;
- 2a03:2880:f22e::/48;
- 2a03:2880:f22f::/48;
- 2a03:2880:f230::/48;
- 2a03:2880:f232::/48;
- 2a03:2880:fffe::/48;
- 2a03:2880:ffff::/48;
- 2620:10f:d000::/44;
- 2a02:6b8:1::/48;
- 2a02:6b8:2::/48;
- 2a02:6b8::/32;
- 2a02:6b8:3::/48;
- 2a02:6b8:4::/48;
- 2a02:6b8:5::/48;
- 2a02:6b8:6::/48;
- 2a02:6b8:7::/48;
- 2a02:6b8:8::/48;
- 2a02:6b8:9::/48;
- 2a02:6b8:a::/48;
- 2a02:6b8:b::/48;
- 2a02:6b8:c::/48;
- 2a02:6b8:d::/48;
- 2a02:6b8:e::/48;
- 2a02:6b8:f::/48;
- 2001:4860::/32;
- 2401:fa00::/32;
- 2404:6800::/32;
- 2404:6800:4001::/48;
- 2404:6800:4002::/48;
- 2404:6800:4003::/48;
- 2404:6800:4004::/48;
- 2404:6800:4005::/48;
- 2404:6800:4006::/48;
- 2404:6800:4007::/48;
- 2404:6800:4008::/48;
- 2404:6800:4009::/48;
- 2404:6800:400a::/48;
- 2600:1900::/28;
- 2605:ef80:200::/42;
- 2605:ef80::/32;
- 2605:ef80:400::/42;
- 2605:ef80:80::/42;
- 2605:ef80:900::/40;
- 2605:ef80:c0::/42;
- 2607:f8b0::/32;
- 2607:f8b0:4000::/48;
- 2607:f8b0:4001::/48;
- 2607:f8b0:4002::/48;
- 2607:f8b0:4003::/48;
- 2607:f8b0:4004::/48;
- 2607:f8b0:4005::/48;
- 2607:f8b0:4006::/48;
- 2607:f8b0:4007::/48;
- 2607:f8b0:4008::/48;
- 2607:f8b0:4009::/48;
- 2607:f8b0:400a::/48;
- 2607:f8b0:400b::/48;
- 2607:f8b0:400c::/48;
- 2607:f8b0:400d::/48;
- 2607:f8b0:400e::/48;
- 2607:f8b0:400f::/48;
- 2607:f8b0:4010::/48;
- 2607:f8b0:4011::/48;
- 2607:f8b0:4012::/48;
- 2607:f8b0:4013::/48;
- 2607:f8b0:4014::/48;
- 2607:f8b0:4015::/48;
- 2607:f8b0:4016::/48;
- 2620:0:1000::/40;
- 2620:120:e000::/40;
- 2620:15c::/36;
- 2800:3f0::/32;
- 2800:3f0:4001::/48;
- 2800:3f0:4002::/48;
- 2800:3f0:4003::/48;
- 2800:3f0:4004::/48;
- 2800:3f0:4005::/48;
- 2a00:1450::/32;
- 2a00:1450:4001::/48;
- 2a00:1450:4002::/48;
- 2a00:1450:4003::/48;
- 2a00:1450:4004::/48;
- 2a00:1450:4005::/48;
- 2a00:1450:4006::/48;
- 2a00:1450:4007::/48;
- 2a00:1450:4008::/48;
- 2a00:1450:4009::/48;
- 2a00:1450:400a::/48;
- 2a00:1450:400b::/48;
- 2a00:1450:400c::/48;
- 2a00:1450:400d::/48;
- 2a00:1450:400e::/48;
- 2a00:1450:400f::/48;
- 2a00:1450:4010::/48;
- 2a00:1450:4011::/48;
- 2a00:1450:4012::/48;
- 2a00:1450:4013::/48;
- 2a00:1450:4014::/48;
- 2a00:1450:4015::/48;
- 2a00:1450:4016::/48;
- 2a00:1450:4017::/48;
- 2a00:1450:4018::/48;
- 2a00:1450:4019::/48;
- 2a00:1450:401a::/48;
- 2a00:1450:401b::/48;
- 2a00:1450:401c::/48;
- 2a00:79e0::/32;
- 2a03:ace0:100::/40;
- 2a03:ace0::/32;
- 2c0f:fb50::/32;
- 2c0f:fb50:4002::/48;
- 2c0f:fb50:4003::/48;
+ 127.0.0.1/32;
+ # I don't suggest using alot of IPs here as this whitelist can fail!.
}
testcookie_redirect_via_refresh on;
testcookie_refresh_encrypt_cookie on;
testcookie_refresh_encrypt_cookie_key random;
testcookie_refresh_encrypt_cookie_iv random;
testcookie_refresh_template 'Just a moment please... ';
+ # ===================== END L7 ========================= #
+ # ////////////////////////////////////////////////////// #
- log_format main '$remote_addr - $remote_user [$time_local] '
- '"$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent"'
- 'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"';
+ # ////////////////////////////////////////////////////// #
+ # ===================== LOGS =========================== #
+ log_format main '$remote_addr |==| $status |==| $request |==| $time_local';
+ # -------------------------------------------------------#
+ log_format agent '$remote_addr |==| $status |==| $request |==| $http_user_agent';
+ # -------------------------------------------------------#
+ log_format full '$remote_addr |==| $remote_user |==| $time_local |==| $request |==| $status |==| $body_bytes_sent |==| $http_referer |==| $http_user_agent |==| $http_x_forwarded_for';
+ # =================== END LOGS ========================= #
+ # ////////////////////////////////////////////////////// #
+ # ////////////////////////////////////////////////////// #
+ # ===================== GEIP =========================== #
geoip2 /nginx/db/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=US country iso_code;
$geoip2_data_country_name country names en;
@@ -315,11 +63,19 @@ http {
# default yes;
# CN no;
#}
+ # =================== END GEIP ========================= #
+ # ////////////////////////////////////////////////////// #
+ # ////////////////////////////////////////////////////// #
+ # ===================== EXTRA ========================== #
# Don't Go with "Nginx Can Handle Everything" !
limit_conn_zone $server_name zone=max:1m;
limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;
+ # =================== END EXTRA ======================== #
+ # ////////////////////////////////////////////////////// #
+ # ////////////////////////////////////////////////////// #
+ # ==================== BACKENDS ======================== #
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
@@ -330,13 +86,17 @@ http {
# zone tcp_servers 64k;
# server 10.10.10.39:80;
#}
-
+ # =================== END BACKENDS ===================== #
+ # ////////////////////////////////////////////////////// #
+
+ # ////////////////////////////////////////////////////// #
+ # ==================== GENERAL ========================= #
client_body_buffer_size 1M;
client_header_buffer_size 1M;
client_body_timeout 90s;
client_header_timeout 90s;
- client_max_body_size 2m;
- keepalive_timeout 15s;
+ client_max_body_size 2M;
+ keepalive_timeout 10s;
port_in_redirect off;
sendfile on;
server_names_hash_bucket_size 6969;
@@ -346,48 +106,16 @@ http {
tcp_nopush on;
types_hash_max_size 2048;
resolver 8.8.8.8 8.8.4.4;
+ default_type application/octet-stream;
+ include /nginx/mime.types;
+ # =================== END GENERAL ====================== #
+ # ////////////////////////////////////////////////////// #
- ## Real IP Forwarding ##
- # set_real_ip_from 127.0.0.1;
-
- # CloudFlare IPs
- # List from: https://www.cloudflare.com/ips-v4
- #set_real_ip_from 103.21.244.0/22;
- #set_real_ip_from 103.22.200.0/22;
- #set_real_ip_from 103.31.4.0/22;
- #set_real_ip_from 104.16.0.0/12;
- #set_real_ip_from 108.162.192.0/18;
- #set_real_ip_from 131.0.72.0/22;
- #set_real_ip_from 141.101.64.0/18;
- #set_real_ip_from 162.158.0.0/15;
- #set_real_ip_from 172.64.0.0/13;
- #set_real_ip_from 173.245.48.0/20;
- #set_real_ip_from 188.114.96.0/20;
- #set_real_ip_from 190.93.240.0/20;
- #set_real_ip_from 197.234.240.0/22;
- #set_real_ip_from 198.41.128.0/17;
- #set_real_ip_from 199.27.128.0/21;
- # IPV6 Isn't Accepted Sorry!
-
- # Replace with correct visitor IP
- real_ip_header X-Forwarded-For;
- real_ip_recursive on;
-
- ## MIME ##
- include /nginx/mime.types;
- default_type application/octet-stream;
-
- ## Logging Settings ##
- # access_log /nginx/logs/access.log;
- # error_log /nginx/logs/error.log;
-
- # Proxy Settings
- # proxy_cache_path /tmp/dope_dynamic levels=1:2 keys_zone=dope_dynamic:20m inactive=10m max_size=2500m;
- # proxy_cache_path /tmp/dope_static levels=1:2 keys_zone=dope_static:20m inactive=10m max_size=2500m;
- # proxy_temp_path /tmp/dope_temp;
-
- ## Virtual Host Configs ##
+ # ////////////////////////////////////////////////////// #
+ # =================== LOAD CONFIGS ===================== #
include /nginx/live/*;
include /nginx/conf.d/*;
include /nginx/naxsi_core.rules;
+ # =================== END CONFIGS ====================== #
+ # ////////////////////////////////////////////////////// #
}