From 6acc8e0969ab18603fc854be33ebbbac5bc00090 Mon Sep 17 00:00:00 2001 From: Alexander Bentkamp Date: Wed, 16 Nov 2022 11:52:18 +0100 Subject: [PATCH] more notes --- NOTES.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/NOTES.md b/NOTES.md index 6cf2cc6..f0b36b9 100644 --- a/NOTES.md +++ b/NOTES.md @@ -117,6 +117,19 @@ sudo vim reverse-proxy.conf ``` ``` +# Anonymize IP addresses +map $remote_addr $remote_addr_anon { + ~(?P\d+\.\d+\.\d+)\. $ip.0; + ~(?P[^:]+:[^:]+): $ip::; + 127.0.0.1 $remote_addr; + ::1 $remote_addr; + default 0.0.0.0; +} + +log_format main '$remote_addr_anon - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + server { server_name lean.math.uni-duesseldorf.de; location / { @@ -134,6 +147,9 @@ server { listen 443 ssl; ssl_certificate /home/adam/adam_math_uni-duesseldorf_de_cert.cer; ssl_certificate_key /home/adam/private_ssl_key.pem; + + access_log /var/log/nginx/access.log main; + error_log /dev/null crit; } server { @@ -143,8 +159,26 @@ server { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } client_max_body_size 0; + + listen 443 ssl; + ssl_certificate /home/adam/adam_math_uni-duesseldorf_de_cert.cer; + ssl_certificate_key /home/adam/private_ssl_key.pem; + + access_log /var/log/nginx/access.log main; + error_log /dev/null crit; +} + +# Redirect HTTP to HTTPS +server { + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; } ```