Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- limit_req_zone $binary_remote_addr zone=flood:10m rate=7r/s;
- limit_req zone=flood burst=10 nodelay;
- limit_conn_zone $binary_remote_addr zone=ddos:10m;
- limit_conn ddos 5;
- charset UTF-8;
- # Hanayo frontend
- server {
- listen 80;
- listen [::]:80;
- server_name DOMAIN;
- server_name osu.DOMAIN;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name DOMAIN;
- server_name osu.DOMAIN;
- #Certificate pathes
- ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
- ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
- ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
- #Headers
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1.2;
- ssl_prefer_server_ciphers on;
- #hanayo
- location / {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_redirect off;
- proxy_pass http://127.0.0.1:6969;
- }
- #rippleapi
- location /api {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_redirect off;
- proxy_pass http://127.0.0.1:40001;
- }
- #lets
- location ~ ^/(web|ss|d)/ {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
- proxy_redirect off;
- proxy_pass http://127.0.0.1:5002;
- }
- #star rating
- location /difficulty-rating {
- return 307 https://osu.ppy.sh/difficulty-rating;
- }
- }
- # Avatar server
- server {
- listen 80;
- listen [::]:80;
- server_name a.DOMAIN;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name a.DOMAIN;
- #Certificate pathes
- ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
- ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
- ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
- #Headers
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-Robots-Tag none;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1.2;
- ssl_prefer_server_ciphers on;
- location / {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
- proxy_redirect off;
- proxy_pass http://127.0.0.1:5000; # default port is 5000
- }
- }
- #Bancho server
- server {
- listen 80;
- listen [::]:80;
- server_name c.DOMAIN;
- server_name c4.DOMAIN;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name c.DOMAIN;
- server_name c4.DOMAIN;
- #Certificate pathes
- ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
- ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
- ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
- #Headers
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-Robots-Tag none;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1.2;
- ssl_prefer_server_ciphers on;
- location / {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
- proxy_redirect off;
- proxy_pass http://127.0.0.1:5001; # default port is 5001
- }
- }
- # Old frontend
- server {
- listen 80;
- listen [::]:80;
- server_name old.DOMAIN;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name old.DOMAIN;
- root /var/www/osu.ppy.sh;
- index index.php index.html;
- #Certificate pathes
- ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
- ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
- ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1.2;
- ssl_prefer_server_ciphers on;
- #Headers
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-Robots-Tag none;
- location ~ \.php$ {
- try_files $uri =404;
- fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- include /etc/nginx/fastcgi_params;
- }
- #lets
- location ~ ^/(web|ss|s|b|letsapi)/ {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_set_header Host $http_host;
- proxy_redirect off;
- proxy_pass http://127.0.0.1:5002;
- }
- location / {
- #autoindex on;
- index index.php;
- rewrite ^/(u|d)/[0-9]+$ /rewrite.php;
- }
- }
- # S?
- server {
- listen 80;
- listen [::]:80;
- server_name s.DOMAIN;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name s.DOMAIN;
- #Certificate pathes
- ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
- ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
- ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
- #Headers
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-Robots-Tag none;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1.2;
- ssl_prefer_server_ciphers on;
- location / {
- return 307 https://s.ppy.sh$request_uri;
- }
- }
- # Assets?
- server {
- listen 80;
- listen [::]:80;
- server_name assets.DOMAIN;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name assets.DOMAIN;
- #Certificate pathes
- ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
- ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
- ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
- #Headers
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-Robots-Tag none;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1.2;
- ssl_prefer_server_ciphers on;
- location / {
- return 307 https://assets.ppy.sh$request_uri;
- }
- }
- # b?
- server {
- listen 80;
- listen [::]:80;
- server_name b.DOMAIN;
- return 301 https://$server_name$request_uri;
- }
- server {
- listen 443 ssl;
- listen [::]:443 ssl;
- server_name b.DOMAIN;
- #Certificate pathes
- ssl_certificate /root/.acme.sh/DOMAIN/fullchain.cer;
- ssl_certificate_key /root/.acme.sh/DOMAIN/DOMAIN.key;
- ssl_trusted_certificate /root/.acme.sh/DOMAIN/ca.cer;
- #Headers
- add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
- add_header X-Content-Type-Options nosniff;
- add_header X-Frame-Options "SAMEORIGIN";
- add_header X-Robots-Tag none;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1.2;
- ssl_prefer_server_ciphers on;
- location / {
- return 307 https://b.ppy.sh$request_uri;
- }
- }
Add Comment
Please, Sign In to add comment