# # server config with nginx in front of varnish for srndv2 as backend daemon # server { listen 80; listen [::]:80; # srndv2 backend address set $srnd "127.0.0.1:18000"; # varnish backend address set $varnish "127.0.0.1:8000"; # nntpchan repo path set $nntpchan "/opt/nntpchan" set $allowed "yes"; # example blacklist rules, uncomment as needed # allow only torbrowser #if ( $http_user_agent != "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" ) { # set $allowed "no"; #} if ($allowed != "yes") { return 403; } location /live { # livechan websocket is passed into backend directly bypassing varnish client_max_body_size 10M; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://$srnd/live; } location / { # have varnish by default proxy_pass http://$varnish/; } location ~ /post/(.+) { # pass post right into backend bypassing varnish client_max_body_size 80M; proxy_pass http://$srnd/post/$1; } location /static/ { # serve static files alias $nntpchan/contrib/static/; } location ~ /img/(.+)\.(jpeg|jpg|png|webp|gif|mp3|ogg|opus|mp4|flac|txt|zip|rar|mp2|flv)$ { # serve files alias $nntpchan/webroot/img/$1.$2; } location ~ /img/(.+)\.(.+)$ { # changes mime type for unknown files types { } default_type text/plain; alias $nntpchan/webroot/img/$1.$2; } location ~ /thm/(.+)$ { # http subdomain rewrite for sfw if ( $http_host ~ fbi ) { rewrite ^/(.+).jpg /static/placeholder.jpg break; } if ( $http_host ~ sfw ) { rewrite ^/(.+).jpg /static/placeholder.jpg break; } alias $nntpchan/webroot/thm/$1; } }