Category Archives: NGINX

Nginx

Linux, NGINX

Configuration

# HTTP to HTTPS
if ($scheme = http) {
    return 301 https://$host$request_uri;
}

# Proxy
location / {
    include /etc/nginx/proxy_params;
    proxy_pass http://127.0.0.1:5000/;
}

# Custom robots.txt
location = /robots.txt {
    add_header Content-Type text/plain;
    return 200 "User-agent: *\nDisallow: /\n";
}

# Activate HTTP2 (1.9.5+)
listen 443 ssl http2;

Rate limiting

# Use $http_cf_connecting_ip instead of $binary_remote_addr when behind Cloudflare
limit_req_zone $http_cf_connecting_ip zone=php_limit:10m rate=10r/s;
limit_req_log_level warn;

location ~ \.php$ {
    limit_req zone=php_limit burst=50;
}

# Test using bash
for i in $(seq 1 30); do curl -I -s "https://[HOST]/" | head -n 1; done

UniFi Protect behind nginx proxy

NGINX, UniFi

Below is a snippet of nginx configuration that will enable access to your UniFi Controller (eg. Unifi Cloud Key Gen2) using nginx reverse proxy.

server {
        listen 443 ssl;
        server_name example.com;

        location / {
                include /etc/nginx/proxy_params;
                proxy_pass https://IP_ADDRESS_OF_THE_CONTROLLER/;

                # WebSocket support
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}