From 9a85e1f458b76eaebddab4df7e9c66a1e68ff1e3 Mon Sep 17 00:00:00 2001
From: Alec Armbruster <alecsamuelarmbruster@gmail.com>
Date: Thu, 7 Mar 2019 16:29:21 -0800
Subject: [PATCH] Create nginx.vhost.production

---
 nginx.vhost.production | 50 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 nginx.vhost.production

diff --git a/nginx.vhost.production b/nginx.vhost.production
new file mode 100644
index 00000000..ea0b91f1
--- /dev/null
+++ b/nginx.vhost.production
@@ -0,0 +1,50 @@
+# example for a production vhost for szurubooru.
+# ideally, use ssl termination + cdn with a provider such as cloudflare.
+# modify as needed!
+
+# rate limiting zone
+# poor man's ddos protection, essentially
+limit_req_zone $binary_remote_addr zone=throttle:10m rate=25r/s;
+
+# www -> non-www
+server {
+  listen 80;
+  listen [::]:80;
+  server_tokens off;
+  server_name www.example.com
+  return 301 http://example.com$request_uri;
+}
+
+server {
+  server_name example.com;
+  client_max_body_size 100M;
+  client_body_timeout 30s;
+  server_tokens off;
+  location / {
+    limit_req zone=throttle burst=5 delay=3;
+    proxy_http_version 1.1;
+    proxy_pass http://127.0.0.1:8080;
+    proxy_set_header Host $http_host;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Scheme $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Script-Name /szuru;
+    error_page 500 501 502 504 505 506 507 508 509 510 511 @err;
+    error_page 503 @throttle;
+  }
+
+  location @err {
+    return 500 "server error. please try again later.";
+    default_type text/plain;
+  }
+    location @throttle {
+    return 503 "we've detected abuse on your ip. please wait and try again later.";
+    default_type text/plain;
+  }
+  
+  listen 80;
+  listen [::]:80;
+}