-
Notifications
You must be signed in to change notification settings - Fork 1
[notes, anteckningar] Anteckningar
Ingi Erli edited this page Jun 7, 2022
·
1 revision
- adding robots.txt to the nginx-proxy - with the nginx-proxy.conf -file
- removing the environment
version: '3.7'
services:
proxy:
#image: jwilder/nginx-proxy:0.4.0
image: nginxproxy/nginx-proxy:0.8.0
container_name: jwilder-proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./certs:/etc/nginx/certs:ro
- ./nginx-proxy.conf:/etc/nginx/conf.d/nginx-proxy.conf:ro
shiny:
image: inkimar/shiny:v0.1.5
#image: inkimar/shiny:v0.1.2
restart: always
container_name: shiny
#environment:
# - VIRTUAL_HOST=birdrecoveries.nrm.se
# - VIRTUAL_PORT=3838
# These IP addresses are never allowed to access locations except robots.txt
geo $blocked_ip {
default 0;
46.229.161.131 1;
}
map $http_user_agent $blocked_user_agent {
default 0;
# These user agents are never allowed access to this location
# Telling NGINX to return 444 is a special pseudo response code that immediately cuts the TCP connection with no response
"~Semrush" 1;
"~SEMrush" 1;
"~semrush" 1;
"~Googlebot" 1;
"~GoogleBot" 1;
}
server {
listen [::]:80;
listen 80;
server_name birdrecoveries.nrm.se;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name birdrecoveries.nrm.se;
ssl_certificate /etc/nginx/certs/birdrecoveries.nrm.se.crt;
ssl_certificate_key /etc/nginx/certs/birdrecoveries.nrm.se.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
access_log off;
error_log /var/log/nginx/birdrecoveries.nrm.se-error.log error;
#location ~ /\.(?!well-known).* {
# deny all;
## }
location = /robots.txt {
add_header Content-Type text/plain;
return 200
"
# Disallow particular paths for all user agents
User-agent: *
#Allow: /wp-content/uploads/
Disallow: /login/
Disallow: /admin/
#Crawl-delay: 30
# Disallow entire user agents
User-agent: Semrush
Disallow: /
User-agent: SEMrush
Disallow: /
User-agent: semrush
Disallow: /
#Disallow Googlebots
User-agent: Googlebot
Disallow: /
User-agent: GoogleBot
Disallow: /
";
}
location / {
# expires $expires;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://shiny:3838;
}
}