-
Notifications
You must be signed in to change notification settings - Fork 6
/
chat.conf
135 lines (114 loc) · 4.25 KB
/
chat.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# WARNING: You need to add your own SSL & some other stuff.
worker_processes 1; # this demo is not thread safe.
daemon off; # we'll start nginx from docker.
user nginx;
worker_rlimit_nofile 65536;
error_log logs/error.log error;
pid logs/nginx.pid;
events {
worker_connections 65536;
}
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 6500;
charset "utf8";
ignore_invalid_headers on;
lua_package_path '/opt/openresty/nginx/conf/?.lua;;';
init_by_lua '
cjson = require "cjson"
chat = require("chat")
';
server {
listen 80 so_keepalive=20s:3s:6;
# server_name localhost;
server_tokens off;
set_by_lua $dontcare 'chat.check_init()';
more_set_headers 'X-Content-Type-Options: nosniff';
more_set_headers 'X-Frame-Options: SAMEORIGIN';
more_set_headers 'X-XSS-Protection: 1; mode=block';
location ~ "^/sub/(?P<channel>[a-zA-Z\d_-]+)$" {
lua_socket_log_errors off;
lua_check_client_abort on;
content_by_lua '
chat.event_source_location(ngx.var.channel)
';
}
location ~ "^/upload/(?P<channel>[a-zA-Z\d_-]+)$" {
set_secure_random_alphanum $dir 1;
set_secure_random_alphanum $filename 16;
client_max_body_size 256k; # this prototype uses small images only.
access_by_lua '
if not chat.channel_count(ngx.var.channel) then
ngx.exit(403)
end
';
content_by_lua '
chat.file_upload_location()
local path = "/img/"..ngx.var.dir.."/"..ngx.var.filename;
chat.publish_event(ngx.var.channel, nil, "image", path)
ngx.exit(200)
';
}
location ~ "/img/(?P<dir>[a-zA-Z\d])/(?P<filename>[a-zA-Z\d]+)$" {
gzip on;
gzip_min_length 1000;
gzip_types text/plain;
etag off;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
default_type text/plain;
alias /opt/openresty/nginx/uploads/$dir/$filename;
}
location /imghost.html {
rewrite ^ /cors-cdn-demo permanent; # no need to have two urls for this one.
}
location /cors-cdn-demo {
default_type 'text/html';
# Needs different CSP for connection:
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' data:; connect-src 'self' https://corscdn.cardsnip.com https://cdnjs.cloudflare.com";
alias /opt/openresty/nginx/html/imghost.html;
}
location ~ "^/pub/(?P<channel>[a-zA-Z\d_-]+)$" {
client_max_body_size 32k;
content_by_lua '
ngx.req.read_body()
local body_str = cjson.encode(ngx.var.request_body)
chat.publish_event(ngx.var.channel, nil, nil, body_str)
ngx.exit(200)
';
}
location / {
add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:;";
gzip_static on;
etag off;
add_header Cache-Control "private,max-age=1200";
root html;
index secureup.html;
}
location /chatstats {
etag off;
add_header Cache-Control "private,max-age=20";
default_type 'application/json';
content_by_lua '
ngx.say(chat.get_json_stats())
';
}
location /fonts {
types {
application/vnd.ms-fontobject eot;
font/opentype otf;
application/x-font-ttf ttf;
application/font-woff woff;
}
gzip_static on;
etag off;
add_header Cache-Control "public,max-age=30672000";
root html;
}
location /stats {
stub_status on;
access_log on;
}
}
}