My nginx config not working as expected

PaulKellerman · September 10, 2024, 9:35pm

I created 2 files that are being included by default:

/etc/nginx/conf.d/limiter.conf

limit_conn_zone $binary_remote_addr zone=addr:10m;

/home/admin/conf/web/actual.domain.com/nginx.conf_stopdirect

error_page 503 503.html;

location /downloads/ {
        internal;
        limit_conn addr 2;
        limit_rate 1m;
        add_header X-Robots-Tag "noindex, nofollow" always;
}

I did nginx -T
no errors, i see them getting included.

I expect not to have direct access via web browser to anything inside /downloads/ but i do.
I noticed the directory index does indeed 403 but not its contents.

The limit_rate 1m; is about 1MB/s, it’s being ignored.
I also tried limit_rate 5200k; also ignored.

I’m confident this config works cos i’ve used it with serverpilot for years, i think i’m the rigth context? limiter.conf inside http and nginx.conf_stopdirect on server context.

What am i doing wrong?

sahsanu · September 10, 2024, 9:43pm

I can’t say anything about the conf but if your site is using https, you must also add the right conf for https schema.

cd /home/admin/conf/web/actual.domain.com/
ln -s nginx.conf_stopdirect nginx.ssl.conf_stopdirect
systemctl reload nginx

PaulKellerman · September 10, 2024, 10:05pm

Hi, that worked way too well it did block direct access but now downloading via php script 404’s (before running that command i could download via the same php script and directly)

sahsanu · September 10, 2024, 10:29pm

The only thing that command did, was to add the conf to your nginx ssl conf.

PaulKellerman · September 11, 2024, 4:40pm

Right. thanks!
Can you tell me if this:
/etc/nginx/conf.d/limiter.conf
would affect both ssl and not ssl configs? it’s http context afaik.

sahsanu · September 11, 2024, 5:22pm

Yes, it’s http context and it will affect to ALL the confs of your sites.