-
-
Notifications
You must be signed in to change notification settings - Fork 0
Nginx
oooo-ps edited this page Aug 10, 2025
·
9 revisions
server {
listen 80;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
This is working configuration for the tracker.ygg instance:
server {
listen [302:68d0:f0d5:b88d::fdb]:80;
server_name 302:68d0:f0d5:b88d::fdb tracker.ygg;
access_log /var/log/nginx/btracker.access.log;
location ~* \.(jpg|jpeg|png|gif|css|js|ico|svg|css) {
expires 30d;
add_header Cache-Control "public, max-age=2592000";
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
expires 15m;
add_header Cache-Control "public, max-age=900";
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Note
Direct access to public files is safe and is partially restricted by the Rocket framework implementation. Therefore, feel free to further restrict direct access on the Nginx side.
Restrict direct access to the torrent files
location ~* \.torrent$ {
deny all;
}
Restrict direct access to hidden files (started with dot)
Hidden files are temporarily created filesystem offsets by the aquatic-crawler and its librqbit client on the data preload. Permanent files are moved to folders without a dot. There is no reason to access this location.
location ~* ^/\. {
deny all;
}