==================================================================================== === Дефолтный конфиг сервера с https от acme.sh и авторизацией на сервер: ==================================================================================== # server { listen 80; server_name example.com; auth_basic "Restricted Area"; auth_basic_user_file /etc/nginx/.htpasswd; location / { root /var/www/test; autoindex on; } location ~ /.well-known { root /var/www/test; allow all; } listen 443 ssl; ssl_certificate /etc/ssl/acme/example.com_ecc/example.com.cer; ssl_certificate_key /etc/ssl/acme/example.com_ecc/example.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; if ($scheme = http) { return 301 https://$server_name$request_uri; } } ==================================================================================== === nginx.conf с geoip: ==================================================================================== # user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; #load_module modules/ngx_http_geoip2_module.so; events { worker_connections 768; } http { ssl_protocols TLSv1.2 TLSv1.3; geoip2 /etc/nginx/geoip/GeoLite2-Country.mmdb { $geoip2_data_country_iso_code country iso_code; $geoip2_data_country_name source=$remote_addr country names en; } geoip2 /etc/nginx/geoip/GeoLite2-City.mmdb { $geoip2_data_city_name source=$remote_addr city names en; } map $geoip2_data_country_iso_code $allowed_country { default no; FR yes; # France BE yes; # Belgium DE yes; # Germany CH yes; # Switzerland # US yes; } include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format main_geo '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '$geoip2_data_country_iso_code $geoip2_data_country_name $geoip2_data_city_name'; access_log /var/log/nginx/access.log main_geo; access_log /var/log/nginx/access_main.log main; sendfile on; server_tokens off; keepalive_timeout 65; include /etc/nginx/conf.d/*.conf; } ==================================================================================== === Конфиг сервера с баном по geoip, fancyindex, темой для него и кастомными страницами ошибок: ==================================================================================== # map $http_user_agent $browser { default "1.jpg"; "~*Firefox" "2.jpg"; "~*Chrome" "3.jpg"; "~*Wget" "4.jpg"; } server { listen 80; server_name example.com; auth_basic "Restricted Area"; auth_basic_user_file /etc/nginx/.htpasswd; root /var/www/test1; rewrite_log on; error_log /var/log/nginx/error_and_rewrite.example.com.log notice; location / { fancyindex on; fancyindex_header "/theme1/header.html"; fancyindex_ignore "theme1"; #ignore this directory when showing list fancyindex_time_format "%Y%m%d_%H%M"; } location ~ /.well-known { allow all; } error_page 404 /404.html; location = /404.html { root /etc/nginx/html; } # if ($allowed_country = no) { # return 500; # } error_page 500 /500.html; location = /500.html { root /etc/nginx/html; try_files /500.html 500; internal; } location /fancyindex { alias /etc/nginx/themes/fancyindex1; } location /theme1 { alias /etc/nginx/themes/theme1; } location /.assets { alias /etc/nginx/themes/theme1/.assets; } location /pics { root /var/www/test2; rewrite ^ /$browser break; } listen 443 ssl; ssl_certificate /etc/ssl/acme/example.com_ecc/fullchain.cer; ssl_certificate_key /etc/ssl/acme/example.com_ecc/example.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; # if ($scheme = http) { # return 301 https://$server_name$request_uri; # } } ==================================================================================== === Включение https для конкретного location: ==================================================================================== # location /threads { . . if ($ssl_protocol = "") { rewrite ^/(.*) https://$server_name/$1 permanent; } . } ==================================================================================== === Отдавать разные файлы в зависимости от $http_user_agent. Если "nonexistent", то отдавать 403: ==================================================================================== # map $http_user_agent $browser { default "nonexistent"; "~*Firefox" "file.zip"; "~*Wget" "file1.zip"; } server { ... location = /somefile.someextension { alias /path/to/directory/$browser; if (!-f $request_filename) { return 403; } } }