Danila Vershinin

proxy_cache_path /mnt/cache_nginx/json levels=1:2 keys_zone=cache_api:100m inactive=72h max_size=1G;

server {
        listen 443 ssl;

        # зона запросов, где кеш отключен
        location ~ /user/.*(\.xml|\.json)$ {
              proxy_cache             off;

              proxy_intercept_errors off;
              proxy_read_timeout 30s;
              proxy_send_timeout 30s;
        }

        location ~ (\.xml|\.json)$ {
              proxy_cache             cache_api;
              proxy_cache_valid       502 503 1m;
              proxy_cache_valid       404 1h;
              proxy_cache_valid       any 3d;
              proxy_cache_key         $request_uri;

              proxy_intercept_errors off;
              proxy_read_timeout 30s;
              proxy_send_timeout 30s;
        }


}

server {
  root ...;
  index index.php;
  location = /index.php {
    # do what you want with it
    fastcgi_pass /path/to/fpm/sock/file;
  }

  location / {
    # not matching /index.php here, so passing over to upstream
    proxy_pass http://your.upstream/;
    ...
  }    
}

http {
  ...
  map $arg_folder_id $loc_auth {
    default "off";
    351 "Test4";
  }

  server {
    ...	
    location /projects/wwe/dmsf {
      ...
      auth_basic $loc_auth; 
      ...
    }
  }
}

location ^/index\.php$ {
   if ($query_string ~ "r=test") {
     proxy_pass ...
   }
   ...
}

set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
# .. put all Cloudflare ranges like above

# ddos-guard.net range:
set_real_ip_from 186.2.160.0/24;

# DDoS Guard
geo $use_x_real_ip {
  default 0;
  186.2.160.0/24 1;
}

# Cloudflare
geo $use_x_cf_connecting_ip {
  default 0;
  103.21.244.0/22 1;
  103.22.200.0/22 1;
  103.31.4.0/22 1;
  # all other Cloudflare's ranges ...
}

map "$use_x_real_ip:$use_x_cf_connecting_ip" $real_ip_header {
  default 'X-Forwarded-For';
  "1:0" 'X-Real-Ip';
  "0:1" 'CF-Connecting-IP';
}

real_ip_header $real_ip_header;

location ~* ^/proxy/(?<pschema>https?)/(?<phost>[\w.]+)(?<puri>/.*) {
    set $adr $pschema://$phost;
    rewrite .* $puri break;

    proxy_pass $adr;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $phost;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    proxy_connect_timeout 1;
    proxy_intercept_errors on;
    expires 30;
}