293 lines
7.5 KiB
Nginx Configuration File
293 lines
7.5 KiB
Nginx Configuration File
|
|
||
|
# load_module "modules/ngx_stream_ssl_preread_module.so";
|
||
|
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
|
||
|
|
||
|
# worker_processes 1;
|
||
|
daemon off;
|
||
|
|
||
|
user root.nginx;
|
||
|
|
||
|
pid /srv/root/nginx/pid;
|
||
|
|
||
|
worker_rlimit_nofile 1024;
|
||
|
events {
|
||
|
worker_connections 800;
|
||
|
}
|
||
|
|
||
|
#error_log /srv/root/nginx/error.log warn;
|
||
|
error_log /tmp/nginx-error.log warn;
|
||
|
|
||
|
http {
|
||
|
access_log /tmp/nginx-access.log;
|
||
|
|
||
|
include /etc/nginx/mime.types;
|
||
|
default_type application/octet-stream;
|
||
|
index index.html index.htm index.xhtml;
|
||
|
|
||
|
fastcgi_param HTTP_PROXY "";
|
||
|
|
||
|
keepalive_timeout 65;
|
||
|
|
||
|
server_tokens off;
|
||
|
|
||
|
upstream git_baguette_backend {
|
||
|
server 192.168.122.132:3000;
|
||
|
# server 192.168.122.132:80;
|
||
|
keepalive 32;
|
||
|
}
|
||
|
|
||
|
upstream baguette_backend {
|
||
|
server 192.168.122.132:80;
|
||
|
keepalive 32;
|
||
|
}
|
||
|
|
||
|
upstream arpenteurs_backend_ws {
|
||
|
server localhost:3000;
|
||
|
# server 192.168.122.132:80;
|
||
|
keepalive 32;
|
||
|
}
|
||
|
|
||
|
|
||
|
upstream team_baguette_backend_ws {
|
||
|
server 192.168.122.132:8065;
|
||
|
# server 192.168.122.132:80;
|
||
|
keepalive 32;
|
||
|
}
|
||
|
|
||
|
upstream team_baguette_backend {
|
||
|
server 192.168.122.132:8065;
|
||
|
keepalive 32;
|
||
|
}
|
||
|
|
||
|
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
|
||
|
|
||
|
|
||
|
server {
|
||
|
listen 80 ;
|
||
|
listen [::]:80 ;
|
||
|
server_name www.arpenteurdestrasbourg.netlib.re arpenteurdestrasbourg.netlib.re;
|
||
|
|
||
|
location /admin {
|
||
|
proxy_set_header Upgrade $http_upgrade;
|
||
|
proxy_set_header Connection "upgrade";
|
||
|
client_max_body_size 50M;
|
||
|
proxy_set_header Host $http_host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||
|
proxy_buffers 256 16k;
|
||
|
proxy_buffer_size 16k;
|
||
|
client_body_timeout 60;
|
||
|
send_timeout 300;
|
||
|
lingering_timeout 5;
|
||
|
proxy_connect_timeout 90;
|
||
|
proxy_send_timeout 300;
|
||
|
proxy_read_timeout 90s;
|
||
|
proxy_pass http://arpenteurs_backend_ws;
|
||
|
}
|
||
|
|
||
|
location / {
|
||
|
proxy_buffering off;
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_next_upstream_timeout 2s;
|
||
|
proxy_pass http://localhost:3000/;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 80 ;
|
||
|
listen [::]:80 ;
|
||
|
server_name baguette.netlib.re
|
||
|
www.baguette.netlib.re
|
||
|
mail.baguette.netlib.re
|
||
|
git.baguette.netlib.re;
|
||
|
# error_log /srv/root/nginx/error_baguette-port-80.log warn;
|
||
|
error_log /tmp/nginx-error_baguette-port-80.log warn;
|
||
|
|
||
|
location / {
|
||
|
rewrite ^ https://git.baguette.netlib.re$request_uri? permanent;
|
||
|
}
|
||
|
|
||
|
location ~ /.well-known/acme-challenge/(.*) {
|
||
|
client_max_body_size 1M;
|
||
|
proxy_set_header Connection "";
|
||
|
proxy_set_header Host $http_host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||
|
proxy_buffers 256 16k;
|
||
|
proxy_buffer_size 16k;
|
||
|
proxy_read_timeout 600s;
|
||
|
proxy_cache mattermost_cache;
|
||
|
proxy_cache_revalidate on;
|
||
|
proxy_cache_min_uses 2;
|
||
|
proxy_cache_use_stale timeout;
|
||
|
proxy_cache_lock on;
|
||
|
# Not sure.
|
||
|
add_header Content-Type application/jose+json;
|
||
|
proxy_pass http://baguette_backend;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 443 ssl;
|
||
|
listen [::]:443 ssl;
|
||
|
server_name git.baguette.netlib.re;
|
||
|
ssl_protocols TLSv1.2;
|
||
|
|
||
|
ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem;
|
||
|
ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key;
|
||
|
|
||
|
ssl_dhparam /etc/ssl/private/dhparam.pem;
|
||
|
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
|
||
|
|
||
|
|
||
|
ssl_session_timeout 5m;
|
||
|
ssl_session_cache shared:SSL:10m;
|
||
|
|
||
|
# ssl_ciphers HIGH:!MEDIUM:!WEAK:!aNULL:!MD5:!RC4;
|
||
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES256-SHA384;
|
||
|
ssl_prefer_server_ciphers on;
|
||
|
|
||
|
# error_log /srv/root/nginx/error_git-baguette.log warn;
|
||
|
error_log /tmp/nginx-error_git-baguette.log warn;
|
||
|
|
||
|
location / {
|
||
|
proxy_buffering off;
|
||
|
proxy_next_upstream_timeout 2s;
|
||
|
client_max_body_size 0;
|
||
|
# proxy_set_header Host $host;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header Host $http_host;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
proxy_max_temp_file_size 0;
|
||
|
proxy_redirect off;
|
||
|
proxy_read_timeout 120;
|
||
|
proxy_pass http://git_baguette_backend;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
server {
|
||
|
listen 80 ;
|
||
|
listen [::]:80 ;
|
||
|
server_name www.baguette.netlib.re baguette.netlib.re;
|
||
|
|
||
|
location / {
|
||
|
rewrite ^ https://baguette.netlib.re$request_uri? permanent;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 443 ssl;
|
||
|
listen [::]:443 ssl;
|
||
|
server_name baguette.netlib.re;
|
||
|
|
||
|
ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem;
|
||
|
ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key;
|
||
|
|
||
|
|
||
|
ssl_session_timeout 5m;
|
||
|
ssl_session_cache shared:SSL:10m;
|
||
|
|
||
|
ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
|
||
|
ssl_prefer_server_ciphers on;
|
||
|
|
||
|
location / {
|
||
|
root /srv/baguette/ ;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
server {
|
||
|
listen 80 ;
|
||
|
listen [::]:80 ;
|
||
|
server_name www.team.baguette.netlib.re team.baguette.netlib.re;
|
||
|
|
||
|
location / {
|
||
|
rewrite ^ https://team.baguette.netlib.re$request_uri? permanent;
|
||
|
}
|
||
|
|
||
|
location ~ /.well-known/acme-challenge/(.*) {
|
||
|
client_max_body_size 1M;
|
||
|
proxy_set_header Connection "";
|
||
|
proxy_set_header Host $http_host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||
|
proxy_buffers 256 16k;
|
||
|
proxy_buffer_size 16k;
|
||
|
proxy_read_timeout 600s;
|
||
|
proxy_cache mattermost_cache;
|
||
|
proxy_cache_revalidate on;
|
||
|
proxy_cache_min_uses 2;
|
||
|
proxy_cache_use_stale timeout;
|
||
|
proxy_cache_lock on;
|
||
|
# Not sure.
|
||
|
add_header Content-Type application/jose+json;
|
||
|
proxy_pass http://baguette_backend;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 443 ssl;
|
||
|
listen [::]:443 ssl;
|
||
|
server_name team.baguette.netlib.re;
|
||
|
|
||
|
# index index.php index.html;
|
||
|
|
||
|
ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem;
|
||
|
ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key;
|
||
|
|
||
|
ssl_session_timeout 5m;
|
||
|
ssl_session_cache shared:SSL:10m;
|
||
|
|
||
|
ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
|
||
|
ssl_prefer_server_ciphers on;
|
||
|
|
||
|
location ~ /api/v[0-9]+/(users/)?websocket$ {
|
||
|
proxy_set_header Upgrade $http_upgrade;
|
||
|
proxy_set_header Connection "upgrade";
|
||
|
client_max_body_size 50M;
|
||
|
proxy_set_header Host $http_host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||
|
proxy_buffers 256 16k;
|
||
|
proxy_buffer_size 16k;
|
||
|
client_body_timeout 60;
|
||
|
send_timeout 300;
|
||
|
lingering_timeout 5;
|
||
|
proxy_connect_timeout 90;
|
||
|
proxy_send_timeout 300;
|
||
|
proxy_read_timeout 90s;
|
||
|
proxy_pass http://team_baguette_backend_ws;
|
||
|
}
|
||
|
|
||
|
location / {
|
||
|
client_max_body_size 50M;
|
||
|
proxy_set_header Connection "";
|
||
|
proxy_set_header Host $http_host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||
|
proxy_buffers 256 16k;
|
||
|
proxy_buffer_size 16k;
|
||
|
proxy_read_timeout 600s;
|
||
|
proxy_cache mattermost_cache;
|
||
|
proxy_cache_revalidate on;
|
||
|
proxy_cache_min_uses 2;
|
||
|
proxy_cache_use_stale timeout;
|
||
|
proxy_cache_lock on;
|
||
|
proxy_pass http://team_baguette_backend;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
}
|