# load_module "modules/ngx_stream_ssl_preread_module.so"; load_module /usr/lib/nginx/modules/ngx_stream_module.so; # worker_processes 1; daemon off; user root.nginx; pid /srv/root/nginx/pid; worker_rlimit_nofile 1024; events { worker_connections 800; } #error_log /srv/root/nginx/error.log warn; error_log /tmp/nginx-error.log warn; http { access_log /tmp/nginx-access.log; include /etc/nginx/mime.types; default_type application/octet-stream; index index.html index.htm index.xhtml; fastcgi_param HTTP_PROXY ""; keepalive_timeout 65; server_tokens off; upstream git_baguette_backend { server 192.168.122.132:3000; # server 192.168.122.132:80; keepalive 32; } upstream baguette_backend { server 192.168.122.132:80; keepalive 32; } upstream arpenteurs_backend_ws { server localhost:3000; # server 192.168.122.132:80; keepalive 32; } upstream team_baguette_backend_ws { server 192.168.122.132:8065; # server 192.168.122.132:80; keepalive 32; } upstream team_baguette_backend { server 192.168.122.132:8065; keepalive 32; } proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off; server { listen 80 ; listen [::]:80 ; server_name www.arpenteurdestrasbourg.netlib.re arpenteurdestrasbourg.netlib.re; location /admin { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 50M; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; client_body_timeout 60; send_timeout 300; lingering_timeout 5; proxy_connect_timeout 90; proxy_send_timeout 300; proxy_read_timeout 90s; proxy_pass http://arpenteurs_backend_ws; } location / { proxy_buffering off; proxy_set_header Host $host; proxy_next_upstream_timeout 2s; proxy_pass http://localhost:3000/; } } server { listen 80 ; listen [::]:80 ; server_name baguette.netlib.re www.baguette.netlib.re mail.baguette.netlib.re git.baguette.netlib.re; # error_log /srv/root/nginx/error_baguette-port-80.log warn; error_log /tmp/nginx-error_baguette-port-80.log warn; location / { rewrite ^ https://git.baguette.netlib.re$request_uri? permanent; } location ~ /.well-known/acme-challenge/(.*) { client_max_body_size 1M; proxy_set_header Connection ""; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; proxy_read_timeout 600s; proxy_cache mattermost_cache; proxy_cache_revalidate on; proxy_cache_min_uses 2; proxy_cache_use_stale timeout; proxy_cache_lock on; # Not sure. add_header Content-Type application/jose+json; proxy_pass http://baguette_backend; } } server { listen 443 ssl; listen [::]:443 ssl; server_name git.baguette.netlib.re; ssl_protocols TLSv1.2; ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem; ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key; ssl_dhparam /etc/ssl/private/dhparam.pem; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 5m; ssl_session_cache shared:SSL:10m; # ssl_ciphers HIGH:!MEDIUM:!WEAK:!aNULL:!MD5:!RC4; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES256-SHA384; ssl_prefer_server_ciphers on; # error_log /srv/root/nginx/error_git-baguette.log warn; error_log /tmp/nginx-error_git-baguette.log warn; location / { proxy_buffering off; proxy_next_upstream_timeout 2s; client_max_body_size 0; # proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_max_temp_file_size 0; proxy_redirect off; proxy_read_timeout 120; proxy_pass http://git_baguette_backend; } } server { listen 80 ; listen [::]:80 ; server_name www.baguette.netlib.re baguette.netlib.re; location / { rewrite ^ https://baguette.netlib.re$request_uri? permanent; } } server { listen 443 ssl; listen [::]:443 ssl; server_name baguette.netlib.re; ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem; ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:10m; ssl_ciphers HIGH:!aNULL:!MD5:!RC4; ssl_prefer_server_ciphers on; location / { root /srv/baguette/ ; } } server { listen 80 ; listen [::]:80 ; server_name www.team.baguette.netlib.re team.baguette.netlib.re; location / { rewrite ^ https://team.baguette.netlib.re$request_uri? permanent; } location ~ /.well-known/acme-challenge/(.*) { client_max_body_size 1M; proxy_set_header Connection ""; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; proxy_read_timeout 600s; proxy_cache mattermost_cache; proxy_cache_revalidate on; proxy_cache_min_uses 2; proxy_cache_use_stale timeout; proxy_cache_lock on; # Not sure. add_header Content-Type application/jose+json; proxy_pass http://baguette_backend; } } server { listen 443 ssl; listen [::]:443 ssl; server_name team.baguette.netlib.re; # index index.php index.html; ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem; ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:10m; ssl_ciphers HIGH:!aNULL:!MD5:!RC4; ssl_prefer_server_ciphers on; location ~ /api/v[0-9]+/(users/)?websocket$ { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 50M; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; client_body_timeout 60; send_timeout 300; lingering_timeout 5; proxy_connect_timeout 90; proxy_send_timeout 300; proxy_read_timeout 90s; proxy_pass http://team_baguette_backend_ws; } location / { client_max_body_size 50M; proxy_set_header Connection ""; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_buffers 256 16k; proxy_buffer_size 16k; proxy_read_timeout 600s; proxy_cache mattermost_cache; proxy_cache_revalidate on; proxy_cache_min_uses 2; proxy_cache_use_stale timeout; proxy_cache_lock on; proxy_pass http://team_baguette_backend; } } }