infrastructure-doc/configuration-files/alpha/nginx.conf

293 lines
7.5 KiB
Nginx Configuration File

# load_module "modules/ngx_stream_ssl_preread_module.so";
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
# worker_processes 1;
daemon off;
user root.nginx;
pid /srv/root/nginx/pid;
worker_rlimit_nofile 1024;
events {
worker_connections 800;
}
#error_log /srv/root/nginx/error.log warn;
error_log /tmp/nginx-error.log warn;
http {
access_log /tmp/nginx-access.log;
include /etc/nginx/mime.types;
default_type application/octet-stream;
index index.html index.htm index.xhtml;
fastcgi_param HTTP_PROXY "";
keepalive_timeout 65;
server_tokens off;
upstream git_baguette_backend {
server 192.168.122.132:3000;
# server 192.168.122.132:80;
keepalive 32;
}
upstream baguette_backend {
server 192.168.122.132:80;
keepalive 32;
}
upstream arpenteurs_backend_ws {
server localhost:3000;
# server 192.168.122.132:80;
keepalive 32;
}
upstream team_baguette_backend_ws {
server 192.168.122.132:8065;
# server 192.168.122.132:80;
keepalive 32;
}
upstream team_baguette_backend {
server 192.168.122.132:8065;
keepalive 32;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80 ;
listen [::]:80 ;
server_name www.arpenteurdestrasbourg.netlib.re arpenteurdestrasbourg.netlib.re;
location /admin {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://arpenteurs_backend_ws;
}
location / {
proxy_buffering off;
proxy_set_header Host $host;
proxy_next_upstream_timeout 2s;
proxy_pass http://localhost:3000/;
}
}
server {
listen 80 ;
listen [::]:80 ;
server_name baguette.netlib.re
www.baguette.netlib.re
mail.baguette.netlib.re
git.baguette.netlib.re;
# error_log /srv/root/nginx/error_baguette-port-80.log warn;
error_log /tmp/nginx-error_baguette-port-80.log warn;
location / {
rewrite ^ https://git.baguette.netlib.re$request_uri? permanent;
}
location ~ /.well-known/acme-challenge/(.*) {
client_max_body_size 1M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
# Not sure.
add_header Content-Type application/jose+json;
proxy_pass http://baguette_backend;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.baguette.netlib.re;
ssl_protocols TLSv1.2;
ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem;
ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key;
ssl_dhparam /etc/ssl/private/dhparam.pem;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
# ssl_ciphers HIGH:!MEDIUM:!WEAK:!aNULL:!MD5:!RC4;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:!ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
# error_log /srv/root/nginx/error_git-baguette.log warn;
error_log /tmp/nginx-error_git-baguette.log warn;
location / {
proxy_buffering off;
proxy_next_upstream_timeout 2s;
client_max_body_size 0;
# proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;
proxy_redirect off;
proxy_read_timeout 120;
proxy_pass http://git_baguette_backend;
}
}
server {
listen 80 ;
listen [::]:80 ;
server_name www.baguette.netlib.re baguette.netlib.re;
location / {
rewrite ^ https://baguette.netlib.re$request_uri? permanent;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name baguette.netlib.re;
ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem;
ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
ssl_prefer_server_ciphers on;
location / {
root /srv/baguette/ ;
}
}
server {
listen 80 ;
listen [::]:80 ;
server_name www.team.baguette.netlib.re team.baguette.netlib.re;
location / {
rewrite ^ https://team.baguette.netlib.re$request_uri? permanent;
}
location ~ /.well-known/acme-challenge/(.*) {
client_max_body_size 1M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
# Not sure.
add_header Content-Type application/jose+json;
proxy_pass http://baguette_backend;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name team.baguette.netlib.re;
# index index.php index.html;
ssl_certificate /etc/ssl/baguette.netlib.re.fullchain.pem;
ssl_certificate_key /etc/ssl/private/baguette.netlib.re.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
ssl_prefer_server_ciphers on;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://team_baguette_backend_ws;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://team_baguette_backend;
}
}
}