]> Git — Sourcephile - gargantext.git/blob - devops/nginx/default
[VERSION] +1 to 0.0.3.7
[gargantext.git] / devops / nginx / default
1
2 ##
3 ## GargantText serveur configuration
4 ## Authors: team@gargantext.org
5 ## Licence CNRS/AGPLv3-MIT/CECILL-INRIA
6 #
7 # Fee free to improve it
8 # Thanks for sharing to all community
9
10
11 # Specific NGINX informations
12 #
13 # You should look at the following URL's in order to grasp a solid understanding
14 # of Nginx configuration files in order to fully unleash the power of Nginx.
15 # http://wiki.nginx.org/Pitfalls
16 # http://wiki.nginx.org/QuickStart
17 # http://wiki.nginx.org/Configuration
18 #
19 # Generally, you will want to move this file somewhere, and start with a clean
20 # file but keep this around for reference. Or just disable in sites-enabled.
21 #
22 # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
23 ##
24
25 server {
26
27 server_name doc.gargantext.org;
28
29 add_header Cache-Control "no-cache";
30
31 root /var/www/html/;
32 index index.html;
33
34
35 listen 443 ssl; # managed by Certbot
36 ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
37 ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
38 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
39 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
40
41 }
42
43 # Comment this for maintenance only
44 server {
45
46 #server_name v4.gargantext.org;
47 server_name maintenanceOnly.gargantext.org;
48
49 add_header Cache-Control "no-cache";
50
51 root /var/www/maintenance/;
52 index index.html;
53
54
55 listen 443 ssl; # managed by Certbot
56 ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
57 ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
58 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
59 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
60
61 }
62
63
64
65
66 server {
67 if ($host = v4.gargantext.org) {
68 return 301 https://$host$request_uri;
69 } # managed by Certbot
70
71
72 listen 80;
73
74 server_name v4.gargantext.org;
75
76 add_header Cache-Control "no-cache";
77
78 location '/.well-known/acme-challenge' {
79 root /var/www/gargantext;
80 }
81
82 # Always redirect to https
83 return 301 https://v4.gargantext.org$request_uri;
84
85
86 }
87
88 server {
89 listen 443;
90 listen [::]:443 ssl;
91
92 server_name v4.gargantext.org;
93
94 # Some options configurations:
95 # https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/location/expires.conf
96 add_header Cache-Control "no-cache";
97
98 # SSL configuration
99 #
100 # listen 443 ssl default_server;
101 # listen [::]:443 ssl default_server;
102
103 ssl on;
104 ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
105 ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
106
107 # Note: You should disable gzip for SSL traffic.
108 # See: https://bugs.debian.org/773332
109 #
110 # Read up on ssl_ciphers to ensure a secure configuration.
111 # See: https://bugs.debian.org/765782
112 #
113 # Self signed certs generated by the ssl-cert package
114 # Don't use them in a production server!
115 #
116 # include snippets/snakeoil.conf;
117
118 client_max_body_size 800M;
119 client_body_timeout 12;
120 client_header_timeout 12;
121 keepalive_timeout 15;
122 send_timeout 10;
123
124 root /var/www/html;
125 index index.html;
126
127 #add_header Access-Control-Allow-Origin $http_origin always;
128 # Add index.php to the list if you are using PHP
129 #index index.html index.htm index.nginx-debian.html;
130
131 # CORS config borrowed from: https://gist.github.com/pauloricardomg/7084524
132 # NP: not sure we need CORS yet
133 #
134 if ($http_origin ~* (^https?://(127.0.0.1|localhost|v4\.gargantext\.com))) {
135 set $cors "1";
136 }
137 #
138 # Cross-Origin Resource Sharing
139 if ($request_method = "OPTIONS") {
140 set $cors "${cors}o";
141 }
142
143
144 # SSL CERT renewal
145 location '/.well-known/acme-challenge' {
146 alias /var/www/gargantext/.well-known/acme-challenge ;
147 }
148
149
150 location /api {
151 # limit_except OPTIONS {
152 # auth_basic "Gargantext's Development Version";
153 # auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd;
154 # }
155
156 proxy_set_header X-Real-IP $remote_addr;
157 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
158 proxy_set_header X-Forwarded-Proto $scheme;
159 proxy_set_header Host $http_host;
160 proxy_redirect off;
161 proxy_pass http://127.0.0.1:8008;
162
163
164 }
165
166 location / {
167 # https://stackoverflow.com/a/48708812
168 # limit_except OPTIONS {
169 # auth_basic "Gargantext's Development Version";
170 # auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd;
171 # }
172
173 proxy_set_header X-Real-IP $remote_addr;
174 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
175 proxy_set_header X-Forwarded-Proto $scheme;
176 proxy_set_header Host $http_host;
177 proxy_redirect off;
178 proxy_pass http://127.0.0.1:8008;
179
180
181 }
182
183 #access_log off;
184 access_log /var/log/nginx/access.log;
185 error_log /var/log/nginx/error.log;
186
187
188 }
189
190
191
192
193 server {
194 if ($host = doc.gargantext.org) {
195 return 301 https://$host$request_uri;
196 } # managed by Certbot
197
198 listen 80;
199
200 server_name doc.gargantext.org;
201 return 404; # managed by Certbot
202
203 }