devops/nginx/default

   1
   2 ##
   3 # You should look at the following URL's in order to grasp a solid understanding
   4 # of Nginx configuration files in order to fully unleash the power of Nginx.
   5 # http://wiki.nginx.org/Pitfalls
   6 # http://wiki.nginx.org/QuickStart
   7 # http://wiki.nginx.org/Configuration
   8 #
   9 # Generally, you will want to move this file somewhere, and start with a clean
  10 # file but keep this around for reference. Or just disable in sites-enabled.
  11 #
  12 # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
  13 ##
  14
  15 server {
  16
  17     server_name doc.gargantext.org;
  18
  19     add_header Cache-Control "no-cache";
  20
  21     root /var/www/html/;
  22     index index.html;
  23
  24
  25     listen 443 ssl; # managed by Certbot
  26     ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
  27     ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
  28     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  29     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  30
  31 }
  32
  33 # Comment this for maintenance only
  34 server {
  35
  36     server_name v4.gargantext.org;
  37     #server_name maintenanceOnly.gargantext.org;
  38
  39     add_header Cache-Control "no-cache";
  40
  41     root /var/www/maintenance/;
  42     index index.html;
  43
  44
  45     listen 443 ssl; # managed by Certbot
  46     ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
  47     ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
  48     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  49     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
  50
  51 }
  52
  53
  54
  55
  56 server {
  57     if ($host = v4.gargantext.org) {
  58         return 301 https://$host$request_uri;
  59     } # managed by Certbot
  60
  61
  62     listen 80;
  63
  64     server_name v4.gargantext.org;
  65
  66     add_header Cache-Control "no-cache";
  67
  68     location '/.well-known/acme-challenge' {
  69         root /var/www/gargantext;
  70     }
  71
  72     # Always redirect to https
  73     return 301 https://v4.gargantext.org$request_uri;
  74
  75
  76 }
  77
  78 server {
  79     listen 443;
  80     listen [::]:443 ssl;
  81
  82     server_name v4.gargantext.org;
  83
  84     # Some options configurations:
  85     # https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/location/expires.conf
  86     add_header Cache-Control "no-cache";
  87
  88     # SSL configuration
  89     #
  90     # listen 443 ssl default_server;
  91     # listen [::]:443 ssl default_server;
  92
  93     ssl on;
  94     ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
  95     ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
  96
  97     # Note: You should disable gzip for SSL traffic.
  98     # See: https://bugs.debian.org/773332
  99     #
 100     # Read up on ssl_ciphers to ensure a secure configuration.
 101     # See: https://bugs.debian.org/765782
 102     #
 103     # Self signed certs generated by the ssl-cert package
 104     # Don't use them in a production server!
 105     #
 106     # include snippets/snakeoil.conf;
 107
 108     client_max_body_size 800M;
 109     client_body_timeout 12;
 110     client_header_timeout 12;
 111     keepalive_timeout 15;
 112     send_timeout 10;
 113
 114     root /var/www/html;
 115     index index.html;
 116
 117     #add_header Access-Control-Allow-Origin $http_origin always;
 118     # Add index.php to the list if you are using PHP
 119     #index index.html index.htm index.nginx-debian.html;
 120
 121     # CORS config borrowed from: https://gist.github.com/pauloricardomg/7084524
 122     # NP: not sure we need CORS yet
 123     #
 124     if ($http_origin ~* (^https?://(127.0.0.1|localhost|v4\.gargantext\.com))) {
 125       set $cors "1";
 126     }
 127     #
 128     # Cross-Origin Resource Sharing
 129     if ($request_method = "OPTIONS") {
 130       set $cors "${cors}o";
 131     }
 132
 133
 134      # SSL CERT renewal
 135      location '/.well-known/acme-challenge' {
 136        alias /var/www/gargantext/.well-known/acme-challenge ;
 137      }
 138
 139
 140      location /api {
 141 #      limit_except OPTIONS {
 142 #        auth_basic           "Gargantext's Development Version";
 143 #        auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd;
 144 #      }
 145
 146        proxy_set_header X-Real-IP         $remote_addr;
 147        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
 148        proxy_set_header X-Forwarded-Proto $scheme;
 149        proxy_set_header Host              $http_host;
 150        proxy_redirect   off;
 151        proxy_pass       http://127.0.0.1:8008;
 152
 153
 154      }
 155
 156      location / {
 157        # https://stackoverflow.com/a/48708812
 158 #       limit_except OPTIONS {
 159 #         auth_basic           "Gargantext's Development Version";
 160 #         auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd;
 161 #       }
 162
 163        proxy_set_header X-Real-IP         $remote_addr;
 164        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
 165        proxy_set_header X-Forwarded-Proto $scheme;
 166        proxy_set_header Host              $http_host;
 167        proxy_redirect   off;
 168        proxy_pass       http://127.0.0.1:8008;
 169
 170
 171      }
 172
 173      #access_log off;
 174      access_log /var/log/nginx/access.log;
 175      error_log /var/log/nginx/error.log;
 176
 177
 178 }
 179
 180
 181
 182
 183 server {
 184     if ($host = doc.gargantext.org) {
 185         return 301 https://$host$request_uri;
 186     } # managed by Certbot
 187
 188     listen 80;
 189
 190     server_name doc.gargantext.org;
 191     return 404; # managed by Certbot
 192
 193 }