]> Git — Sourcephile - gargantext.git/blob - devops/nginx/default
[ADM] nginx conf
[gargantext.git] / devops / nginx / default
1
2 ##
3 # You should look at the following URL's in order to grasp a solid understanding
4 # of Nginx configuration files in order to fully unleash the power of Nginx.
5 # http://wiki.nginx.org/Pitfalls
6 # http://wiki.nginx.org/QuickStart
7 # http://wiki.nginx.org/Configuration
8 #
9 # Generally, you will want to move this file somewhere, and start with a clean
10 # file but keep this around for reference. Or just disable in sites-enabled.
11 #
12 # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
13 ##
14
15
16 server {
17 if ($host = dev.gargantext.org) {
18 return 301 https://$host$request_uri;
19 } # managed by Certbot
20
21
22 listen 80;
23
24 server_name dev.gargantext.org;
25
26 add_header Cache-Control "no-cache";
27
28 location '/.well-known/acme-challenge' {
29 root /var/www/gargantext;
30 }
31
32 # Always redirect to https
33 return 301 https://dev.gargantext.org$request_uri;
34
35
36 }
37
38 server {
39 listen 443;
40 listen [::]:443 ssl;
41
42 server_name dev.gargantext.org;
43
44 # Some options configurations:
45 # https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/location/expires.conf
46 add_header Cache-Control "no-cache";
47
48 # SSL configuration
49 #
50 # listen 443 ssl default_server;
51 # listen [::]:443 ssl default_server;
52
53 ssl on;
54 ssl_certificate /etc/letsencrypt/live/dev.gargantext.org/fullchain.pem; # managed by Certbot
55 ssl_certificate_key /etc/letsencrypt/live/dev.gargantext.org/privkey.pem; # managed by Certbot
56
57 # Note: You should disable gzip for SSL traffic.
58 # See: https://bugs.debian.org/773332
59 #
60 # Read up on ssl_ciphers to ensure a secure configuration.
61 # See: https://bugs.debian.org/765782
62 #
63 # Self signed certs generated by the ssl-cert package
64 # Don't use them in a production server!
65 #
66 # include snippets/snakeoil.conf;
67
68 client_max_body_size 800M;
69 client_body_timeout 12;
70 client_header_timeout 12;
71 keepalive_timeout 15;
72 send_timeout 10;
73
74 root /var/www/html;
75 index index.html;
76
77 #add_header Access-Control-Allow-Origin $http_origin always;
78 # Add index.php to the list if you are using PHP
79 #index index.html index.htm index.nginx-debian.html;
80
81 # CORS config borrowed from: https://gist.github.com/pauloricardomg/7084524
82 # NP: not sure we need CORS yet
83 #
84 if ($http_origin ~* (^https?://(127.0.0.1|localhost|dev\.gargantext\.com))) {
85 set $cors "1";
86 }
87 #
88 # Cross-Origin Resource Sharing
89 if ($request_method = "OPTIONS") {
90 set $cors "${cors}o";
91 }
92
93
94 # SSL CERT renewal
95 location '/.well-known/acme-challenge' {
96 alias /var/www/gargantext/.well-known/acme-challenge ;
97 }
98
99
100 location /api {
101 # limit_except OPTIONS {
102 # auth_basic "Gargantext's Development Version";
103 # auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd;
104 # }
105
106 proxy_set_header X-Real-IP $remote_addr;
107 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
108 proxy_set_header X-Forwarded-Proto $scheme;
109 proxy_set_header Host $http_host;
110 proxy_redirect off;
111 proxy_pass http://127.0.0.1:8008;
112
113
114 }
115
116 location / {
117 # https://stackoverflow.com/a/48708812
118 limit_except OPTIONS {
119 auth_basic "Gargantext's Development Version";
120 auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd;
121 }
122
123 proxy_set_header X-Real-IP $remote_addr;
124 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
125 proxy_set_header X-Forwarded-Proto $scheme;
126 proxy_set_header Host $http_host;
127 proxy_redirect off;
128 proxy_pass http://127.0.0.1:8008;
129
130
131 }
132
133 #access_log off;
134 access_log /var/log/nginx/access.log;
135 error_log /var/log/nginx/error.log;
136
137 }
138