]> Git — Sourcephile - gargantext.git/blob - devops/nginx/default
Merge branch 'dev' into 97-dev-istex-search
[gargantext.git] / devops / nginx / default
1
2 ##
3 # You should look at the following URL's in order to grasp a solid understanding
4 # of Nginx configuration files in order to fully unleash the power of Nginx.
5 # http://wiki.nginx.org/Pitfalls
6 # http://wiki.nginx.org/QuickStart
7 # http://wiki.nginx.org/Configuration
8 #
9 # Generally, you will want to move this file somewhere, and start with a clean
10 # file but keep this around for reference. Or just disable in sites-enabled.
11 #
12 # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
13 ##
14
15 server {
16
17 server_name doc.gargantext.org;
18
19 add_header Cache-Control "no-cache";
20
21 root /var/www/html/;
22 index index.html;
23
24
25 listen 443 ssl; # managed by Certbot
26 ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
27 ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
28 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
29 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
30
31 }
32
33 # Comment this for maintenance only
34 server {
35
36 server_name v4.gargantext.org;
37 #server_name maintenanceOnly.gargantext.org;
38
39 add_header Cache-Control "no-cache";
40
41 root /var/www/maintenance/;
42 index index.html;
43
44
45 listen 443 ssl; # managed by Certbot
46 ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
47 ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
48 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
49 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
50
51 }
52
53
54
55
56 server {
57 if ($host = v4.gargantext.org) {
58 return 301 https://$host$request_uri;
59 } # managed by Certbot
60
61
62 listen 80;
63
64 server_name v4.gargantext.org;
65
66 add_header Cache-Control "no-cache";
67
68 location '/.well-known/acme-challenge' {
69 root /var/www/gargantext;
70 }
71
72 # Always redirect to https
73 return 301 https://v4.gargantext.org$request_uri;
74
75
76 }
77
78 server {
79 listen 443;
80 listen [::]:443 ssl;
81
82 server_name v4.gargantext.org;
83
84 # Some options configurations:
85 # https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/location/expires.conf
86 add_header Cache-Control "no-cache";
87
88 # SSL configuration
89 #
90 # listen 443 ssl default_server;
91 # listen [::]:443 ssl default_server;
92
93 ssl on;
94 ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
95 ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
96
97 # Note: You should disable gzip for SSL traffic.
98 # See: https://bugs.debian.org/773332
99 #
100 # Read up on ssl_ciphers to ensure a secure configuration.
101 # See: https://bugs.debian.org/765782
102 #
103 # Self signed certs generated by the ssl-cert package
104 # Don't use them in a production server!
105 #
106 # include snippets/snakeoil.conf;
107
108 client_max_body_size 800M;
109 client_body_timeout 12;
110 client_header_timeout 12;
111 keepalive_timeout 15;
112 send_timeout 10;
113
114 root /var/www/html;
115 index index.html;
116
117 #add_header Access-Control-Allow-Origin $http_origin always;
118 # Add index.php to the list if you are using PHP
119 #index index.html index.htm index.nginx-debian.html;
120
121 # CORS config borrowed from: https://gist.github.com/pauloricardomg/7084524
122 # NP: not sure we need CORS yet
123 #
124 if ($http_origin ~* (^https?://(127.0.0.1|localhost|v4\.gargantext\.com))) {
125 set $cors "1";
126 }
127 #
128 # Cross-Origin Resource Sharing
129 if ($request_method = "OPTIONS") {
130 set $cors "${cors}o";
131 }
132
133
134 # SSL CERT renewal
135 location '/.well-known/acme-challenge' {
136 alias /var/www/gargantext/.well-known/acme-challenge ;
137 }
138
139
140 location /api {
141 # limit_except OPTIONS {
142 # auth_basic "Gargantext's Development Version";
143 # auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd;
144 # }
145
146 proxy_set_header X-Real-IP $remote_addr;
147 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
148 proxy_set_header X-Forwarded-Proto $scheme;
149 proxy_set_header Host $http_host;
150 proxy_redirect off;
151 proxy_pass http://127.0.0.1:8008;
152
153
154 }
155
156 location / {
157 # https://stackoverflow.com/a/48708812
158 # limit_except OPTIONS {
159 # auth_basic "Gargantext's Development Version";
160 # auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd;
161 # }
162
163 proxy_set_header X-Real-IP $remote_addr;
164 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
165 proxy_set_header X-Forwarded-Proto $scheme;
166 proxy_set_header Host $http_host;
167 proxy_redirect off;
168 proxy_pass http://127.0.0.1:8008;
169
170
171 }
172
173 #access_log off;
174 access_log /var/log/nginx/access.log;
175 error_log /var/log/nginx/error.log;
176
177
178 }
179
180
181
182
183 server {
184 if ($host = doc.gargantext.org) {
185 return 301 https://$host$request_uri;
186 } # managed by Certbot
187
188 listen 80;
189
190 server_name doc.gargantext.org;
191 return 404; # managed by Certbot
192
193 }