novicelab.io/nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
53a37dde34d5c9c8e49eb9be2fe6675e6446edf7
nginx/data/conf.d/plane.conf

182 lines
6.0 KiB
Plaintext
Raw Blame History

server {
if ($host = plane.novicelab.io) {
return 301 https://$host$request_uri;
}
# listen 80;
# server_name plane.novicelab.io;
# return 404;
}
server {
listen 443 ssl; #http2;
listen [::]:443 ssl; # http2;
server_name plane.novicelab.io;
# SSL Certificate paths
ssl_certificate /etc/letsencrypt/live/novicelab.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/novicelab.io/privkey.pem;
# SSL Protocol - TLS 1.2 and 1.3 only
ssl_protocols TLSv1.2 TLSv1.3;
# Cipher suites (prioritize TLS 1.3, secure TLS 1.2 fallback)
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
# SSL session configuration
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
resolver 127.0.0.11 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Security Headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
# Logging
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
# resolver 127.0.0.11 valid=30s;
# set $plane_backend 10.0.0.251:9020;
set $backend_web plane-web:3000;
set $backend_space plane-space:3000;
set $backend_admin plane-admin:3000;
set $backend_live plane-live:3000;
set $backend_api plane-api:8000;
set $backend_minio minio:9000;
client_max_body_size 0;
# Set the bucket name as a variable for the regex location
set $bucket_name "plane";
# if ($http_x_forwarded_proto != "https") {
# return 301 https://$host$request_uri;
# }
# --- Routes ---
# Spaces
location = /spaces {
return 301 /spaces/;
}
location /spaces/ {
proxy_pass http://$backend_space;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# God-Mode
location = /god-mode {
return 301 /god-mode/;
}
location /god-mode/ {
proxy_pass http://$backend_admin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Live
location /live/ {
proxy_pass http://$backend_live;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# API & Auth
location /api/ {
proxy_pass http://$backend_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /auth/ {
proxy_pass http://$backend_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Minio (Bucket)
# Handles both /bucket and /bucket/*
# location ~ ^/${BUCKET_NAME}(/.*)?$ {
location ~ ^/plane(/.*)?$ {
proxy_pass http://$backend_minio/plane;
# proxy_pass https://s3.novicelab.io/plane;
# location ~ ^/test(/.*)?$ {
# proxy_pass http://$backend_minio/test;
proxy_set_header Host $host;
# Standard proxy headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
if ($request_method = 'OPTIONS') {
return 204;
}
client_max_body_size 0;
# proxy_pass https://s3.novicelab.io/plane;
}
# location ~* ^/(?<bucket>.+)(?<path>/.*)?$ {
# # Check if the first part of the URI matches our bucket variable
# if ($bucket = $bucket_name) {
# proxy_pass http://$backend_minio;
# break;
# }
# # Fallback to the main web app if the path isn't the bucket
# set $upstream_web "web:3000";
# proxy_pass http://$upstream_web;
# }
# Web (Default catch-all)
location / {
proxy_pass http://$backend_web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# location / {
# # proxy_pass http://10.0.0.251:9020;
# proxy_pass http://$plane_backend;
# # Set headers for proxied request
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $http_host;
# proxy_http_version 1.1;
# }
}
Reference in New Issue View Git Blame Copy Permalink