gradido/deployment/bare_metal/nginx/sites-available/gradido.conf.template

include /etc/nginx/common/limit_requests.conf;

server {
    server_name $COMMUNITY_HOST;

    listen 80;
    listen [::]:80;

    include /etc/nginx/common/protect.conf;
    include /etc/nginx/common/protect_add_header.conf;

    # protect from slow loris
    #client_body_timeout 10s;
    #client_header_timeout 10s;
    
    # protect from range attack (in http header)
    if ($http_range ~ "d{9,}") {
        return 444;
    }

    gzip_static  on;
    gzip on;
    gzip_proxied any;
    gzip_types
        text/css
        text/javascript
        text/xml
        text/plain
        application/javascript
        application/x-javascript
        application/json;

    # Legacy URLS
    set $REWRITE_LEGACY_URLS "$NGINX_REWRITE_LEGACY_URLS";
    if ($REWRITE_LEGACY_URLS = 'true') {
        rewrite ^/vue/?(.*)$ /$1 permanent;
    }

    # Frontend (default)
    location / {
        #limit_req zone=frontend burst=40 nodelay;
        #limit_conn addr 40;
        root $PROJECT_ROOT/frontend/build/;
        index index.html;
        try_files $uri $uri/ /index.html = 404;

        access_log $GRADIDO_LOG_PATH/nginx-access.frontend.log gradido_log;
        error_log $GRADIDO_LOG_PATH/nginx-error.frontend.log warn;
  }

    # Backend
    location /graphql {
        #limit_req zone=backend burst=10 nodelay;
        #limit_conn addr 10;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection 'upgrade';
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   X-Real-IP  $remote_addr;
        proxy_set_header   Host $host;
        
        proxy_pass         http://127.0.0.1:4000;
        proxy_redirect     off;

        access_log $GRADIDO_LOG_PATH/nginx-access.backend.log gradido_log;
        error_log $GRADIDO_LOG_PATH/nginx-error.backend.log warn;
    }

    # Backend webhooks
    location /hook {
        #limit_req zone=backend burst=10;
        #limit_conn addr 10;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection 'upgrade';
        proxy_set_header   X-Forwarded-For $remote_addr;
        proxy_set_header   X-Real-IP  $remote_addr;
        proxy_set_header   Host $host;
        
        proxy_pass         http://127.0.0.1:4000/hook;
        proxy_redirect     off;

        access_log $GRADIDO_LOG_PATH/nginx-access.backend.hook.log gradido_log;
        error_log $GRADIDO_LOG_PATH/nginx-error.backend.hook.log warn;
    }

    # Webhook reverse proxy
    location /hooks/ {
        #limit_req zone=backend burst=10;
        #limit_conn addr 10;
        proxy_pass http://127.0.0.1:9000/hooks/;

        access_log $GRADIDO_LOG_PATH/nginx-access.hooks.log gradido_log;
        error_log $GRADIDO_LOG_PATH/nginx-error.hooks.log warn;
    }

    # Admin Frontend
    location /admin {
        #limit_req zone=frontend burst=30 nodelay;
        #limit_conn addr 40;
        rewrite ^/admin/(.*)$ /$1 break;
        root $PROJECT_ROOT/admin/build/;
        index index.html;
        try_files $uri $uri/ /index.html = 404;

        access_log $GRADIDO_LOG_PATH/nginx-access.admin.log gradido_log;
        error_log $GRADIDO_LOG_PATH/nginx-error.admin.log warn;
    }
    
    # Federation
    $FEDERATION_NGINX_CONF

    # TODO this could be a performance optimization
    #location /vue {
    #    alias /var/www/html/gradido/frontend/build;
    #    index index.html;
    #
    #    location ~* \.(png)$ {
    #        expires 39d;
    #    }
    #    try_files $uri $uri/ /index.html = 404;
    #}
}