30dc60670f
Move container things to Docker subdir as it doesn't need to litter the root of the repo up.
117 lines
2.9 KiB
Nginx Configuration File
117 lines
2.9 KiB
Nginx Configuration File
# Basic configuration
|
|
user nginx;
|
|
worker_processes 1;
|
|
error_log /dev/stderr info;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
# Standard HTTP configuration with slight hardening
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
access_log /dev/stdout;
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
server_tokens off;
|
|
|
|
#Websockets Server
|
|
server {
|
|
|
|
{% if NODE_ENV == "development" %}
|
|
listen {{SOCKET_PORT}};
|
|
{% else %}
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name {{ SOCKETS_URL }};
|
|
|
|
# Only enable HTTPS if TLS is enabled with no error
|
|
{% if TLS and not TLS_ERROR %}
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
include /etc/nginx/tls.conf;
|
|
add_header Strict-Transport-Security max-age=15768000;
|
|
|
|
if ($scheme = http) {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
location / {
|
|
proxy_pass http://tellform:20523;
|
|
proxy_read_timeout 90;
|
|
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# WebSocket support
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
{% if TLS and not TLS_ERROR %}
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
{% endif %}
|
|
}
|
|
|
|
{% if TLS_FLAVOR == 'letsencrypt' %}
|
|
location ^~ /.well-known/acme-challenge/ {
|
|
proxy_pass http://127.0.0.1:8008;
|
|
}
|
|
{% endif %}
|
|
}
|
|
|
|
server {
|
|
#Add server_name for per-user subdomains
|
|
{% if SUBDOMAINS_DISABLED == "FALSE" %}
|
|
server_name {{BASE_URL}} {{SUBDOMAIN_URL}};
|
|
{% else %}
|
|
server_name {{BASE_URL}};
|
|
{% endif %}
|
|
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
# Only enable HTTPS if TLS is enabled with no error
|
|
{% if TLS and not TLS_ERROR %}
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
include /etc/nginx/tls.conf;
|
|
add_header Strict-Transport-Security max-age=15768000;
|
|
|
|
if ($scheme = http) {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
{% endif %}
|
|
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
|
|
location / {
|
|
proxy_pass http://tellform:5000;
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
|
|
|
|
{% if TLS and not TLS_ERROR %}
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
{% endif %}
|
|
}
|
|
|
|
{% if TLS_FLAVOR == 'letsencrypt' %}
|
|
location ^~ /.well-known/acme-challenge/ {
|
|
proxy_pass http://127.0.0.1:8008;
|
|
}
|
|
{% endif %}
|
|
}
|
|
}
|