-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathprod_nginx.conf
183 lines (149 loc) · 7.06 KB
/
prod_nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
events { worker_connections 1024; }
http {
include mime.types;
server {
access_log off; #disable logs
error_log syslog error;
server_name altzone.fi;
location / {
proxy_pass http://altzone_site:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /api/ {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' $http_origin;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
proxy_pass http://altzone_api:8080/;
}
gzip on;
gzip_comp_level 3;
gzip_types text/css text/javascript image/png image/webp image/x-jng image/gif image/jpeg;
location ^~ /api/public {
root /usr/local/nginx;
add_header Cache-Control 'public, max-age=2592000';
add_header Pragma public;
add_header Vary Accept-Encoding;
add_header 'Access-Control-Allow-Origin' $http_origin;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
add_header 'Access-Control-Allow-Credentials' 'true';
autoindex on;
autoindex_format json;
try_files $uri $uri/ =404;
}
location /game {
root /usr/local/nginx;
index index.html;
# Specify MIME types for Brotli compression
brotli on;
brotli_static on;
brotli_types text/plain text/css application/javascript application/json application/xml text/xml image/svg+xml;
# Handling various file types
include mime.types;
default_type application/octet-stream;
# Serve pre-compressed Brotli files with correct Content-Encoding header
location ~* \.br$ {
add_header Content-Encoding br;
gzip off;
brotli off; # Disable further on-the-fly Brotli compression
# On-disk Brotli-precompressed JavaScript code files:
location ~* \.js\.br$ {
default_type application/javascript;
}
# On-disk Brotli-precompressed WebAssembly files:
location ~ \.wasm\.br$ {
default_type application/wasm;
}
try_files $uri =404;
}
try_files $uri $uri/ =404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/altzone.fi/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/altzone.fi/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = altzone.fi) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name altzone.fi;
return 404; # managed by Certbot
}
server {
access_log off; #disable logs
error_log syslog error;
server_name dev.altzone.fi;
location / {
proxy_pass http://altzone_site_dev:3001/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/altzone.fi/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/altzone.fi/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Redirect HTTP to HTTPS for the subdomain
server {
if ($host = dev.altzone.fi) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name dev.altzone.fi;
return 404; # managed by Certbot
}
server {
access_log off; #disable logs
error_log syslog error;
server_name swagger.altzone.fi;
location / {
proxy_pass http://altzone_swagger:8081/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/altzone.fi/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/altzone.fi/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Redirect HTTP to HTTPS for the subdomain
server {
if ($host = swagger.altzone.fi) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name swagger.altzone.fi;
return 404; # managed by Certbot
}
}