parent
43a824dee2
commit
9cd24aca9b
@ -0,0 +1,85 @@ |
||||
server { |
||||
server_name www www.${DOMAIN_NAME} ${DOMAIN_NAME}; |
||||
client_max_body_size 128m; |
||||
|
||||
sendfile on; |
||||
tcp_nopush on; |
||||
tcp_nodelay on; |
||||
keepalive_timeout 65; |
||||
types_hash_max_size 2048; |
||||
#include /etc/nginx/mime.types; |
||||
#default_type application/octet-stream; |
||||
|
||||
gzip on; |
||||
gzip_disable "msie6"; |
||||
|
||||
proxy_read_timeout 1800s; |
||||
|
||||
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) |
||||
chunked_transfer_encoding on; |
||||
|
||||
# delegated Matrix server |
||||
location /.well-known/matrix { |
||||
#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri; |
||||
proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri; |
||||
} |
||||
|
||||
# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN |
||||
location = /.well-known/host-meta { |
||||
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri; |
||||
} |
||||
location = /.well-known/webfinger { |
||||
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri; |
||||
} |
||||
|
||||
# OpenID services |
||||
location = /.well-known/openid-configuration { |
||||
return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri; |
||||
} |
||||
|
||||
# tilde club home directories |
||||
location ~ ^/~(.+?)(/.*)?$ { |
||||
alias /home/$1/public_html$2; |
||||
index index.html index.htm; |
||||
autoindex on; |
||||
} |
||||
|
||||
# /html files are served from the static html site |
||||
location /html { |
||||
root /var/www; |
||||
autoindex off; |
||||
} |
||||
|
||||
# default home page goes to hedgedoc document "Main_Page"; please add your own content! |
||||
location = / { |
||||
return 302 https://${DOMAIN_NAME}/Main_Page; |
||||
} |
||||
# rewrite /s/ links to the bare link |
||||
location ~ ^/s/(.*) { |
||||
return 302 https://${DOMAIN_NAME}/$1; |
||||
} |
||||
# normal pages go to hedgedoc static site (need to define ports in the env) |
||||
# need to rewrite the CSP so that it allows reframing from the main site |
||||
location / { |
||||
proxy_cache mycache; |
||||
add_header X-Cache-Status $upstream_cache_status; |
||||
proxy_ignore_headers Cache-Control; |
||||
|
||||
proxy_hide_header Content-Security-Policy; |
||||
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}"; |
||||
proxy_pass http://hedgedoc:3000/s$request_uri; |
||||
proxy_cache_valid any 1m; |
||||
|
||||
} |
||||
# while javascript and config stuff goes to non-static hedgedoc site |
||||
location ~ ^/(js|build|config$) { |
||||
proxy_cache mycache; |
||||
add_header X-Cache-Status $upstream_cache_status; |
||||
proxy_ignore_headers Cache-Control; |
||||
proxy_cache_valid any 1m; |
||||
|
||||
proxy_pass http://hedgedoc:3000$request_uri; |
||||
} |
||||
|
||||
include /etc/nginx/includes/ssl.conf; |
||||
} |
Loading…
Reference in new issue