3 changed files with 79 additions and 110 deletions
--- a/nginx.yaml
+++ b/nginx.yaml
@ -12,15 +12,12 @@ services:
      - "80:80"
      - "443:443"
      - "8448:8448"
-    environment:
-      - MODULES=${MODULES}
    env_file:
      - ./env.production
    volumes:
      - ./nginx/etc/includes:/etc/nginx/includes:ro
      - ./nginx/etc/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/default.conf:/etc/nginx/templates/default.conf.template:ro
-      - ./nginx/www.conf:/etc/nginx/templates/www.conf.template:ro
      - ./html:/var/www/html:ro
      - ./data/nginx/certbot/www:/var/www/certbot:ro
      - ./data/nginx/certbot/conf:/etc/letsencrypt:rw
--- a/nginx/default.conf
+++ b/nginx/default.conf
@ -38,24 +38,86 @@ server {
 }

 server {
-	# should send them to the main page
+	#server_name ${DOMAIN_NAME} default;
+	client_max_body_size 128m;
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	#include /etc/nginx/mime.types;
+	#default_type application/octet-stream;
+
+	gzip on;
+	gzip_disable "msie6";
+
+	proxy_read_timeout 1800s;
+
+	# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
+	chunked_transfer_encoding on;
+
+	# delegated Matrix server
+	location /.well-known/matrix {
+		#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
+		proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
+	}
+
+	# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
+	location = /.well-known/host-meta {
+		return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
+	}
+	location = /.well-known/webfinger {
+		return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
+	}
+
+	# OpenID services
+	location = /.well-known/openid-configuration {
+		return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri;
+	}
+
+	# tilde club home directories
+	location ~ ^/~(.+?)(/.*)?$ {
+		alias /home/$1/public_html$2;
+		index index.html index.htm;
+		autoindex on;
+	}
+
+	# /html files are served from the static html site
+	location /html {
+		root /var/www;
+		autoindex off;
+	}
+
+	# default home page goes to hedgedoc document "Main_Page"; please add your own content!
+	location = / {
+		return 302 https://${DOMAIN_NAME}/Main_Page;
+	}
+	# rewrite /s/ links to the bare link
+	location ~ ^/s/(.*) {
+		return 302 https://${DOMAIN_NAME}/$1;
+	}
+	# normal pages go to hedgedoc static site (need to define ports in the env)
+	# need to rewrite the CSP so that it allows reframing from the main site
 	location / {
-		default_type text/html;
-		return 404 '<html>
-<body>
-<h1>Unknown hostname "$host"</h1>
-<p>Try <a href="https://${DOMAIN_NAME}/">${DOMAIN_NAME}</a> instead
-<p>Sub-sites enabled: ${MODULES}
-
-<pre style="white-space: pre-wrap">
-$request
-Host: $host
-Referer: $http_referer
-User-Agent: $http_user_agent
-Accept: $http_accept
-</pre>
-</body></html>
-';
+		proxy_cache mycache;
+		add_header X-Cache-Status $upstream_cache_status;
+		proxy_ignore_headers Cache-Control;
+
+		proxy_hide_header Content-Security-Policy;
+		add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}";
+		proxy_pass http://hedgedoc:3000/s$request_uri;
+		proxy_cache_valid any 1m;
+
+	}
+	# while javascript and config stuff goes to non-static hedgedoc site
+	location ~ ^/(js|build|config$) {
+		proxy_cache mycache;
+		add_header X-Cache-Status $upstream_cache_status;
+		proxy_ignore_headers Cache-Control;
+		proxy_cache_valid any 1m;
+
+		proxy_pass http://hedgedoc:3000$request_uri;
 	}

 	# this one can't include ssl.conf since it must be default server
--- a/nginx/www.conf
+++ b/nginx/www.conf
@ -1,90 +0,0 @@
-server {
-	server_name www www.${DOMAIN_NAME} ${DOMAIN_NAME};
-	client_max_body_size 128m;
-
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	keepalive_timeout 65;
-	types_hash_max_size 2048;
-	#include /etc/nginx/mime.types;
-	#default_type application/octet-stream;
-
-	gzip on;
-	gzip_disable "msie6";
-
-	proxy_read_timeout 1800s;
-
-	# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
-	chunked_transfer_encoding on;
-
-	# delegated Matrix server
-	location /.well-known/matrix {
-		#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
-		proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
-	}
-
-	# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
-	location = /.well-known/host-meta {
-		return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
-	}
-	location = /.well-known/webfinger {
-		return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
-	}
-
-	# OpenID services
-	location = /.well-known/openid-configuration {
-		return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri;
-	}
-
-	# redirect mastodon handles (which start with @) directly to mastodon site
-	location ~ ^/@ {
-		return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
-	}
-
-	# tilde club home directories
-	location ~ ^/~(.+?)(/.*)?$ {
-		alias /home/$1/public_html$2;
-		index index.html index.htm;
-		autoindex on;
-	}
-
-	# /html files are served from the static html site
-	location /html {
-		root /var/www;
-		autoindex off;
-	}
-
-	# default home page goes to hedgedoc document "Main_Page"; please add your own content!
-	location = / {
-		return 302 https://${DOMAIN_NAME}/Main_Page;
-	}
-	# rewrite /s/ links to the bare link
-	location ~ ^/s/(.*) {
-		return 302 https://${DOMAIN_NAME}/$1;
-	}
-	# normal pages go to hedgedoc static site (need to define ports in the env)
-	# need to rewrite the CSP so that it allows reframing from the main site
-	location / {
-		proxy_cache mycache;
-		add_header X-Cache-Status $upstream_cache_status;
-		proxy_ignore_headers Cache-Control;
-
-		proxy_hide_header Content-Security-Policy;
-		add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}";
-		proxy_pass http://hedgedoc:3000/s$request_uri;
-		proxy_cache_valid any 1m;
-
-	}
-	# while javascript and config stuff goes to non-static hedgedoc site
-	location ~ ^/(js|build|config$) {
-		proxy_cache mycache;
-		add_header X-Cache-Status $upstream_cache_status;
-		proxy_ignore_headers Cache-Control;
-		proxy_cache_valid any 1m;
-
-		proxy_pass http://hedgedoc:3000$request_uri;
-	}
-
-	include /etc/nginx/includes/ssl.conf;
-}