Compare commits

..

No commits in common. '4084e6601fd52cb16e660a3c6c3ebc8609dab90c' and '43a824dee275862d48415567cbad414d4d2b4ba0' have entirely different histories.

  1. 3
      nginx.yaml
  2. 96
      nginx/default.conf
  3. 90
      nginx/www.conf

@ -12,15 +12,12 @@ services:
- "80:80" - "80:80"
- "443:443" - "443:443"
- "8448:8448" - "8448:8448"
environment:
- MODULES=${MODULES}
env_file: env_file:
- ./env.production - ./env.production
volumes: volumes:
- ./nginx/etc/includes:/etc/nginx/includes:ro - ./nginx/etc/includes:/etc/nginx/includes:ro
- ./nginx/etc/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/etc/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/default.conf:/etc/nginx/templates/default.conf.template:ro - ./nginx/default.conf:/etc/nginx/templates/default.conf.template:ro
- ./nginx/www.conf:/etc/nginx/templates/www.conf.template:ro
- ./html:/var/www/html:ro - ./html:/var/www/html:ro
- ./data/nginx/certbot/www:/var/www/certbot:ro - ./data/nginx/certbot/www:/var/www/certbot:ro
- ./data/nginx/certbot/conf:/etc/letsencrypt:rw - ./data/nginx/certbot/conf:/etc/letsencrypt:rw

@ -38,24 +38,86 @@ server {
} }
server { server {
# should send them to the main page #server_name ${DOMAIN_NAME} default;
client_max_body_size 128m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
gzip on;
gzip_disable "msie6";
proxy_read_timeout 1800s;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
# delegated Matrix server
location /.well-known/matrix {
#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
location = /.well-known/host-meta {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
location = /.well-known/webfinger {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# OpenID services
location = /.well-known/openid-configuration {
return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# tilde club home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
# /html files are served from the static html site
location /html {
root /var/www;
autoindex off;
}
# default home page goes to hedgedoc document "Main_Page"; please add your own content!
location = / {
return 302 https://${DOMAIN_NAME}/Main_Page;
}
# rewrite /s/ links to the bare link
location ~ ^/s/(.*) {
return 302 https://${DOMAIN_NAME}/$1;
}
# normal pages go to hedgedoc static site (need to define ports in the env)
# need to rewrite the CSP so that it allows reframing from the main site
location / { location / {
default_type text/html; proxy_cache mycache;
return 404 '<html> add_header X-Cache-Status $upstream_cache_status;
<body> proxy_ignore_headers Cache-Control;
<h1>Unknown hostname "$host"</h1>
<p>Try <a href="https://${DOMAIN_NAME}/">${DOMAIN_NAME}</a> instead proxy_hide_header Content-Security-Policy;
<p>Sub-sites enabled: ${MODULES} add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}";
proxy_pass http://hedgedoc:3000/s$request_uri;
<pre style="white-space: pre-wrap"> proxy_cache_valid any 1m;
$request
Host: $host }
Referer: $http_referer # while javascript and config stuff goes to non-static hedgedoc site
User-Agent: $http_user_agent location ~ ^/(js|build|config$) {
Accept: $http_accept proxy_cache mycache;
</pre> add_header X-Cache-Status $upstream_cache_status;
</body></html> proxy_ignore_headers Cache-Control;
'; proxy_cache_valid any 1m;
proxy_pass http://hedgedoc:3000$request_uri;
} }
# this one can't include ssl.conf since it must be default server # this one can't include ssl.conf since it must be default server

@ -1,90 +0,0 @@
server {
server_name www www.${DOMAIN_NAME} ${DOMAIN_NAME};
client_max_body_size 128m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
gzip on;
gzip_disable "msie6";
proxy_read_timeout 1800s;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
# delegated Matrix server
location /.well-known/matrix {
#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
location = /.well-known/host-meta {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
location = /.well-known/webfinger {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# OpenID services
location = /.well-known/openid-configuration {
return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# redirect mastodon handles (which start with @) directly to mastodon site
location ~ ^/@ {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# tilde club home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
# /html files are served from the static html site
location /html {
root /var/www;
autoindex off;
}
# default home page goes to hedgedoc document "Main_Page"; please add your own content!
location = / {
return 302 https://${DOMAIN_NAME}/Main_Page;
}
# rewrite /s/ links to the bare link
location ~ ^/s/(.*) {
return 302 https://${DOMAIN_NAME}/$1;
}
# normal pages go to hedgedoc static site (need to define ports in the env)
# need to rewrite the CSP so that it allows reframing from the main site
location / {
proxy_cache mycache;
add_header X-Cache-Status $upstream_cache_status;
proxy_ignore_headers Cache-Control;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}";
proxy_pass http://hedgedoc:3000/s$request_uri;
proxy_cache_valid any 1m;
}
# while javascript and config stuff goes to non-static hedgedoc site
location ~ ^/(js|build|config$) {
proxy_cache mycache;
add_header X-Cache-Status $upstream_cache_status;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 1m;
proxy_pass http://hedgedoc:3000$request_uri;
}
include /etc/nginx/includes/ssl.conf;
}
Loading…
Cancel
Save