vst
/
env
2
1
Fork 0
Code Issues 19 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: vst:4084e6601fd52cb16e660a3c6c3ebc8609dab90c
Branches Tags
vst:single-dockerfile
..
compare: vst:43a824dee275862d48415567cbad414d4d2b4ba0
Branches Tags
vst:single-dockerfile

No commits in common. '4084e6601fd52cb16e660a3c6c3ebc8609dab90c' and '43a824dee275862d48415567cbad414d4d2b4ba0' have entirely different histories.
4084e6601f ... 43a824dee2

3 changed files with 79 additions and 110 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats
  1. 3
      nginx.yaml
  2. 96
      nginx/default.conf
  3. 90
      nginx/www.conf

3
nginx.yaml
Unescape View File

@ -12,15 +12,12 @@ services:
- "80:80" - "80:80"
- "443:443" - "443:443"
- "8448:8448" - "8448:8448"
environment:
- MODULES=${MODULES}
env_file: env_file:
- ./env.production - ./env.production
volumes: volumes:
- ./nginx/etc/includes:/etc/nginx/includes:ro - ./nginx/etc/includes:/etc/nginx/includes:ro
- ./nginx/etc/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/etc/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/default.conf:/etc/nginx/templates/default.conf.template:ro - ./nginx/default.conf:/etc/nginx/templates/default.conf.template:ro
- ./nginx/www.conf:/etc/nginx/templates/www.conf.template:ro
- ./html:/var/www/html:ro - ./html:/var/www/html:ro
- ./data/nginx/certbot/www:/var/www/certbot:ro - ./data/nginx/certbot/www:/var/www/certbot:ro
- ./data/nginx/certbot/conf:/etc/letsencrypt:rw - ./data/nginx/certbot/conf:/etc/letsencrypt:rw

96
nginx/default.conf
Unescape View File

@ -38,24 +38,86 @@ server {
} }
server { server {
# should send them to the main page #server_name ${DOMAIN_NAME} default;
client_max_body_size 128m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
gzip on;
gzip_disable "msie6";
proxy_read_timeout 1800s;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
# delegated Matrix server
location /.well-known/matrix {
#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
location = /.well-known/host-meta {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
location = /.well-known/webfinger {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# OpenID services
location = /.well-known/openid-configuration {
return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# tilde club home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
# /html files are served from the static html site
location /html {
root /var/www;
autoindex off;
}
# default home page goes to hedgedoc document "Main_Page"; please add your own content!
location = / {
return 302 https://${DOMAIN_NAME}/Main_Page;
}
# rewrite /s/ links to the bare link
location ~ ^/s/(.*) {
return 302 https://${DOMAIN_NAME}/$1;
}
# normal pages go to hedgedoc static site (need to define ports in the env)
# need to rewrite the CSP so that it allows reframing from the main site
location / { location / {
default_type text/html; proxy_cache mycache;
return 404 '<html> add_header X-Cache-Status $upstream_cache_status;
<body> proxy_ignore_headers Cache-Control;
<h1>Unknown hostname "$host"</h1>
<p>Try <a href="https://${DOMAIN_NAME}/">${DOMAIN_NAME}</a> instead proxy_hide_header Content-Security-Policy;
<p>Sub-sites enabled: ${MODULES} add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}";
proxy_pass http://hedgedoc:3000/s$request_uri;
<pre style="white-space: pre-wrap"> proxy_cache_valid any 1m;
$request
Host: $host }
Referer: $http_referer # while javascript and config stuff goes to non-static hedgedoc site
User-Agent: $http_user_agent location ~ ^/(js|build|config$) {
Accept: $http_accept proxy_cache mycache;
</pre> add_header X-Cache-Status $upstream_cache_status;
</body></html> proxy_ignore_headers Cache-Control;
'; proxy_cache_valid any 1m;
proxy_pass http://hedgedoc:3000$request_uri;
} }
# this one can't include ssl.conf since it must be default server # this one can't include ssl.conf since it must be default server

90
nginx/www.conf
Unescape View File

@ -1,90 +0,0 @@
server {
server_name www www.${DOMAIN_NAME} ${DOMAIN_NAME};
client_max_body_size 128m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
gzip on;
gzip_disable "msie6";
proxy_read_timeout 1800s;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
# delegated Matrix server
location /.well-known/matrix {
#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
location = /.well-known/host-meta {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
location = /.well-known/webfinger {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# OpenID services
location = /.well-known/openid-configuration {
return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# redirect mastodon handles (which start with @) directly to mastodon site
location ~ ^/@ {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# tilde club home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
# /html files are served from the static html site
location /html {
root /var/www;
autoindex off;
}
# default home page goes to hedgedoc document "Main_Page"; please add your own content!
location = / {
return 302 https://${DOMAIN_NAME}/Main_Page;
}
# rewrite /s/ links to the bare link
location ~ ^/s/(.*) {
return 302 https://${DOMAIN_NAME}/$1;
}
# normal pages go to hedgedoc static site (need to define ports in the env)
# need to rewrite the CSP so that it allows reframing from the main site
location / {
proxy_cache mycache;
add_header X-Cache-Status $upstream_cache_status;
proxy_ignore_headers Cache-Control;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}";
proxy_pass http://hedgedoc:3000/s$request_uri;
proxy_cache_valid any 1m;
}
# while javascript and config stuff goes to non-static hedgedoc site
location ~ ^/(js|build|config$) {
proxy_cache mycache;
add_header X-Cache-Status $upstream_cache_status;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 1m;
proxy_pass http://hedgedoc:3000$request_uri;
}
include /etc/nginx/includes/ssl.conf;
}
Write Preview
Loading…
Cancel
Save