vst
/
env
2
1
Fork 0
Code Issues 19 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: vst:43a824dee275862d48415567cbad414d4d2b4ba0
Branches Tags
vst:single-dockerfile
..
compare: vst:4084e6601fd52cb16e660a3c6c3ebc8609dab90c
Branches Tags
vst:single-dockerfile

3 Commits
43a824dee2 ... 4084e6601f

Author SHA1 Message Date
Trammell Hudson 4084e6601f nginx: redirect mastoon handles
2 years ago
Trammell Hudson ffc1e86c86 nginx: list the available modules
2 years ago
Trammell Hudson 9cd24aca9b nginx: handle unknown hostname with some style
2 years ago
3 changed files with 110 additions and 79 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats
  1. 3
      nginx.yaml
  2. 96
      nginx/default.conf
  3. 90
      nginx/www.conf

3
nginx.yaml
Unescape View File

@ -12,12 +12,15 @@ services:
- "80:80" - "80:80"
- "443:443" - "443:443"
- "8448:8448" - "8448:8448"
environment:
- MODULES=${MODULES}
env_file: env_file:
- ./env.production - ./env.production
volumes: volumes:
- ./nginx/etc/includes:/etc/nginx/includes:ro - ./nginx/etc/includes:/etc/nginx/includes:ro
- ./nginx/etc/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/etc/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/default.conf:/etc/nginx/templates/default.conf.template:ro - ./nginx/default.conf:/etc/nginx/templates/default.conf.template:ro
- ./nginx/www.conf:/etc/nginx/templates/www.conf.template:ro
- ./html:/var/www/html:ro - ./html:/var/www/html:ro
- ./data/nginx/certbot/www:/var/www/certbot:ro - ./data/nginx/certbot/www:/var/www/certbot:ro
- ./data/nginx/certbot/conf:/etc/letsencrypt:rw - ./data/nginx/certbot/conf:/etc/letsencrypt:rw

96
nginx/default.conf
Unescape View File

@ -38,86 +38,24 @@ server {
} }
server { server {
#server_name ${DOMAIN_NAME} default; # should send them to the main page
client_max_body_size 128m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
gzip on;
gzip_disable "msie6";
proxy_read_timeout 1800s;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
# delegated Matrix server
location /.well-known/matrix {
#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
location = /.well-known/host-meta {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
location = /.well-known/webfinger {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# OpenID services
location = /.well-known/openid-configuration {
return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# tilde club home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
# /html files are served from the static html site
location /html {
root /var/www;
autoindex off;
}
# default home page goes to hedgedoc document "Main_Page"; please add your own content!
location = / {
return 302 https://${DOMAIN_NAME}/Main_Page;
}
# rewrite /s/ links to the bare link
location ~ ^/s/(.*) {
return 302 https://${DOMAIN_NAME}/$1;
}
# normal pages go to hedgedoc static site (need to define ports in the env)
# need to rewrite the CSP so that it allows reframing from the main site
location / { location / {
proxy_cache mycache; default_type text/html;
add_header X-Cache-Status $upstream_cache_status; return 404 '<html>
proxy_ignore_headers Cache-Control; <body>
<h1>Unknown hostname "$host"</h1>
proxy_hide_header Content-Security-Policy; <p>Try <a href="https://${DOMAIN_NAME}/">${DOMAIN_NAME}</a> instead
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}"; <p>Sub-sites enabled: ${MODULES}
proxy_pass http://hedgedoc:3000/s$request_uri;
proxy_cache_valid any 1m; <pre style="white-space: pre-wrap">
$request
} Host: $host
# while javascript and config stuff goes to non-static hedgedoc site Referer: $http_referer
location ~ ^/(js|build|config$) { User-Agent: $http_user_agent
proxy_cache mycache; Accept: $http_accept
add_header X-Cache-Status $upstream_cache_status; </pre>
proxy_ignore_headers Cache-Control; </body></html>
proxy_cache_valid any 1m; ';
proxy_pass http://hedgedoc:3000$request_uri;
} }
# this one can't include ssl.conf since it must be default server # this one can't include ssl.conf since it must be default server

90
nginx/www.conf
Unescape View File

@ -0,0 +1,90 @@
server {
server_name www www.${DOMAIN_NAME} ${DOMAIN_NAME};
client_max_body_size 128m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
gzip on;
gzip_disable "msie6";
proxy_read_timeout 1800s;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
chunked_transfer_encoding on;
# delegated Matrix server
location /.well-known/matrix {
#return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN
location = /.well-known/host-meta {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
location = /.well-known/webfinger {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# OpenID services
location = /.well-known/openid-configuration {
return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# redirect mastodon handles (which start with @) directly to mastodon site
location ~ ^/@ {
return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri;
}
# tilde club home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
# /html files are served from the static html site
location /html {
root /var/www;
autoindex off;
}
# default home page goes to hedgedoc document "Main_Page"; please add your own content!
location = / {
return 302 https://${DOMAIN_NAME}/Main_Page;
}
# rewrite /s/ links to the bare link
location ~ ^/s/(.*) {
return 302 https://${DOMAIN_NAME}/$1;
}
# normal pages go to hedgedoc static site (need to define ports in the env)
# need to rewrite the CSP so that it allows reframing from the main site
location / {
proxy_cache mycache;
add_header X-Cache-Status $upstream_cache_status;
proxy_ignore_headers Cache-Control;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}";
proxy_pass http://hedgedoc:3000/s$request_uri;
proxy_cache_valid any 1m;
}
# while javascript and config stuff goes to non-static hedgedoc site
location ~ ^/(js|build|config$) {
proxy_cache mycache;
add_header X-Cache-Status $upstream_cache_status;
proxy_ignore_headers Cache-Control;
proxy_cache_valid any 1m;
proxy_pass http://hedgedoc:3000$request_uri;
}
include /etc/nginx/includes/ssl.conf;
}
Write Preview
Loading…
Cancel
Save