server { server_name www www.${DOMAIN_NAME} ${DOMAIN_NAME}; client_max_body_size 128m; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; #include /etc/nginx/mime.types; #default_type application/octet-stream; gzip on; gzip_disable "msie6"; proxy_read_timeout 1800s; # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) chunked_transfer_encoding on; # delegated Matrix server location /.well-known/matrix { #return 302 https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri; proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}$request_uri; } # separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN location = /.well-known/host-meta { return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri; } location = /.well-known/webfinger { return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri; } # OpenID services location = /.well-known/openid-configuration { return 302 https://${KEYCLOAK_HOSTNAME}.${DOMAIN_NAME}$request_uri; } # redirect mastodon handles (which start with @) directly to mastodon site location ~ ^/@ { return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri; } # tilde club home directories location ~ ^/~(.+?)(/.*)?$ { alias /home/$1/public_html$2; index index.html index.htm; autoindex on; } # /html files are served from the static html site location /html { root /var/www; autoindex off; } # default home page goes to hedgedoc document "Main_Page"; please add your own content! location = / { return 302 https://${DOMAIN_NAME}/Main_Page; } # rewrite /s/ links to the bare link location ~ ^/s/(.*) { return 302 https://${DOMAIN_NAME}/$1; } # normal pages go to hedgedoc static site (need to define ports in the env) # need to rewrite the CSP so that it allows reframing from the main site location / { proxy_cache mycache; add_header X-Cache-Status $upstream_cache_status; proxy_ignore_headers Cache-Control; proxy_hide_header Content-Security-Policy; add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}"; proxy_pass http://hedgedoc:3000/s$request_uri; proxy_cache_valid any 1m; } # while javascript and config stuff goes to non-static hedgedoc site location ~ ^/(js|build|config$) { proxy_cache mycache; add_header X-Cache-Status $upstream_cache_status; proxy_ignore_headers Cache-Control; proxy_cache_valid any 1m; proxy_pass http://hedgedoc:3000$request_uri; } include /etc/nginx/includes/ssl.conf; }