vhost_traffic_status_zone; server { listen 80 default_server; # this works on the docker container with http_stub built in # only allow from localhost location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } # this works with the vts module location /status { vhost_traffic_status_display; vhost_traffic_status_display_format html; access_log off; #allow 127.0.0.1; #deny all; } # forward certbot challenges to the certbot directory include /etc/nginx/includes/challenge.conf; # Redirect *all other* port 80 traffic to the same thing on port 443 location / { return 301 https://$host$request_uri; } } server { #server_name ${DOMAIN_NAME} default; client_max_body_size 128m; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; #include /etc/nginx/mime.types; #default_type application/octet-stream; gzip on; gzip_disable "msie6"; proxy_read_timeout 1800s; # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) chunked_transfer_encoding on; # delegated Matrix server # location /.well-known/matrix { # proxy_pass https://${MATRIX_HOSTNAME}.${DOMAIN_NAME}; # } # separate Mastodon WEB_DOMAIN and LOCAL_DOMAIN location = /.well-known/host-meta { return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri; } location = /.well-known/webfinger { return 302 https://${MASTODON_HOSTNAME}.${DOMAIN_NAME}$request_uri; } # tilde club home directories location ~ ^/~(.+?)(/.*)?$ { alias /home/$1/public_html$2; index index.html index.htm; autoindex on; } # /html files are served from the static html site location /html { root /var/www; autoindex off; } # default home page goes to hedgedoc document "Main_Page"; please add your own content! location = / { return 302 https://${DOMAIN_NAME}/Main_Page; } # rewrite /s/ links to the bare link location ~ ^/s/(.*) { return 302 https://${DOMAIN_NAME}/$1; } # normal pages go to hedgedoc static site (need to define ports in the env) # need to rewrite the CSP so that it allows reframing from the main site location / { proxy_cache mycache; add_header X-Cache-Status $upstream_cache_status; proxy_ignore_headers Cache-Control; proxy_hide_header Content-Security-Policy; add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.${DOMAIN_NAME}; frame-src 'self' *.${DOMAIN_NAME}; object-src 'self'; base-uri 'self' *.${DOMAIN_NAME}"; proxy_pass http://hedgedoc:3000/s$request_uri; proxy_cache_valid any 1m; } # while javascript and config stuff goes to non-static hedgedoc site location ~ ^/(js|build|config$) { proxy_cache mycache; add_header X-Cache-Status $upstream_cache_status; proxy_ignore_headers Cache-Control; proxy_cache_valid any 1m; proxy_pass http://hedgedoc:3000$request_uri; } listen 443 ssl default_server; ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; include /etc/nginx/includes/options-ssl-nginx.conf; include /etc/nginx/includes/challenge.conf; ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem; }