From a55823a6653fe28ac6d8aae14a88e9cc1f2a2f58 Mon Sep 17 00:00:00 2001 From: nemunaire Date: Sat, 20 Jan 2018 16:43:04 +0100 Subject: [PATCH] Add nginx config --- frontend/nginx-prod.conf | 169 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 169 insertions(+) create mode 100644 frontend/nginx-prod.conf diff --git a/frontend/nginx-prod.conf b/frontend/nginx-prod.conf new file mode 100644 index 00000000..b3868c24 --- /dev/null +++ b/frontend/nginx-prod.conf @@ -0,0 +1,169 @@ +server { + listen 80 default; + listen [::]:80 default; + + rewrite ^ https://$server_name$request_uri permanent; +} + +server { + listen 443 default ssl http2; + listen [::]:443 default ssl http2; + + ssl_protocols TLSv1.2 TLSv1.3; + #ssl_dhparam ; + ssl_prefer_server_ciphers on; + + ssl_certificate /etc/nginx/ssl/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/privkey.pem; + + ssl_trusted_certificate /srv/PKI/cacert.pem; + ssl_verify_client optional; + ssl_crl /srv/PKI/crl.pem; + + root /srv/htdocs-frontend/; + + error_page 401 /welcome.html; + error_page 403 404 /e404.html; + error_page 413 /e413.html; + error_page 500 502 504 /e500.html; + + add_header Strict-Transport-Security max-age=31536000; + + location = / { + include fic-auth.conf; + } + location = /index.html { + include fic-auth.conf; + } + location ~ ^/public[0-9].html { + rewrite ^ /public.html; + } + location = /welcome.html { + internal; + } + location = /e404.html { + internal; + } + location = /e413.html { + internal; + } + location = /e500.html { + internal; + } + + location ~ ^/[0-9] { + include fic-auth.conf; + + rewrite ^/.*$ /index.html; + } + + location /edit { + include fic-auth.conf; + + rewrite ^/.*$ /index.html; + } + location /rank { + include fic-auth.conf; + + rewrite ^/.*$ /index.html; + } + location /register { + include fic-auth.conf; + + rewrite ^/.*$ /index.html; + } + location /rules { + include fic-auth.conf; + + rewrite ^/.*$ /index.html; + } + + location /files/ { + alias /srv/FILES/; + sendfile on; + tcp_nodelay on; + } + + location /wait.json { + include fic-auth.conf; + + root /srv/TEAMS/$team/; + expires epoch; + add_header Cache-Control no-cache; + } + location /public.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + location /stats.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + location /my.json { + include fic-auth.conf; + + root /srv/TEAMS/$team/; + expires epoch; + add_header Cache-Control no-cache; + + if (!-f $document_root/../SETTINGS/started) { + rewrite ^/.* /wait.json; + } + } + location = /events.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + location = /teams.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + location = /themes.json { + root /srv/TEAMS/; + expires epoch; + add_header Cache-Control no-cache; + } + + location /submit/ { + include fic-auth.conf; + + rewrite ^/submit/(.*)$ /submission/$team/$1 break; + + proxy_pass http://frontend:8080/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_redirect off; + } + location /submit/name { + include fic-auth.conf; + + rewrite ^/submit/.*$ /chname/$team break; + + proxy_pass http://frontend:8080/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_redirect off; + } + location /openhint/ { + include fic-auth.conf; + + rewrite ^/openhint/(.*)$ /openhint/$team/$1 break; + + proxy_pass http://frontend:8080/; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_redirect off; + } + + location = /time.json { + proxy_pass http://frontend:8080/time.json; + proxy_method GET; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_redirect off; + proxy_cache STATIC; + proxy_cache_valid 1s; + } +}