fic/server
1
0
Fork 0
Code Issues Pull Requests 8 Releases Wiki Activity

Add nginx config

Browse Source
This commit is contained in:
nemunaire 2018-01-20 16:43:04 +01:00
parent a5111aa2fb
commit eeaff28b31
1 changed files with 169 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
frontend/nginx-prod.conf Normal file
View File

@ -0,0 +1,169 @@
server {
listen 80 default;
listen [::]:80 default;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 default ssl http2;
listen [::]:443 default ssl http2;
ssl_protocols TLSv1.2 TLSv1.3;
#ssl_dhparam ;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
ssl_trusted_certificate /srv/PKI/cacert.pem;
ssl_verify_client optional;
ssl_crl /srv/PKI/crl.pem;
root /srv/htdocs-frontend/;
error_page 401 /welcome.html;
error_page 403 404 /e404.html;
error_page 413 /e413.html;
error_page 500 502 504 /e500.html;
add_header Strict-Transport-Security max-age=31536000;
location = / {
include fic-auth.conf;
}
location = /index.html {
include fic-auth.conf;
}
location ~ ^/public[0-9].html {
rewrite ^ /public.html;
}
location = /welcome.html {
internal;
}
location = /e404.html {
internal;
}
location = /e413.html {
internal;
}
location = /e500.html {
internal;
}
location ~ ^/[0-9] {
include fic-auth.conf;
rewrite ^/.*$ /index.html;
}
location /edit {
include fic-auth.conf;
rewrite ^/.*$ /index.html;
}
location /rank {
include fic-auth.conf;
rewrite ^/.*$ /index.html;
}
location /register {
include fic-auth.conf;
rewrite ^/.*$ /index.html;
}
location /rules {
include fic-auth.conf;
rewrite ^/.*$ /index.html;
}
location /files/ {
alias /srv/FILES/;
sendfile on;
tcp_nodelay on;
}
location /wait.json {
include fic-auth.conf;
root /srv/TEAMS/$team/;
expires epoch;
add_header Cache-Control no-cache;
}
location /public.json {
root /srv/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /stats.json {
root /srv/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /my.json {
include fic-auth.conf;
root /srv/TEAMS/$team/;
expires epoch;
add_header Cache-Control no-cache;
if (!-f $document_root/../SETTINGS/started) {
rewrite ^/.* /wait.json;
}
}
location = /events.json {
root /srv/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location = /teams.json {
root /srv/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location = /themes.json {
root /srv/TEAMS/;
expires epoch;
add_header Cache-Control no-cache;
}
location /submit/ {
include fic-auth.conf;
rewrite ^/submit/(.*)$ /submission/$team/$1 break;
proxy_pass http://frontend:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
}
location /submit/name {
include fic-auth.conf;
rewrite ^/submit/.*$ /chname/$team break;
proxy_pass http://frontend:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
}
location /openhint/ {
include fic-auth.conf;
rewrite ^/openhint/(.*)$ /openhint/$team/$1 break;
proxy_pass http://frontend:8080/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
}
location = /time.json {
proxy_pass http://frontend:8080/time.json;
proxy_method GET;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
proxy_cache STATIC;
proxy_cache_valid 1s;
}
}