default 5.16 KB
Newer Older
Alexandre Delanoë's avatar
Alexandre Delanoë committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
server {
        
    server_name doc.gargantext.org;

    add_header Cache-Control "no-cache";

    root /var/www/html/;
    index index.html;
 

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# Comment this for maintenance only
server {
        
36 37
    server_name v4.gargantext.org;
    #server_name maintenanceOnly.gargantext.org;
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

    add_header Cache-Control "no-cache";

    root /var/www/maintenance/;
    index index.html;
 

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}



Alexandre Delanoë's avatar
Alexandre Delanoë committed
55 56

server {
57
    if ($host = v4.gargantext.org) {
Alexandre Delanoë's avatar
Alexandre Delanoë committed
58 59 60 61 62 63
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
        
64
    server_name v4.gargantext.org;
Alexandre Delanoë's avatar
Alexandre Delanoë committed
65 66 67 68 69 70 71 72

    add_header Cache-Control "no-cache";

    location '/.well-known/acme-challenge' {
        root /var/www/gargantext;
    }

    # Always redirect to https
73
    return 301 https://v4.gargantext.org$request_uri;
Alexandre Delanoë's avatar
Alexandre Delanoë committed
74 75 76 77 78 79 80 81


}

server {
    listen 443;
    listen [::]:443 ssl;

82
    server_name v4.gargantext.org;
Alexandre Delanoë's avatar
Alexandre Delanoë committed
83 84 85 86 87 88 89 90 91 92 93
    
    # Some options configurations:    
    # https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/location/expires.conf 
    add_header Cache-Control "no-cache";

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    
    ssl on;
94 95
    ssl_certificate /etc/letsencrypt/live/v4.gargantext.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/v4.gargantext.org/privkey.pem; # managed by Certbot 
Alexandre Delanoë's avatar
Alexandre Delanoë committed
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123

    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    client_max_body_size 800M;
    client_body_timeout 12;
    client_header_timeout 12;
    keepalive_timeout 15;
    send_timeout 10;

    root /var/www/html;
    index index.html;
    
    #add_header Access-Control-Allow-Origin $http_origin always; 
    # Add index.php to the list if you are using PHP
    #index index.html index.htm index.nginx-debian.html;
    
    # CORS config borrowed from: https://gist.github.com/pauloricardomg/7084524
    # NP: not sure we need CORS yet
    #
124
    if ($http_origin ~* (^https?://(127.0.0.1|localhost|v4\.gargantext\.com))) {
Alexandre Delanoë's avatar
Alexandre Delanoë committed
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
      set $cors "1";
    }
    #
    # Cross-Origin Resource Sharing
    if ($request_method = "OPTIONS") {
      set $cors "${cors}o";
    }


     # SSL CERT renewal 
     location '/.well-known/acme-challenge' {
       alias /var/www/gargantext/.well-known/acme-challenge ;
     }


     location /api {
#      limit_except OPTIONS {
#        auth_basic           "Gargantext's Development Version";
#        auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd; 
#      }

       proxy_set_header X-Real-IP         $remote_addr;
       proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Host              $http_host;
       proxy_redirect   off;
       proxy_pass       http://127.0.0.1:8008;


     }

     location / {
       # https://stackoverflow.com/a/48708812
158 159 160 161
#       limit_except OPTIONS {
#         auth_basic           "Gargantext's Development Version";
#         auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd; 
#       }
Alexandre Delanoë's avatar
Alexandre Delanoë committed
162 163 164 165 166 167 168 169 170 171 172 173 174 175 176

       proxy_set_header X-Real-IP         $remote_addr;
       proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Host              $http_host;
       proxy_redirect   off;
       proxy_pass       http://127.0.0.1:8008;


     }

     #access_log off;
     access_log /var/log/nginx/access.log;
     error_log /var/log/nginx/error.log;

177

Alexandre Delanoë's avatar
Alexandre Delanoë committed
178 179
}

180 181 182 183 184 185 186 187 188 189 190 191 192 193



server {
    if ($host = doc.gargantext.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
        
    server_name doc.gargantext.org;
    return 404; # managed by Certbot

}