[ADM] nginx conf

devops/nginx/default

+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+
+server {
+    if ($host = dev.gargantext.org) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+        
+    server_name dev.gargantext.org;
+
+    add_header Cache-Control "no-cache";
+
+    location '/.well-known/acme-challenge' {
+        root /var/www/gargantext;
+    }
+
+    # Always redirect to https
+    return 301 https://dev.gargantext.org$request_uri;
+
+
+}
+
+server {
+    listen 443;
+    listen [::]:443 ssl;
+
+    server_name dev.gargantext.org;
+    
+    # Some options configurations:    
+    # https://github.com/h5bp/server-configs-nginx/blob/master/h5bp/location/expires.conf 
+    add_header Cache-Control "no-cache";
+
+    # SSL configuration
+    #
+    # listen 443 ssl default_server;
+    # listen [::]:443 ssl default_server;
+    
+    ssl on;
+    ssl_certificate /etc/letsencrypt/live/dev.gargantext.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/dev.gargantext.org/privkey.pem; # managed by Certbot 
+
+    # Note: You should disable gzip for SSL traffic.
+    # See: https://bugs.debian.org/773332
+    #
+    # Read up on ssl_ciphers to ensure a secure configuration.
+    # See: https://bugs.debian.org/765782
+    #
+    # Self signed certs generated by the ssl-cert package
+    # Don't use them in a production server!
+    #
+    # include snippets/snakeoil.conf;
+
+    client_max_body_size 800M;
+    client_body_timeout 12;
+    client_header_timeout 12;
+    keepalive_timeout 15;
+    send_timeout 10;
+
+    root /var/www/html;
+    index index.html;
+    
+    #add_header Access-Control-Allow-Origin $http_origin always; 
+    # Add index.php to the list if you are using PHP
+    #index index.html index.htm index.nginx-debian.html;
+    
+    # CORS config borrowed from: https://gist.github.com/pauloricardomg/7084524
+    # NP: not sure we need CORS yet
+    #
+    if ($http_origin ~* (^https?://(127.0.0.1|localhost|dev\.gargantext\.com))) {
+      set $cors "1";
+    }
+    #
+    # Cross-Origin Resource Sharing
+    if ($request_method = "OPTIONS") {
+      set $cors "${cors}o";
+    }
+
+
+     # SSL CERT renewal 
+     location '/.well-known/acme-challenge' {
+       alias /var/www/gargantext/.well-known/acme-challenge ;
+     }
+
+
+     location /api {
+#      limit_except OPTIONS {
+#        auth_basic           "Gargantext's Development Version";
+#        auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd; 
+#      }
+
+       proxy_set_header X-Real-IP         $remote_addr;
+       proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+       proxy_set_header X-Forwarded-Proto $scheme;
+       proxy_set_header Host              $http_host;
+       proxy_redirect   off;
+       proxy_pass       http://127.0.0.1:8008;
+
+
+     }
+
+     location / {
+       # https://stackoverflow.com/a/48708812
+       limit_except OPTIONS {
+         auth_basic           "Gargantext's Development Version";
+         auth_basic_user_file /etc/nginx/haskell_gargantext.htpasswd; 
+       }
+
+       proxy_set_header X-Real-IP         $remote_addr;
+       proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+       proxy_set_header X-Forwarded-Proto $scheme;
+       proxy_set_header Host              $http_host;
+       proxy_redirect   off;
+       proxy_pass       http://127.0.0.1:8008;
+
+
+     }
+
+     #access_log off;
+     access_log /var/log/nginx/access.log;
+     error_log /var/log/nginx/error.log;
+
+}
+