diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf new file mode 100644 index 0000000..7309b2e --- /dev/null +++ b/configs/nginx/nginx.conf @@ -0,0 +1,9 @@ +http { + access_log off; + include /etc/nginx/conf.d/*.conf; + server_names_hash_bucket_size 128; +} + +events { + +} \ No newline at end of file diff --git a/configs/nginx/no-ssl-template.conf b/configs/nginx/no-ssl-template.conf new file mode 100644 index 0000000..cd4a637 --- /dev/null +++ b/configs/nginx/no-ssl-template.conf @@ -0,0 +1,8 @@ +server { + listen 80; + server_name $HOST; + + location /.well-known/acme-challenge/ { + alias /var/www/$HOST/.well-known/acme-challenge/; + } +} \ No newline at end of file diff --git a/configs/nginx/ssl-template.conf b/configs/nginx/ssl-template.conf new file mode 100644 index 0000000..ca68440 --- /dev/null +++ b/configs/nginx/ssl-template.conf @@ -0,0 +1,35 @@ +server { + listen 80; + server_name $HOST; + + location /.well-known/acme-challenge/ { + alias /var/www/$HOST/.well-known/acme-challenge/; + } + + rewrite ^(.*) https://$server_name$1 permanent; +} + +server { + listen 443 ssl; + server_name $HOST; + access_log off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + client_max_body_size 300m; + ssl_certificate /etc/nginx/ssl/$HOST/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/$HOST/key.pem; + ssl_trusted_certificate /etc/nginx/ssl/$HOST/chain.pem; + + location / { + proxy_pass http://0.0.0.0:$FRONTEND_PORT; + } + location ~ ^/oauth/github/callback/to/(pr-.*)?(.*)$ { + return 302 $scheme://$HOST/oauth/github/callback?$args; + } + location ~ ^/(graphql|api|oauth)(.*?)$ { + proxy_pass http://0.0.0.0:$BACKEND_PORT/$1$2$is_args$args; + } +} \ No newline at end of file