add nginx configs

2024-04-14 23:21:43 +03:00 · 2024-04-14 23:21:43 +03:00 · ec9ae3afb3
commit ec9ae3afb3
parent 902bd905af
2 changed files with 112 additions and 0 deletions
--- a/config/nginx.local_http.conf
+++ b/config/nginx.local_http.conf
@ -0,0 +1,48 @@
+server {
+    listen 8880;
+    listen [::]:8880;
+
+ proxy_read_timeout 1000s;
+ proxy_connect_timeout 1000s;
+ proxy_send_timeout 1000s;
+
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+
+
+ # log
+ access_log /var/log/nginx/api-karakatsanis.access.log;
+ error_log /var/log/nginx/api-karakatsanis.error.log;
+
+
+ # common gzip
+ gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
+ gzip on;
+
+    location / {
+       proxy_hide_header 'access-control-allow-origin';
+       if ($http_origin ~* "^https?://(localhost|localhost:3030|localhost:8880|localhost:8880|localhost:8888|localhost:3000|127.0.0.1|127.0.0.1:8880|127.0.0.1:8880|127.0.0.1:8888|127.0.0.1:3000|10.1.1.1|10.1.1.1:8880|10.1.1.1:8880|10.1.1.1:8888|10.1.1.1:3000|10.1.1.2|10.1.1.2:8880|10.1.1.2:8880|10.1.1.2:8888|10.1.1.2:3000|10.1.1.3|10.1.1.3:8880|10.1.1.3:8880|10.1.1.3:8888|10.1.1.3:3000|10.1.1.3:3030|192.168.1.100)$") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
+        }
+
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;       
+            return 204;
+        }
+
+        proxy_pass http://localhost:8888;
+        #proxy_http_version 1.1;
+        #proxy_set_header X-Forwarded-Proto $scheme;
+        #proxy_set_header Host $host;
+        #proxy_set_header X-Real-IP $remote_addr;
+        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
--- a/config/nginx.ssl.conf
+++ b/config/nginx.ssl.conf
@ -0,0 +1,64 @@
+server {
+        listen 443 ssl;
+        server_name api-weather.argideli.com www.api-weather.argideli.com;
+        ssl_certificate /etc/letsencrypt/live/argideli.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/argideli.com/privkey.pem;
+
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_prefer_server_ciphers on;
+        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 64;
+        client_max_body_size 64M;
+
+        http2_chunk_size 8k;
+        #keepalive_timeout 300;
+        ssl_session_tickets on;
+        ssl_session_cache builtin:1000 shared:SSL:10m;
+        ssl_session_timeout 24h;
+        ssl_buffer_size 2400;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+        add_header X-Cache-Status $upstream_cache_status;
+        add_header Alternate-Protocol 443:npn-spdy/3;
+
+
+        access_log /var/log/nginx/api-weather.argideli.com_access.log;
+        error_log /var/log/nginx/api-weather.argideli.com_error.log;
+
+        # Remove X-Powered-By, which is an information leak
+        fastcgi_hide_header X-Powered-By;
+
+        # common gzip
+        gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
+        gzip on;
+
+    location / {
+       proxy_hide_header 'access-control-allow-origin';
+       if ($http_origin ~* "^https?://(argideli.com|weather.argideli.com|localhost|localhost:3030|10.1.1.1|10.1.1.1:3030)$") {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
+        }
+
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' "$http_origin" always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;       
+            return 204;
+        }
+
+        proxy_pass http://localhost:8880;
+        #proxy_http_version 1.1;
+        #proxy_set_header X-Forwarded-Proto $scheme;
+        #proxy_set_header Host $host;
+        #proxy_set_header X-Real-IP $remote_addr;
+        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}