marrub
/
snipt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
snipt/salt/application/snipt.nginx.conf

132 lines
4.2 KiB
Plaintext
Raw Blame History

upstream backend_snipt {
server 127.0.0.1:8000;
}
{% if pillar.env_name != 'vagrant' %}
server {
listen 80;
server_name *.{{ pillar.hostname }};
if ($host ~* "^([^.]+(\.[^.]+)*)\.{{ pillar.hostname }}$"){
set $subd $1;
rewrite ^(.*)$ https://$subd.{{ pillar.hostname }}$1 permanent;
break;
}
}
server {
listen 80;
server_name {{ pillar.hostname }} www.{{ pillar.hostname }} beta.{{ pillar.hostname }};
rewrite ^(.*) https://{{ pillar.hostname }}$1 permanent;
}
server {
listen 443;
server_name www.{{ pillar.hostname }};
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_certificate /etc/certs/{{ pillar.hostname }}.crt;
ssl_certificate_key /etc/certs/{{ pillar.hostname }}.key;
rewrite ^(.*) https://{{ pillar.hostname }}$1 permanent;
}
server {
listen 443;
server_name {{ pillar.hostname }} *.{{ pillar.hostname }};
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_certificate /etc/certs/{{ pillar.hostname }}.crt;
ssl_certificate_key /etc/certs/{{ pillar.hostname }}.key;
location ~* /favicon.ico {
root /var/www/snipt/static/img/;
expires max;
}
location / {
# Open CORS config from https://gist.github.com/michiel/1064640.
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
rewrite_by_lua '
if string.find(ngx.var.host, "_") then
local newHost, n = ngx.re.gsub(ngx.var.host, "_", "-")
ngx.redirect(ngx.var.scheme .. "://" .. newHost .. ngx.var.uri)
end
';
proxy_pass http://backend_snipt;
proxy_set_header Host $host;
}
location /static/ {
alias /var/www/snipt/static/;
expires max;
}
location /public/feed/ {
rewrite ^/public/feed/$ https://{{ pillar.hostname }}/public/?rss permanent;
}
}
server {
listen 80 default_server;
location / {
proxy_pass http://backend_snipt;
proxy_set_header Host $host;
}
location /static/ {
alias /var/www/snipt/static/;
expires max;
}
location ~* /favicon.ico {
root /var/www/snipt/static/img/;
expires max;
}
}
{% else %}
server {
listen 80 default_server;
location / {
proxy_pass http://backend_snipt;
proxy_set_header Host $host;
}
location /static/ {
alias /var/www/snipt/media/;
expires max;
}
location ~* /favicon.ico {
root /var/www/snipt/media/img/;
expires max;
}
}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink