Commit 6bbdf06c authored by Pepijn Boers's avatar Pepijn Boers
Browse files

Update nginx settings

parent acd00ce6
......@@ -6,53 +6,22 @@ events {
}
http {
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
server {
listen 80;
server_name dnt.matomo.science.ru.nl www.dnt.matomo.science.ru.nl;
return 301 https://$host$request_uri;
}
server {
listen 80 default_server;
server_name matomo.science.ru.nl www.matomo.science.ru.nl;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name dnt.matomo.science.ru.nl www.dnt.matomo.science.ru.nl;
ssl_certificate /etc/ssl/private/matomo.science.ru.nl.crt;
ssl_certificate_key /etc/ssl/private/matomo.science.ru.nl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# We do not want to send requests to app-dnt/dnt but to app-dnt/, so rewrite!
rewrite ^/dnt(.*) /$1 break;
proxy_set_header X-Forwarded-Uri "/dnt";
proxy_pass http://app-dnt;
}
# redirects both www and non-www to https
return 301 https://localhost$request_uri;
}
server {
listen 443 ssl;
server_name matomo.science.ru.nl www.matomo.science.ru.nl;
server_name localhost 127.0.0.1;
ssl_certificate /etc/ssl/private/matomo.science.ru.nl.crt;
ssl_certificate_key /etc/ssl/private/matomo.science.ru.nl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......@@ -63,6 +32,17 @@ http {
proxy_redirect off;
proxy_pass http://app;
}
location /dnt {
return 302 /dnt/;
}
location /dnt/ {
# We do not want to send requests to app-dnt/dnt but to app-dnt/, so rewrite!
rewrite ^/dnt(.*) /$1 break;
proxy_set_header X-Forwarded-Uri "/dnt";
proxy_pass http://app-dnt;
}
}
}
\ No newline at end of file
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1000;
}
http {
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
server {
listen 80;
server_name dnt.matomo.science.ru.nl www.dnt.matomo.science.ru.nl;
return 301 https://$host$request_uri;
}
server {
listen 80 default_server;
server_name matomo.science.ru.nl www.matomo.science.ru.nl;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name dnt.matomo.science.ru.nl www.dnt.matomo.science.ru.nl;
ssl_certificate /etc/ssl/private/matomo.science.ru.nl.crt;
ssl_certificate_key /etc/ssl/private/matomo.science.ru.nl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# We do not want to send requests to app-dnt/dnt but to app-dnt/, so rewrite!
rewrite ^/dnt(.*) /$1 break;
proxy_set_header X-Forwarded-Uri "/dnt";
proxy_pass http://app-dnt;
}
}
server {
listen 443 ssl;
server_name matomo.science.ru.nl www.matomo.science.ru.nl;
ssl_certificate /etc/ssl/private/matomo.science.ru.nl.crt;
ssl_certificate_key /etc/ssl/private/matomo.science.ru.nl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_pass http://app;
}
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment