Split nginx' sa.conf
diff --git a/docker-compose.yml b/docker-compose.yml
index 2dc0db7..c87ce6a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -18,8 +18,9 @@
volumes:
- ./certbot/www/:/var/www/certbot/:ro
- ./certs/:/etc/nginx/certs/:rw
- - ./nginx/sa.conf:/etc/nginx/conf.d/sa.conf.template:ro
- - ./nginx/empty.conf:/etc/nginx/conf.d/default.conf:ro
+ - ./nginx/sa.conf:/etc/nginx/conf.d/default.conf.template:ro
+ - ./nginx/id.sa.conf:/etc/nginx/conf.d/id.sa.conf.template:ro
+ - ./nginx/review.sa.conf:/etc/nginx/conf.d/review.sa.conf.template:ro
- ./logs/nginx:/var/log/nginx/:rw
postgres:
build:
diff --git a/nginx/id.sa.conf b/nginx/id.sa.conf
new file mode 100644
index 0000000..9dbac41
--- /dev/null
+++ b/nginx/id.sa.conf
@@ -0,0 +1,16 @@
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ server_name id.miau.local;
+
+ location /auth/ { # Gerrit adds this prefix for Keycloak...
+ rewrite ^/auth(.*)$ $1 last;
+ }
+
+ location / {
+ proxy_pass http://keycloak:8080;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header Host $host;
+ }
+}
diff --git a/nginx/review.sa.conf b/nginx/review.sa.conf
new file mode 100644
index 0000000..b5c826d
--- /dev/null
+++ b/nginx/review.sa.conf
@@ -0,0 +1,25 @@
+proxy_cache_path /var/cache/nginx/gerrit levels=2 keys_zone=GERRIT:1m inactive=1w max_size=16m;
+
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ server_name review.miau.local;
+
+ location / {
+ proxy_pass http://gerrit:8080;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header Host $host;
+
+ location ~ ^/(bower_components|elements|fonts|styles)/ {
+ proxy_pass http://gerrit:8080;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header Host $host;
+ proxy_cache GERRIT;
+ proxy_cache_valid 200 1h;
+ proxy_cache_use_stale error timeout invalid_header updating http_500 http_503;
+ # Gerrit bug sets `private`, hence the whole location override:
+ proxy_ignore_headers Cache-Control;
+ }
+ }
+}
diff --git a/nginx/sa.conf b/nginx/sa.conf
index 1978248..f0cb923 100644
--- a/nginx/sa.conf
+++ b/nginx/sa.conf
@@ -1,5 +1,3 @@
-proxy_cache_path /var/cache/nginx/gerrit levels=2 keys_zone=GERRIT:1m inactive=1w max_size=16m;
-
server {
listen 80;
listen [::]:80;
@@ -14,23 +12,6 @@
}
server {
- listen 443 ssl;
- listen [::]:443 ssl;
-
- server_name id.miau.local;
-
- location /auth/ { # Gerrit adds this prefix for Keycloak...
- rewrite ^/auth(.*)$ $1 last;
- }
-
- location / {
- proxy_pass http://keycloak:8080;
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_set_header Host $host;
- }
-}
-
-server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/certs/live/miau.local/fullchain.pem;
@@ -53,23 +34,4 @@
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
-
- server_name review.miau.local;
-
- location / {
- proxy_pass http://gerrit:8080;
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_set_header Host $host;
-
- location ~ ^/(bower_components|elements|fonts|styles)/ {
- proxy_pass http://gerrit:8080;
- proxy_set_header X-Forwarded-For $remote_addr;
- proxy_set_header Host $host;
- proxy_cache GERRIT;
- proxy_cache_valid 200 1h;
- proxy_cache_use_stale error timeout invalid_header updating http_500 http_503;
- # Gerrit bug sets `private`, hence the whole location override:
- proxy_ignore_headers Cache-Control;
- }
- }
}