Gitiles
Code Review Sign In
review.sourcearcade.org / sourcearcade / f4fbab5570580690800658a758bed27702f9f40a / . / nginx / sa.conf
blob: 402225457575c2b5c440a850f458e3becb3d34f5 [file] [log] [blame]
Nico Huberf3193602023-07-02 14:56:01 +0000[diff] [blame]1proxy_cache_path /var/cache/nginx/gerrit levels=2 keys_zone=GERRIT:1m inactive=1w max_size=16m;
2
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]3server {
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]4 listen 80;
5 listen [::]:80;
6
Nico Huber15edd772023-07-01 18:16:50 +0000[diff] [blame]7 location /.well-known/acme-challenge/ {
8 root /var/www/certbot;
9 }
10
11 location / {
12 return 301 https://$host$request_uri;
13 }
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]14}
15
16server {
17 listen 443 ssl;
18 listen [::]:443 ssl;
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]19
20 server_name id.miau.local;
21
Nico Hubera73f8f32023-07-25 10:40:04 +0000[diff] [blame]22 location /id/ {
23 alias /var/www/html/;
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]24 index index.php index.html;
25 }
Nico Hubera73f8f32023-07-25 10:40:04 +0000[diff] [blame]26 location ~ ^/id/.*\.php$ {
27 fastcgi_split_path_info ^/id(.+\.php)(.*)$;
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]28 include fastcgi_params;
29 fastcgi_pass simpleid:9000;
30 fastcgi_index index.php;
Nico Hubera73f8f32023-07-25 10:40:04 +0000[diff] [blame]31 fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]32 }
Nico Huberf4fbab52023-07-25 10:57:08 +0000[diff] [blame^]33
34 location /auth/ { # Gerrit adds this prefix for Keycloak...
35 rewrite ^/auth(.*)$ $1 last;
36 }
37
38 location / {
39 proxy_pass http://keycloak:8080;
40 proxy_set_header X-Forwarded-For $remote_addr;
41 proxy_set_header Host $host;
42 }
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]43}
44
45server {
46 listen 443 ssl default_server;
47 listen [::]:443 ssl default_server;
Nico Huber15edd772023-07-01 18:16:50 +0000[diff] [blame]48 ssl_certificate /etc/nginx/certs/live/miau.local/fullchain.pem;
49 ssl_certificate_key /etc/nginx/certs/live/miau.local/privkey.pem;
Nico Huber38c14da2023-06-24 16:59:28 +0000[diff] [blame]50 ssl_protocols TLSv1.3;
51 ssl_prefer_server_ciphers on;
52 #ssl_dhparam /etc/nginx/dhparam.pem;
53 ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
54 ssl_ecdh_curve secp384r1;
55 ssl_session_timeout 10m;
56 ssl_session_cache shared:SSL:10m;
57 ssl_session_tickets off;
58 ssl_stapling on;
59 ssl_stapling_verify on;
60 resolver 8.8.8.8 8.8.4.4 valid=300s;
61 resolver_timeout 5s;
62 # Disable strict transport security for now. You can uncomment the following
63 # line if you understand the implications.
64 #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
65 add_header X-Frame-Options DENY;
66 add_header X-Content-Type-Options nosniff;
67 add_header X-XSS-Protection "1; mode=block";
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]68
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]69 server_name review.miau.local;
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]70
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]71 location / {
Nico Hubera1a296f2023-06-25 10:07:07 +0000[diff] [blame]72 proxy_pass http://gerrit:8080;
73 proxy_set_header X-Forwarded-For $remote_addr;
74 proxy_set_header Host $host;
Nico Huberf3193602023-07-02 14:56:01 +0000[diff] [blame]75
76 location ~ ^/(bower_components|elements|fonts|styles)/ {
77 proxy_pass http://gerrit:8080;
78 proxy_set_header X-Forwarded-For $remote_addr;
79 proxy_set_header Host $host;
80 proxy_cache GERRIT;
81 proxy_cache_valid 200 1h;
82 proxy_cache_use_stale error timeout invalid_header updating http_500 http_503;
83 # Gerrit bug sets `private`, hence the whole location override:
84 proxy_ignore_headers Cache-Control;
85 }
Nico Huber8cd50ee2023-06-24 15:35:16 +0000[diff] [blame]86 }
87}