benhartwich · July 12, 2023 05:59
diff --git a/nginx.conf b/nginx.conf
 server {
        listen 80;
        listen [::]:80;
        server_name xy.com;
        return 301 https://$server_name$request_uri;
 }

 server {
        listen 443 ssl;
        listen [::]:443 ssl;
        http2  on;
        server_name xy.com;
        ssl_certificate /etc/letsencrypt/live/xy.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/xy.co,/privkey.pem;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        add_header Strict-Transport-Security "max-age=63072000; preload";
        add_header X-Frame-Options DENY;
        client_max_body_size    250M;

        # use it if you would like to prohibit access to everyone running a public vm
        #satisfy any;
        #allow your ip adress /32;
        #allow allow 172.25.0.0/24;
        #deny all;
        # use it for having a http auth secured login
        #auth_basic "Please Login";
        #auth_basic_user_file ssl/.htpasswd;

 location / {
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
 }

 server {
        listen 80;
        listen [::]:80;
        server_name backend.xy.com;
        return 301 https://$server_name$request_uri;
 }

 server {
        listen 443 ssl;
        listen [::]:443 ssl;
        http2  on;
        server_name backend.xy.com;
        ssl_certificate /etc/letsencrypt/live/backend.xy.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/backend.xy.com/privkey.pem;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        add_header Strict-Transport-Security "max-age=63072000; preload";
        add_header X-Frame-Options DENY;
        client_max_body_size    250M;
        
        # use it if you would like to prohibit access to everyone running a public vm
        #satisfy any;
        #allow your ip adress /32;
        #allow allow 172.25.0.0/24;
        #deny all;
        # use it for having a http auth secured login
        #auth_basic "Please Login";
        #auth_basic_user_file ssl/.htpasswd;

 location / {
        proxy_pass http://localhost:8000/;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
 }
	server {
	listen 80;
	listen [::]:80;
	server_name xy.com;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;
	http2 on;
	server_name xy.com;
	ssl_certificate /etc/letsencrypt/live/xy.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/xy.co,/privkey.pem;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;
	add_header Strict-Transport-Security "max-age=63072000; preload";
	add_header X-Frame-Options DENY;
	client_max_body_size 250M;

	# use it if you would like to prohibit access to everyone running a public vm
	#satisfy any;
	#allow your ip adress /32;
	#allow allow 172.25.0.0/24;
	#deny all;
	# use it for having a http auth secured login
	#auth_basic "Please Login";
	#auth_basic_user_file ssl/.htpasswd;

	location / {
	proxy_pass http://localhost:3000/;
	proxy_set_header Host $host;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	}

	server {
	listen 80;
	listen [::]:80;
	server_name backend.xy.com;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl;
	listen [::]:443 ssl;
	http2 on;
	server_name backend.xy.com;
	ssl_certificate /etc/letsencrypt/live/backend.xy.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/backend.xy.com/privkey.pem;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;
	add_header Strict-Transport-Security "max-age=63072000; preload";
	add_header X-Frame-Options DENY;
	client_max_body_size 250M;

	# use it if you would like to prohibit access to everyone running a public vm
	#satisfy any;
	#allow your ip adress /32;
	#allow allow 172.25.0.0/24;
	#deny all;
	# use it for having a http auth secured login
	#auth_basic "Please Login";
	#auth_basic_user_file ssl/.htpasswd;

	location / {
	proxy_pass http://localhost:8000/;
	proxy_set_header Host $host;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	}
	}