biapar · March 22, 2022 16:57
diff --git a/gistfile1.txt b/gistfile1.txt
 FOLLOWING this GUIDE https://blog.yeetpc.com/how-to-set-up-an-nginx-reverse-proxy-with-ssl-on-ubuntu-server-20-04-lts/,
 I adapt the config to use with DIrectus.
 Directus panel on http://ip:8055/

 CONFIG FILE FOR NGINX

 server {
    if ($host = api.domain.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name api.domain.xyz;
    return 301 http://ip:8055$request_uri;


 }

 server {

    listen 443;
    server_name api.domain.xyz;

    #SSL Configuration

    #ssl_certificate /etc/letsencrypt/live/domain.xyz/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/domain.xyz/privkey.pem; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.domain.xyz/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.domain.xyz/privkey.pem; # managed by Certbot
    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    # Set the access log location

    access_log            /var/log/nginx/domain.xyz.access.log;

    location / {

      # Set the proxy headers

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_set_header 		    Upgrade $http_upgrade;
      proxy_set_header 		    Connection 'upgrade';
      proxy_cache_bypass      $http_upgrade;

      # Configure which address the request is proxied to

      proxy_pass          http://ip:8055/;
      proxy_read_timeout  90;
      proxy_redirect      http://ip:8055/ https://api.domain.xyz/;

      # Security headers
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
      add_header X-Frame-Options DENY;
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header Referrer-Policy "origin";

      # Add the trailing slash
      #rewrite ^([^.]*[^/])$ $1/ permanent;
    }


 }
	FOLLOWING this GUIDE https://blog.yeetpc.com/how-to-set-up-an-nginx-reverse-proxy-with-ssl-on-ubuntu-server-20-04-lts/,
	I adapt the config to use with DIrectus.
	Directus panel on http://ip:8055/

	CONFIG FILE FOR NGINX

	server {
	if ($host = api.domain.xyz) {
	return 301 https://$host$request_uri;
	} # managed by Certbot


	listen 80;
	server_name api.domain.xyz;
	return 301 http://ip:8055$request_uri;


	}

	server {

	listen 443;
	server_name api.domain.xyz;

	#SSL Configuration

	#ssl_certificate /etc/letsencrypt/live/domain.xyz/fullchain.pem; # managed by Certbot
	#ssl_certificate_key /etc/letsencrypt/live/domain.xyz/privkey.pem; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/api.domain.xyz/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/api.domain.xyz/privkey.pem; # managed by Certbot
	ssl on;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
	ssl_prefer_server_ciphers on;

	# Set the access log location

	access_log /var/log/nginx/domain.xyz.access.log;

	location / {

	# Set the proxy headers

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_cache_bypass $http_upgrade;

	# Configure which address the request is proxied to

	proxy_pass http://ip:8055/;
	proxy_read_timeout 90;
	proxy_redirect http://ip:8055/ https://api.domain.xyz/;

	# Security headers
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header Referrer-Policy "origin";

	# Add the trailing slash
	#rewrite ^([^.]*[^/])$ $1/ permanent;
	}


	}