Created
June 2, 2016 13:12
-
-
Save palcu/dfd8abc83d0ab4eb4b7c4bc2b7614ca4 to your computer and use it in GitHub Desktop.
data.gov.ro nginx config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # BEWARE | |
| # There are two parts, first port 80 and then port 443 | |
| # We have 2 needs: serving everything that we can on HTTP (this means we redirect most of the requests from HTTPS) | |
| # Serving the login page and logged in people from HTTPS | |
| proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m; | |
| proxy_temp_path /tmp/nginx_proxy 1 2; | |
| server_tokens off; | |
| server { | |
| listen 80; | |
| access_log /var/log/nginx/nginx.vhost.access.log; | |
| error_log /var/log/nginx/nginx.vhost.error.log; | |
| client_max_body_size 2000M; | |
| server_name data.gov.ro; | |
| location /user/login { | |
| return 301 https://$host$request_uri; | |
| } | |
| location / { | |
| if ($cookie_auth_tkt) { | |
| return 301 https://$host$request_uri; | |
| } | |
| proxy_pass http://127.0.0.1:8080/; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_cache cache; | |
| proxy_cache_bypass $cookie_auth_tkt; | |
| proxy_no_cache $cookie_auth_tkt; | |
| proxy_cache_valid 30m; | |
| proxy_cache_key $host$scheme$proxy_host$request_uri; | |
| } | |
| } | |
| server { | |
| listen 443 default ssl; | |
| ssl on; | |
| ssl_certificate /etc/ssl/datagovro_cert_2016.crt; | |
| ssl_certificate_key /etc/ssl/data_gov_ro.key; | |
| ssl_session_cache shared:SSL:50m; | |
| ssl_session_timeout 5m; | |
| server_name data.gov.ro; | |
| access_log /var/log/nginx/nginx.vhost.access.log; | |
| error_log /var/log/nginx/nginx.vhost.error.log; | |
| client_max_body_size 2000M; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header 'Access-Control-Allow-Origin' '*'; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; | |
| add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; | |
| add_header 'Strict-Transport-Security' 'max-age=0'; # we need this because we activated this header a while ago and want to deactivate it | |
| location /login_generic { # this is from the login post | |
| proxy_pass http://127.0.0.1:8080/$request_uri; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header Host $host; | |
| proxy_cache cache; | |
| proxy_cache_bypass $cookie_auth_tkt; | |
| proxy_no_cache $cookie_auth_tkt; | |
| proxy_cache_valid 30m; | |
| proxy_cache_key $host$scheme$proxy_host$request_uri; | |
| } | |
| location /user/login { # this is the login page | |
| proxy_pass http://127.0.0.1:8080/$request_uri; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header Host $host; | |
| proxy_cache cache; | |
| proxy_cache_bypass $cookie_auth_tkt; | |
| proxy_no_cache $cookie_auth_tkt; | |
| proxy_cache_valid 30m; | |
| proxy_cache_key $host$scheme$proxy_host$request_uri; | |
| } | |
| set $redirecthttp 1; # using this variable as a sentinel | |
| if ($cookie_auth_tkt) { | |
| set $redirecthttp 0; | |
| } | |
| if ($request_uri ~* \.(js|jpg|png|css|ttf|woff)) { # we are serving these assets from http because the login page needs them | |
| set $redirecthttp 0; | |
| } | |
| location / { | |
| if ($redirecthttp = 1) { | |
| return 301 http://$host$request_uri; | |
| } | |
| proxy_pass http://127.0.0.1:8080/; | |
| proxy_set_header X-Forwarded-For $remote_addr; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header Host $host; | |
| proxy_cache cache; | |
| proxy_cache_bypass $cookie_auth_tkt; | |
| proxy_no_cache $cookie_auth_tkt; | |
| proxy_cache_valid 30m; | |
| proxy_cache_key $host$scheme$proxy_host$request_uri; | |
| } | |
| } | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name www.data.gov.ro; | |
| return 301 $scheme://data.gov.ro$request_uri; | |
| } | |
| server { | |
| listen 443; | |
| server_name www.data.gov.ro; | |
| return 301 $scheme://data.gov.ro$request_uri; | |
| } | |
| server { | |
| listen 443; | |
| server_name date.gov.ro; | |
| return 301 $scheme://data.gov.ro$request_uri; | |
| } | |
| server { | |
| listen 80; | |
| server_name date.gov.ro; | |
| return 301 $scheme://data.gov.ro$request_uri; | |
| } | |
| server { | |
| listen 443; | |
| server_name www.date.gov.ro; | |
| return 301 $scheme://data.gov.ro$request_uri; | |
| } | |
| server { | |
| listen 80; | |
| server_name www.date.gov.ro; | |
| return 301 $scheme://data.gov.ro$request_uri; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment