169 lines
5.1 KiB
Cheetah
169 lines
5.1 KiB
Cheetah
|
server {
|
||
|
server_name ${BASENAME_FOR_SUBDOMAIN} ${MINIO_YNT_HOST} ${MINIO_ADMIN_YNT_HOST} ${KC_YNT_HOST};
|
||
|
listen 80;
|
||
|
return 301 https://${DOLLAR}host${DOLLAR}request_uri;
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
server_name ${BASENAME_FOR_SUBDOMAIN};
|
||
|
listen 443 ssl;
|
||
|
|
||
|
ssl_certificate /etc/nginx/ssl/server.crt.pem;
|
||
|
ssl_certificate_key /etc/nginx/ssl/server.key.pem;
|
||
|
|
||
|
proxy_http_version 1.1;
|
||
|
proxy_busy_buffers_size 512k;
|
||
|
proxy_buffers 4 512k;
|
||
|
proxy_buffer_size 256k;
|
||
|
proxy_connect_timeout 75s;
|
||
|
|
||
|
location / {
|
||
|
proxy_pass http://yonote:3000;
|
||
|
proxy_set_header Host ${DOLLAR}host;
|
||
|
proxy_set_header Connection '';
|
||
|
chunked_transfer_encoding off;
|
||
|
proxy_cache off;
|
||
|
}
|
||
|
|
||
|
location ^~/realtime {
|
||
|
proxy_http_version 1.1;
|
||
|
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
|
||
|
proxy_set_header Connection "Upgrade";
|
||
|
proxy_set_header Host ${DOLLAR}host;
|
||
|
proxy_pass http://yonote:3000;
|
||
|
}
|
||
|
location ^~/collaboration {
|
||
|
proxy_http_version 1.1;
|
||
|
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
|
||
|
proxy_set_header Connection "Upgrade";
|
||
|
proxy_set_header Host ${DOLLAR}host;
|
||
|
proxy_pass http://yonote:3000;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 443 ssl;
|
||
|
listen [::]:443 ssl;
|
||
|
server_name ${MINIO_YNT_HOST};
|
||
|
|
||
|
ssl_certificate /etc/nginx/ssl/server.crt.pem;
|
||
|
ssl_certificate_key /etc/nginx/ssl/server.key.pem;
|
||
|
|
||
|
# To allow special characters in headers
|
||
|
ignore_invalid_headers off;
|
||
|
# Allow any size file to be uploaded.
|
||
|
# Set to a value such as 1000m; to restrict file size to a specific value
|
||
|
client_max_body_size 0;
|
||
|
# To disable buffering
|
||
|
proxy_buffering off;
|
||
|
|
||
|
# Use Docker DNS
|
||
|
# You might not need this section but in case you need to resolve
|
||
|
# docker service names inside the container then this can be useful.
|
||
|
# resolver 127.0.0.11 valid=10s;
|
||
|
# resolver_timeout 5s;
|
||
|
|
||
|
# Apparently the following line might prevent caching of DNS lookups
|
||
|
# and force nginx to resolve the name on each request via the internal
|
||
|
# Docker DNS.
|
||
|
# set ${DOLLAR}upstream "s3";
|
||
|
|
||
|
# Proxy requests to the Minio API on port 9000
|
||
|
location / {
|
||
|
proxy_pass http://s3:9000;
|
||
|
|
||
|
proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
|
||
|
proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
|
||
|
proxy_set_header Host ${DOLLAR}http_host;
|
||
|
|
||
|
proxy_connect_timeout 300;
|
||
|
|
||
|
# To support websocket
|
||
|
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
|
||
|
proxy_http_version 1.1;
|
||
|
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
|
||
|
proxy_set_header Connection "upgrade";
|
||
|
chunked_transfer_encoding off;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
listen 443 ssl;
|
||
|
listen [::]:443 ssl;
|
||
|
server_name ${MINIO_ADMIN_YNT_HOST};
|
||
|
|
||
|
ssl_certificate /etc/nginx/ssl/server.crt.pem;
|
||
|
ssl_certificate_key /etc/nginx/ssl/server.key.pem;
|
||
|
|
||
|
# To allow special characters in headers
|
||
|
ignore_invalid_headers off;
|
||
|
# Allow any size file to be uploaded.
|
||
|
# Set to a value such as 1000m; to restrict file size to a specific value
|
||
|
client_max_body_size 0;
|
||
|
# To disable buffering
|
||
|
proxy_buffering off;
|
||
|
|
||
|
# Use Docker DNS
|
||
|
# You might not need this section but in case you need to resolve
|
||
|
# docker service names inside the container then this can be useful.
|
||
|
# resolver 127.0.0.11 valid=10s;
|
||
|
# resolver_timeout 5s;
|
||
|
|
||
|
# Apparently the following line might prevent caching of DNS lookups
|
||
|
# and force nginx to resolve the name on each request via the internal
|
||
|
# Docker DNS.
|
||
|
# set ${DOLLAR}upstream "s3";
|
||
|
|
||
|
# Minio Console (UI)
|
||
|
location / {
|
||
|
# This was really the key for me. Even though the Nginx docs say
|
||
|
# that with a URI part in the `proxy_pass` directive, the `/console/`
|
||
|
# URI should automatically be rewritten, this wasn't working for me.
|
||
|
# rewrite ^/console/(.*)${DOLLAR} /${DOLLAR}1 break;
|
||
|
|
||
|
proxy_pass http://s3:9001;
|
||
|
|
||
|
proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
|
||
|
proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme;
|
||
|
proxy_set_header Host ${DOLLAR}http_host;
|
||
|
|
||
|
proxy_connect_timeout 300;
|
||
|
proxy_set_header Connection "";
|
||
|
chunked_transfer_encoding off;
|
||
|
|
||
|
# To support websocket
|
||
|
proxy_http_version 1.1;
|
||
|
proxy_set_header Upgrade ${DOLLAR}http_upgrade;
|
||
|
proxy_set_header Connection "upgrade";
|
||
|
proxy_set_header Origin '';
|
||
|
}
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
server_name ${KC_YNT_HOST};
|
||
|
listen 443 ssl;
|
||
|
|
||
|
ssl_certificate /etc/nginx/ssl/server.crt.pem;
|
||
|
ssl_certificate_key /etc/nginx/ssl/server.key.pem;
|
||
|
|
||
|
proxy_http_version 1.1;
|
||
|
proxy_busy_buffers_size 512k;
|
||
|
proxy_buffers 4 512k;
|
||
|
proxy_buffer_size 256k;
|
||
|
proxy_read_timeout 300s;
|
||
|
proxy_connect_timeout 75s;
|
||
|
|
||
|
proxy_set_header Host ${DOLLAR}host; # to forward the original host requested by the client
|
||
|
proxy_set_header X-Real-IP ${DOLLAR}remote_addr;
|
||
|
proxy_set_header X-Forwarded-Host ${DOLLAR}host;
|
||
|
proxy_set_header X-Forwarded-Port 9443;
|
||
|
proxy_set_header X-Forwarded-Server ${DOLLAR}host;
|
||
|
proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; # To forward the original client's IP address
|
||
|
proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; # to forward the original protocol (HTTP or HTTPS)
|
||
|
|
||
|
location / {
|
||
|
proxy_pass http://keycloak:8080;
|
||
|
}
|
||
|
}
|