server { server_name ${BASENAME_FOR_SUBDOMAIN} ${MINIO_YNT_HOST} ${MINIO_ADMIN_YNT_HOST} ${KC_YNT_HOST}; listen 80; return 301 https://${DOLLAR}host${DOLLAR}request_uri; } server { server_name ${BASENAME_FOR_SUBDOMAIN}; listen 443 ssl; ssl_certificate /etc/nginx/ssl/server.crt.pem; ssl_certificate_key /etc/nginx/ssl/server.key.pem; proxy_http_version 1.1; proxy_busy_buffers_size 512k; proxy_buffers 4 512k; proxy_buffer_size 256k; proxy_connect_timeout 75s; location / { proxy_pass http://yonote:3000; proxy_set_header Host ${DOLLAR}host; proxy_set_header Connection ''; chunked_transfer_encoding off; proxy_cache off; } location ^~/realtime { proxy_http_version 1.1; proxy_set_header Upgrade ${DOLLAR}http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host ${DOLLAR}host; proxy_pass http://yonote:3000; } location ^~/collaboration { proxy_http_version 1.1; proxy_set_header Upgrade ${DOLLAR}http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host ${DOLLAR}host; proxy_pass http://yonote:3000; } } server { listen 443 ssl; listen [::]:443 ssl; server_name ${MINIO_YNT_HOST}; ssl_certificate /etc/nginx/ssl/server.crt.pem; ssl_certificate_key /etc/nginx/ssl/server.key.pem; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; # Use Docker DNS # You might not need this section but in case you need to resolve # docker service names inside the container then this can be useful. # resolver 127.0.0.11 valid=10s; # resolver_timeout 5s; # Apparently the following line might prevent caching of DNS lookups # and force nginx to resolve the name on each request via the internal # Docker DNS. # set ${DOLLAR}upstream "s3"; # Proxy requests to the Minio API on port 9000 location / { proxy_pass http://s3:9000; proxy_set_header X-Real-IP ${DOLLAR}remote_addr; proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; proxy_set_header Host ${DOLLAR}http_host; proxy_connect_timeout 300; # To support websocket # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 proxy_http_version 1.1; proxy_set_header Upgrade ${DOLLAR}http_upgrade; proxy_set_header Connection "upgrade"; chunked_transfer_encoding off; } } server { listen 443 ssl; listen [::]:443 ssl; server_name ${MINIO_ADMIN_YNT_HOST}; ssl_certificate /etc/nginx/ssl/server.crt.pem; ssl_certificate_key /etc/nginx/ssl/server.key.pem; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; # Use Docker DNS # You might not need this section but in case you need to resolve # docker service names inside the container then this can be useful. # resolver 127.0.0.11 valid=10s; # resolver_timeout 5s; # Apparently the following line might prevent caching of DNS lookups # and force nginx to resolve the name on each request via the internal # Docker DNS. # set ${DOLLAR}upstream "s3"; # Minio Console (UI) location / { # This was really the key for me. Even though the Nginx docs say # that with a URI part in the `proxy_pass` directive, the `/console/` # URI should automatically be rewritten, this wasn't working for me. # rewrite ^/console/(.*)${DOLLAR} /${DOLLAR}1 break; proxy_pass http://s3:9001; proxy_set_header X-Real-IP ${DOLLAR}remote_addr; proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; proxy_set_header Host ${DOLLAR}http_host; proxy_connect_timeout 300; proxy_set_header Connection ""; chunked_transfer_encoding off; # To support websocket proxy_http_version 1.1; proxy_set_header Upgrade ${DOLLAR}http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Origin ''; } } server { server_name ${KC_YNT_HOST}; listen 443 ssl; ssl_certificate /etc/nginx/ssl/server.crt.pem; ssl_certificate_key /etc/nginx/ssl/server.key.pem; proxy_http_version 1.1; proxy_busy_buffers_size 512k; proxy_buffers 4 512k; proxy_buffer_size 256k; proxy_read_timeout 300s; proxy_connect_timeout 75s; proxy_set_header Host ${DOLLAR}host; # to forward the original host requested by the client proxy_set_header X-Real-IP ${DOLLAR}remote_addr; proxy_set_header X-Forwarded-Host ${DOLLAR}host; proxy_set_header X-Forwarded-Port 9443; proxy_set_header X-Forwarded-Server ${DOLLAR}host; proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; # To forward the original client's IP address proxy_set_header X-Forwarded-Proto ${DOLLAR}scheme; # to forward the original protocol (HTTP or HTTPS) location / { proxy_pass http://keycloak:8080; } }