Lateinicus/server/nginx.conf

events {}

http {
     # Log warnings
     # TODO: Better path
     error_log /var/log/nginx.log warn;

     # No idea, but nginx refuses to start without it
     server_names_hash_bucket_size 64;

     # The redirection server
     server {
            listen 80 default_server;
            add_header Strict-Transport-Security "max-age=31536000" always;
            return 301 https://$host$request_uri;
     }

     # The actual webserver duties
     server {
            # server_name lateinicus;
            listen 443 ssl http2;
            add_header Strict-Transport-Security "max-age=31536000" always;

            # Global CSP
            add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://unpkg.com; img-src 'self' https:; font-src https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';" always;

            # SSL configuration
            ssl_certificate     /etc/ssl/lateinicus.pem;
            ssl_certificate_key /etc/ssl/lateinicus.key;
            ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers         HIGH:!aNULL:!MD5;
            ssl_session_cache   shared:SSL:30m;
            ssl_session_timeout 20m;
            keepalive_timeout   70;

            # Enable gzip compression
            gzip on;
            gzip_min_length 256K;

           
            error_page 404 /lost.html;
            error_page 500 502 503 504 /error.html;

            # Status page for 404
            location = /error.html {
                     root /srv/www;
            }

            # Status page for 50X
            location = /lost.html {
                     root /srv/www;
            }

            # Reverse Proxy
            location /api/ {
                     # Seems weird, but it is (Prevent /api/api/)
                     rewrite /api/(.*) /api/$1 break;
                     proxy_set_header Host $host;
                     proxy_set_header X-Real-IP $remote_addr;
                     proxy_pass http://128.1.0.3:8080;
            }

            # There probably is a better solution using wildcards
            location = /app {
                     return 301 https://$host/app/;
            }

            location = / {
                     return 301 https://$host/app/;
            }

            # The web app
            location /app/ {
                     # CSS might not get the correct Content-Type header
                     include  /etc/nginx/mime.types;

                     root /srv/www;
                     # For react-router
                     try_files $uri /app/index.html;
                     index index.html;
            }
     }
}
feat: Add a compose file 2018-09-28 21:33:28 +00:00			`events {}`

			`http {`
			`# Log warnings`
fix: Remove stdout logging 2018-09-28 21:35:16 +00:00			`# TODO: Better path`
			`error_log /var/log/nginx.log warn;`
feat: Add a compose file 2018-09-28 21:33:28 +00:00
			`# No idea, but nginx refuses to start without it`
			`server_names_hash_bucket_size 64;`

feat: Test using HTTPS and HTTP2 2018-09-30 18:15:27 +00:00			`# The redirection server`
			`server {`
			`listen 80 default_server;`
			`add_header Strict-Transport-Security "max-age=31536000" always;`
			`return 301 https://$host$request_uri;`
			`}`

feat: Add a compose file 2018-09-28 21:33:28 +00:00			`# The actual webserver duties`
			`server {`
			`# server_name lateinicus;`
feat: Test using HTTPS and HTTP2 2018-09-30 18:15:27 +00:00			`listen 443 ssl http2;`
			`add_header Strict-Transport-Security "max-age=31536000" always;`

sec: Move the CSP to a header on the nginx 2018-10-07 11:49:52 +00:00			`# Global CSP`
			`add_header Content-Security-Policy "default-src 'self'; script-src 'self' https://unpkg.com; img-src 'self' https:; font-src https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline';" always;`

feat: Test using HTTPS and HTTP2 2018-09-30 18:15:27 +00:00			`# SSL configuration`
			`ssl_certificate /etc/ssl/lateinicus.pem;`
			`ssl_certificate_key /etc/ssl/lateinicus.key;`
			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`
			`ssl_ciphers HIGH:!aNULL:!MD5;`
sec: Move the CSP to a header on the nginx 2018-10-07 11:49:52 +00:00			`ssl_session_cache shared:SSL:30m;`
			`ssl_session_timeout 20m;`
feat: Test using HTTPS and HTTP2 2018-09-30 18:15:27 +00:00			`keepalive_timeout 70;`
feat: Add a compose file 2018-09-28 21:33:28 +00:00
feat: Implement updating the done levels 2018-09-29 20:00:15 +00:00			`# Enable gzip compression`
			`gzip on;`
			`gzip_min_length 256K;`

feat: Error pages + Makefile improvements Error pages: Add error pages for 404 and 50X errors by nginx Makefile improvements: Remove shit.sh and replace it by improving the Makefile 2018-10-03 18:24:06 +00:00
			`error_page 404 /lost.html;`
			`error_page 500 502 503 504 /error.html;`

			`# Status page for 404`
			`location = /error.html {`
			`root /srv/www;`
			`}`

			`# Status page for 50X`
			`location = /lost.html {`
			`root /srv/www;`
			`}`

feat: Add a compose file 2018-09-28 21:33:28 +00:00			`# Reverse Proxy`
			`location /api/ {`
			`# Seems weird, but it is (Prevent /api/api/)`
			`rewrite /api/(.*) /api/$1 break;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_pass http://128.1.0.3:8080;`
			`}`

fix: redirect /app to /app/ 2018-10-02 13:14:45 +00:00			`# There probably is a better solution using wildcards`
nginx: Redirect / to /app/ 2018-10-12 15:36:17 +00:00			`location = /app {`
			`return 301 https://$host/app/;`
			`}`

			`location = / {`
fix: redirect /app to /app/ 2018-10-02 13:14:45 +00:00			`return 301 https://$host/app/;`
			`}`

feat: Add a compose file 2018-09-28 21:33:28 +00:00			`# The web app`
			`location /app/ {`
			`# CSS might not get the correct Content-Type header`
			`include /etc/nginx/mime.types;`

			`root /srv/www;`
			`# For react-router`
			`try_files $uri /app/index.html;`
			`index index.html;`
			`}`
			`}`
			`}`