diff options
author | rstular <rok@stular.eu> | 2020-05-20 21:47:41 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-20 21:47:41 +0200 |
commit | 9e63ad7fd187b5eea9f2e3d3a1e1fa9a2d1ec1d2 (patch) | |
tree | c96e2c622aeb56000d4736ba1932269f2dfd217b /server/proxy/nginx.conf | |
parent | Merge pull request #8 from beziapp/dev (diff) | |
parent | Merge branch 'dev' of ssh://github.com/beziapp/beziapp.github.io into dev (diff) | |
download | beziapp-9e63ad7fd187b5eea9f2e3d3a1e1fa9a2d1ec1d2.tar beziapp-9e63ad7fd187b5eea9f2e3d3a1e1fa9a2d1ec1d2.tar.gz beziapp-9e63ad7fd187b5eea9f2e3d3a1e1fa9a2d1ec1d2.tar.bz2 beziapp-9e63ad7fd187b5eea9f2e3d3a1e1fa9a2d1ec1d2.tar.lz beziapp-9e63ad7fd187b5eea9f2e3d3a1e1fa9a2d1ec1d2.tar.xz beziapp-9e63ad7fd187b5eea9f2e3d3a1e1fa9a2d1ec1d2.tar.zst beziapp-9e63ad7fd187b5eea9f2e3d3a1e1fa9a2d1ec1d2.zip |
Diffstat (limited to 'server/proxy/nginx.conf')
-rw-r--r-- | server/proxy/nginx.conf | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/server/proxy/nginx.conf b/server/proxy/nginx.conf new file mode 100644 index 0000000..222b8d2 --- /dev/null +++ b/server/proxy/nginx.conf @@ -0,0 +1,133 @@ +#server { +# server_name _; +# listen 80 default_server; +# # listen 443 default_server; +# listen [::]:80 default_server; +# # listen [::]:443 default_server; +# return 444; +#} +server { + listen 93.103.156.37:80; + listen [::]:80; + server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk; + return 301 https://zgimsis.gimb.tk$request_uri; + port_in_redirect off; + server_name_in_redirect off; +} +server { + listen 93.103.156.37:443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/ssl/sslforfree/sg.crt; + ssl_certificate_key /etc/ssl/sslforfree/sg.key; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=604800"; + #root /var/www/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk; + location /gse/ { + #try_files $uri $uri/ =404; + proxy_pass https://localhost:27443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + set $cors ''; + set $both_conditions ""; + add_header "x-debug-location-gse" "triggered"; + if ($http_origin ~ \.?gimb\.tk$) { + set $cors 'true'; + set $both_conditions "P"; + add_header "x-debug-http-origin-check" "passed"; + } + if ($cors = 'true') { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + } + if ($request_method = 'OPTIONS') { + set $both_conditions "${both_conditions}D"; + } + if ($both_conditions = PD) { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Max-Age' -1; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + } + location / { + set $cors ''; + if ($http_origin ~ \.?gimb\.tk$) { + set $cors 'true'; + } + if ($cors = 'true') { + add_header "Access-Control-Allow-Origin" $http_origin always; + add_header "Access-Control-Allow-Credentials" "true" always; + add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always; + add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always; + } + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Max-Age' 300; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + return 301 https://zgimsis.gimb.tk/gse/; + } + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + #} + location ~ /\.ht { + deny all; + } + port_in_redirect off; + server_name_in_redirect off; +} +server { + listen 93.103.156.37:80; + listen [::]:80; + server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk; + return 301 https://lopolis-api.gimb.tk$request_uri; + port_in_redirect off; + server_name_in_redirect off; +} +server { + listen 93.103.156.37:443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/ssl/sslforfree/sg.crt; + ssl_certificate_key /etc/ssl/sslforfree/sg.key; + ssl_session_cache builtin:1000 shared:SSL:10m; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=604800"; + #root /var/www/html; + index index.php index.html index.htm index.nginx-debian.html; + server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk; + location / { + #try_files $uri $uri/ =404; + proxy_pass http://localhost:44625; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + #location / { +# return 301 https://zgimsis.gimb.tk/gse/; +# } + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + #} + location ~ /\.ht { + deny all; + } + add_header X-This-Is-Definetley-Not-Flask I-Really-Care-If-Someone-DoSes-This-/s; + add_header X-I-Mean-If-Someone-Wants-To-DoS-Me They-Have-The-Power-To-Do-It; + add_header X-Although-It-Is-Illegal-And-I Will-Report-You-To-SiCert-And-They-Will-Bit-Your-Ass; + port_in_redirect off; + server_name_in_redirect off; +} |