From ae36f0ec0215077175b21266ef2cec5ff81241c2 Mon Sep 17 00:00:00 2001 From: Elar Saks Date: Sat, 10 Feb 2024 20:58:15 +0200 Subject: [PATCH] Fix nginx prod.conf. --- apps/nginx/production.conf | 91 +++++++++++++++++++------------------- 1 file changed, 45 insertions(+), 46 deletions(-) diff --git a/apps/nginx/production.conf b/apps/nginx/production.conf index 26fc5ae..643007a 100644 --- a/apps/nginx/production.conf +++ b/apps/nginx/production.conf @@ -1,57 +1,56 @@ +events { + worker_connections 1024; +} -# Server block for HTTP (Port 80) -server { - listen 80; - server_name gorilla-labs.com www.gorilla-labs.com; +http { - # Redirect HTTP to HTTPS - return 301 https://$server_name$request_uri; + # Server block for HTTP (Port 80) + server { + listen 80; + server_name gorilla-labs.com www.gorilla-labs.com; - location / { - proxy_pass http://gorilla-labs-client:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - error_page 502 =200 /placeholder.html; + # Redirect HTTP to HTTPS + return 301 https://$server_name$request_uri; } -} -# Server block for HTTPS (Port 443) -server { - listen 443 ssl; - server_name gorilla-labs.com www.gorilla-labs.com; - - # Strong SSL Security - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - ssl_certificate /etc/nginx/ssl/certificate.crt; - ssl_certificate_key /etc/nginx/ssl/private.key; - - location / { - proxy_pass http://gorilla-labs-client:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - error_page 502 =200 /placeholder.html; - } + # Server block for HTTPS (Port 443) + server { + listen 443 ssl; + server_name gorilla-labs.com www.gorilla-labs.com; -} + # Strong SSL Security + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + ssl_certificate /etc/nginx/ssl/certificate.crt; + ssl_certificate_key /etc/nginx/ssl/private.key; -# HTTPS Server Block for Port 5000 (Forwarding to 4000) -server { - listen 5000 ssl; - server_name localhost; + location / { + proxy_pass http://gorilla-labs-client:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + error_page 502 =200 /placeholder.html; + } - ssl_certificate /etc/nginx/ssl/certificate.crt; - ssl_certificate_key /etc/nginx/ssl/private.key; + } - location / { - proxy_pass http://gorilla-labs-api:4000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + # HTTPS Server Block for Port 5000 (Forwarding to 4000) + server { + listen 5000 ssl; + server_name localhost; + + ssl_certificate /etc/nginx/ssl/certificate.crt; + ssl_certificate_key /etc/nginx/ssl/private.key; + + location / { + proxy_pass http://gorilla-labs-api:4000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } } } \ No newline at end of file