labca/nginx.conf at master · hakwerk/labca · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Include any custom http context settings from custom-base.inc if that file exists
include conf.d/custom-base[.]inc;

server {
    listen [::]:80 default_server ipv6only=off;
    server_name _;
    server_tokens off;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    # Include any custom plain-HTTP server context settings from custom.inc if that file exists
    include conf.d/custom[.]inc;

    location /admin/ {
        client_max_body_size 50M;
        return 301 https://$host$request_uri;
    }

    location /acme/ {
        return 301 https://$host$request_uri;
    }

    location /aia/issuer {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /directory {
        return 301 https://$host$request_uri;
    }

    location /ocsp {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4002/;
    }

    location /sfe {
        return 301 https://$host$request_uri;
    }

    location /rate-limits {
        try_files $uri $uri.html $uri/ =404;
    }

    location /terms/ {
        try_files $uri $uri.html $uri/ =404;
    }
}

server {
    listen [::]:443 default_server ssl ipv6only=off;
    server_name _;
    server_tokens off;

    ssl_certificate /etc/nginx/ssl/labca_cert.pem;
    ssl_certificate_key /etc/nginx/ssl/labca_key.pem;

    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;

    # Include any custom HTTPS server context settings from custom-ssl.inc if that file exists
    include conf.d/custom-ssl[.]inc;

    location ~ ^/admin/static/(.+) {
        alias /var/www/html/$1;
    }

    location ~ ^/admin/.+/static/(.+) {
        alias /var/www/html/$1;
    }

    location /admin/ {
        client_max_body_size 50M;
        include conf.d/proxy.inc;
        proxy_read_timeout 120;
        proxy_set_header X-Request-Base "/admin";
        proxy_pass http://gui:3000/;
        error_page 502 504 /502.html;
    }

    location /admin/ws {
        include conf.d/proxy.inc;
        proxy_set_header X-Request-Base "/admin";
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_pass http://gui:3000/ws;
    }

    location /acme/ {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /directory {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /build {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /aia/issuer {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4001;
    }

    location /ocsp {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4002/;
    }

    location /sfe {
        include conf.d/proxy.inc;
        proxy_pass http://boulder:4003/;
    }

    location /rate-limits {
        try_files $uri $uri.html $uri/ =404;
    }

    location /terms/ {
        try_files $uri $uri.html $uri/ =404;
    }

    # BEGIN temporary redirect
    location = / {
        return 302 /admin/;
    }
    # END temporary redirect
}