51 lines
1.4 KiB
Plaintext
51 lines
1.4 KiB
Plaintext
upstream ausweis { server 127.0.0.1:8099; }
|
|
server {
|
|
server_name MYDOMAIN;
|
|
listen 80;
|
|
listen [::]:80;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
server {
|
|
server_name MYDOMAIN;
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
access_log /var/log/nginx/ausweis.access.log;
|
|
error_log /var/log/nginx/ausweis.error.log warn;
|
|
|
|
# make sure everything under / is in a sub-folder
|
|
root /srv/http/my-domain/root/;
|
|
|
|
add_header Permissions-Policy "interest-cohort=()";
|
|
add_header Cache-Control must-revalidate;
|
|
expires 300;
|
|
|
|
location /frontend/data/ {
|
|
alias /srv/http/my-domain/backend_data/;
|
|
try_files $uri =404; # disable index, prevent attacks on finding a valid slug
|
|
expires 30;
|
|
}
|
|
|
|
location /frontend {
|
|
alias /srv/http/my-domain/frontend/;
|
|
access_log off;
|
|
}
|
|
|
|
location /backend/static/ {
|
|
alias /srv/http/my-domain/backend_static/;
|
|
try_files $uri =404; # disable index
|
|
access_log off;
|
|
}
|
|
|
|
location /backend/ {
|
|
proxy_pass http://ausweis;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_redirect off;
|
|
proxy_buffering off;
|
|
}
|
|
|
|
ssl_certificate fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key privkey.pem; # managed by Certbot
|
|
}
|