nginx.conf 2.33 KB
Newer Older
Lukas Burgey's avatar
Lukas Burgey committed
1
2
3
4
5
6
7

map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
}

upstream django {
Lukas Burgey's avatar
Lukas Burgey committed
8
	server unix://$uwsgi_socket;
Lukas Burgey's avatar
Lukas Burgey committed
9
10
11
}

upstream websocket {
Lukas Burgey's avatar
Lukas Burgey committed
12
	server 127.0.0.1:$port_websocket;
Lukas Burgey's avatar
Lukas Burgey committed
13
14
15
16
17
18
19
20
21
22
23
24
25
}

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;

Lukas Burgey's avatar
Lukas Burgey committed
26
	server_name $domain;
Lukas Burgey's avatar
Lukas Burgey committed
27
28
29
	charset	utf-8;
	client_max_body_size 75M;

30
31
32
33
34
	gzip on;
	gzip_types      text/plain application/javascript;
	gzip_proxied    no-cache no-store private expired auth;
	gzip_min_length 1000;

Lukas Burgey's avatar
Lukas Burgey committed
35
	ssl on;
Lukas Burgey's avatar
Lukas Burgey committed
36
37
38
39
	ssl_certificate $ssl_chain;
	ssl_trusted_certificate $ssl_fullchain;
	ssl_certificate_key $ssl_key;
	ssl_dhparam $dhparam;
40

Lukas Burgey's avatar
Lukas Burgey committed
41
42
43
44
	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 180m;
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
Lukas Burgey's avatar
Lukas Burgey committed
45
	ssl_protocols TLSv1.1 TLSv1.2;
Lukas Burgey's avatar
Lukas Burgey committed
46
47
48
49
50
51
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 141.3.175.65 141.3.175.66;

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

Lukas Burgey's avatar
Lukas Burgey committed
52
	root $dist;
Lukas Burgey's avatar
Lukas Burgey committed
53
	index index.html;
54

Lukas Burgey's avatar
Lukas Burgey committed
55
56
57
	# Cache webpage assets
	location /assets {
		alias $dist/assets/;
58
59
60
61
		expires 30d;
		add_header Pragma public;
		add_header Cache-Control "public";
	}
Lukas Burgey's avatar
Lukas Burgey committed
62
	
Lukas Burgey's avatar
Lukas Burgey committed
63
	# Cache static assets of the django admin
Lukas Burgey's avatar
Lukas Burgey committed
64
	location ^~ /backend/static/ {
Lukas Burgey's avatar
Lukas Burgey committed
65
		alias $static/;
Lukas Burgey's avatar
Lukas Burgey committed
66
67
68
		expires 30d;
		add_header Pragma public;
		add_header Cache-Control "public";
Lukas Burgey's avatar
Lukas Burgey committed
69
70
	}	

Lukas Burgey's avatar
Lukas Burgey committed
71
	# Shortened path for the user rest interface
72
73
74
75
	location /rest {
		rewrite ^/rest/(.*)$ /backend/user-api/$1;
	}

Lukas Burgey's avatar
Lukas Burgey committed
76
	# Calls to the backend are handled by uwsgi (see upstream django)
Lukas Burgey's avatar
Lukas Burgey committed
77
78
	location /backend {
		uwsgi_pass django;
Lukas Burgey's avatar
Lukas Burgey committed
79
		include $config/uwsgi_params;
Lukas Burgey's avatar
Lukas Burgey committed
80
81
	}

Lukas Burgey's avatar
Lukas Burgey committed
82
	# The webpage is placed at the root (including its index.html)
Lukas Burgey's avatar
Lukas Burgey committed
83
84
85
86
	location /frontend {
		try_files $uri  $uri/ /index.html;
	}

Lukas Burgey's avatar
Lukas Burgey committed
87
	# Handle websocket
Lukas Burgey's avatar
Lukas Burgey committed
88
89
90
91
92
93
94
	location /ws {
		proxy_pass http://websocket/ws;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
	}

Lukas Burgey's avatar
Lukas Burgey committed
95
	# Redirect to direct login when we have the 'idp' parameter
Lukas Burgey's avatar
Lukas Burgey committed
96
	location / {
97
98
99
		if ($arg_idp) {
			return 301 /backend/auth/v1/request$is_args$args;
		}
Lukas Burgey's avatar
Lukas Burgey committed
100
101
		rewrite "^$" /frontend;
	}
Lukas Burgey's avatar
Lukas Burgey committed
102

Lukas Burgey's avatar
Lukas Burgey committed
103
	# Cache images
Lukas Burgey's avatar
Lukas Burgey committed
104
105
106
107
108
	location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
		expires 30d;
		add_header Pragma public;
		add_header Cache-Control "public";
	}
Lukas Burgey's avatar
Lukas Burgey committed
109
110
}