Последняя активность 1719843837

nginx.conf Исходник
1user www-data;
2worker_processes auto;
3pid /run/nginx.pid;
4include /etc/nginx/modules-enabled/*.conf;
5error_log /var/log/nginx/error.log;
6
7include /usr/share/nginx/modules/*.conf;
8
9events {
10 worker_connections 1024;
11 # multi_accept on;
12}
13
14http {
15 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
16 '$status $body_bytes_sent "$http_referer" '
17 '"$http_user_agent" "$http_x_forwarded_for"';
18
19 client_max_body_size 200M;
20 sendfile on;
21 tcp_nopush on;
22 tcp_nodelay on;
23 keepalive_timeout 65;
24 types_hash_max_size 2048;
25
26 # add_header X-Frame-Options sameorigin always;
27 # add_header X-Frame-Options SAMEORIGIN always;
28 add_header X-Frame-Options DENY;
29
30 include /etc/nginx/mime.types;
31 default_type application/octet-stream;
32
33 ssl_protocols TLSv1.3 TLSv1.2;
34 ssl_prefer_server_ciphers on;
35
36 access_log /var/log/nginx/access.log;
37 error_log /var/log/nginx/error.log;
38
39 include /etc/nginx/conf.d/*.conf;
40
41 server {
42 listen 80;
43 server_name addie.ornl.gov;
44 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
45 add_header X-Frame-Options DENY;
46 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
47 add_header X-Frame-Options "SAMEORIGIN";
48 return 301 https://addie.ornl.gov$request_uri;
49 }
50
51 map $http_upgrade $connection_upgrade {
52 default upgrade;
53 '' close;
54 }
55
56 server {
57 listen 443 ssl;
58 server_name addie.ornl.gov;
59 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
60 add_header X-Frame-Options DENY;
61 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
62 add_header X-Frame-Options "SAMEORIGIN";
63 return 301 https://addie.ornl.gov$request_uri;
64 }
65
66 map $http_upgrade $connection_upgrade {
67 default upgrade;
68 '' close;
69 }
70
71 server {
72 listen 443 ssl;
73 server_name addie.ornl.gov;
74 root /usr/share/nginx/html;
75
76 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
77 # add_header X-Frame-Options SAMEORIGIN always;
78 # add_header X-Frame-Options sameorigin always;
79 add_header X-Frame-Options "DENY";
80
81 ssl_certificate "/home/cloud/packages/addie/certs/addie.pem";
82 ssl_certificate_key "/home/cloud/packages/addie/certs/addie.key";
83
84 location / {
85 proxy_pass http://localhost:5000;
86 proxy_set_header Host $host;
87 proxy_set_header X-Real-IP $remote_addr;
88 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
89 proxy_set_header X-Forwarded-Proto $scheme;
90 proxy_pass_request_headers on;
91 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
92 add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
93 add_header Pragma "no-cache" always;
94 add_header Expires "0" always;
95 add_header X-Frame-Options "SAMEORIGIN";
96 add_header X-Frame-Options "DENY" always;
97 proxy_set_header X-Frame-Options "SAMEORIGIN";
98 # include uwsgi_params;
99 # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
100 }
101
102 error_page 404 /404.html;
103 location = /404.html {
104 }
105
106 error_page 500 502 503 504 /50x.html;
107 location = /50x.html {
108 }
109 }
110
111 server {
112 listen 80;
113 server_name slash.ornl.gov;
114 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
115 add_header X-Frame-Options DENY;
116 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
117 add_header X-Frame-Options "SAMEORIGIN";
118 return 301 https://slash.ornl.gov$request_uri;
119 }
120
121 map $http_upgrade $connection_upgrade {
122 default upgrade;
123 '' close;
124 }
125
126 server {
127 listen 443 ssl;
128 server_name slash.ornl.gov;
129 root /usr/share/nginx/html;
130
131 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
132 # add_header X-Frame-Options SAMEORIGIN always;
133 # add_header X-Frame-Options sameorigin always;
134 add_header X-Frame-Options "DENY";
135
136 ssl_certificate "/home/cloud/packages/slash/slash.pem";
137 ssl_certificate_key "/home/cloud/packages/slash/slash.key";
138
139 location / {
140 proxy_pass http://localhost:5231;
141 proxy_set_header Host $host;
142 proxy_set_header X-Real-IP $remote_addr;
143 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144 proxy_set_header X-Forwarded-Proto $scheme;
145 proxy_pass_request_headers on;
146 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
147 add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
148 add_header Pragma "no-cache" always;
149 add_header Expires "0" always;
150 add_header X-Frame-Options "SAMEORIGIN";
151 add_header X-Frame-Options "DENY" always;
152 proxy_set_header X-Frame-Options "SAMEORIGIN";
153 # include uwsgi_params;
154 # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
155 }
156
157 error_page 404 /404.html;
158 location = /404.html {
159 }
160
161 error_page 500 502 503 504 /50x.html;
162 location = /50x.html {
163 }
164 }
165
166 server {
167 listen 80;
168 server_name tmapper.ornl.gov;
169 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
170 add_header X-Frame-Options DENY;
171 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
172 add_header X-Frame-Options "SAMEORIGIN";
173 return 301 https://tmapper.ornl.gov$request_uri;
174 }
175
176 map $http_upgrade $connection_upgrade {
177 default upgrade;
178 '' close;
179 }
180
181 server {
182 listen 443 ssl;
183 server_name tmapper.ornl.gov;
184 root /usr/share/nginx/html;
185
186 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
187 # add_header X-Frame-Options SAMEORIGIN always;
188 # add_header X-Frame-Options sameorigin always;
189 add_header X-Frame-Options "DENY";
190
191 ssl_certificate "/home/cloud/packages/teammapper/tmapper.pem";
192 ssl_certificate_key "/home/cloud/packages/teammapper/tmapper.key";
193
194 location / {
195 proxy_pass http://localhost:8089;
196 proxy_set_header Host $host;
197 proxy_set_header X-Real-IP $remote_addr;
198 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
199 proxy_set_header X-Forwarded-Proto $scheme;
200 proxy_pass_request_headers on;
201 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
202 add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
203 add_header Pragma "no-cache" always;
204 add_header Expires "0" always;
205 add_header X-Frame-Options "SAMEORIGIN";
206 add_header X-Frame-Options "DENY" always;
207 proxy_set_header X-Frame-Options "SAMEORIGIN";
208 # include uwsgi_params;
209 # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
210 }
211
212 error_page 404 /404.html;
213 location = /404.html {
214 }
215
216 error_page 500 502 503 504 /50x.html;
217 location = /50x.html {
218 }
219 }
220
221 server {
222 listen 80;
223 server_name rally.ornl.gov;
224 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
225 add_header X-Frame-Options DENY;
226 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
227 add_header X-Frame-Options "SAMEORIGIN";
228 return 301 https://rally.ornl.gov$request_uri;
229 }
230
231 map $http_upgrade $connection_upgrade {
232 default upgrade;
233 '' close;
234 }
235
236 server {
237 listen 443 ssl;
238 server_name rally.ornl.gov;
239 root /usr/share/nginx/html;
240
241 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
242 # add_header X-Frame-Options SAMEORIGIN always;
243 # add_header X-Frame-Options sameorigin always;
244 add_header X-Frame-Options "DENY";
245
246 ssl_certificate "/home/cloud/packages/rallly-selfhosted/rally.pem";
247 ssl_certificate_key "/home/cloud/packages/rallly-selfhosted/rally.key";
248
249 location / {
250 proxy_pass http://localhost:3000;
251 proxy_set_header Host $host;
252 proxy_set_header X-Real-IP $remote_addr;
253 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
254 proxy_set_header X-Forwarded-Proto $scheme;
255 proxy_pass_request_headers on;
256 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
257 add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
258 add_header Pragma "no-cache" always;
259 add_header Expires "0" always;
260 add_header X-Frame-Options "SAMEORIGIN";
261 add_header X-Frame-Options "DENY" always;
262 proxy_set_header X-Frame-Options "SAMEORIGIN";
263 # include uwsgi_params;
264 # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
265 }
266
267 error_page 404 /404.html;
268 location = /404.html {
269 }
270
271 error_page 500 502 503 504 /50x.html;
272 location = /50x.html {
273 }
274 }
275
276 server {
277 listen 80;
278 server_name addie-dev.ornl.gov;
279 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
280 add_header X-Frame-Options DENY;
281 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
282 add_header X-Frame-Options "SAMEORIGIN";
283 return 301 https://addie-dev.ornl.gov$request_uri;
284 }
285
286 map $http_upgrade $connection_upgrade {
287 default upgrade;
288 '' close;
289 }
290
291 server {
292 listen 443 ssl;
293 server_name addie-dev.ornl.gov;
294 root /usr/share/nginx/html;
295
296 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
297 # add_header X-Frame-Options SAMEORIGIN always;
298 # add_header X-Frame-Options sameorigin always;
299 add_header X-Frame-Options "DENY";
300
301 ssl_certificate "/home/cloud/packages/addie/certs_dev/addie.pem";
302 ssl_certificate_key "/home/cloud/packages/addie/certs_dev/addie.key";
303
304 location / {
305 proxy_pass http://localhost:6000;
306 proxy_set_header Host $host;
307 proxy_set_header X-Real-IP $remote_addr;
308 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
309 proxy_set_header X-Forwarded-Proto $scheme;
310 proxy_pass_request_headers on;
311 add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload;' always;
312 add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
313 add_header Pragma "no-cache" always;
314 add_header Expires "0" always;
315 add_header X-Frame-Options "SAMEORIGIN";
316 add_header X-Frame-Options "DENY" always;
317 proxy_set_header X-Frame-Options "SAMEORIGIN";
318 # include uwsgi_params;
319 # uwsgi_pass unix:/home/cloud/dev/tsitc/pdfitc.sock;
320 }
321
322 error_page 404 /404.html;
323 location = /404.html {
324 }
325
326 error_page 500 502 503 504 /50x.html;
327 location = /50x.html {
328 }
329 }
330}