-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsites.conf
More file actions
144 lines (115 loc) · 5 KB
/
sites.conf
File metadata and controls
144 lines (115 loc) · 5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen *:443;
server_name sekm.sysnet.nagano sekm3.sysnet.nagano docker.sysnet.nagano;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
ssl_certificate /etc/nginx/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/private/nginx-selfsigned.key;
ssl_dhparam /etc/nginx/ssl/certs/dhparam.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
access_log /var/log/nginx/sekm-access.log;
error_log /var/log/nginx/sekm-error.log;
client_max_body_size 100M;
# robots
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
# ROOT
location / {
root html;
index index.html index.htm;
}
# PORTAL
location /portal {
access_log /var/log/nginx/sekm-portal-access.log;
error_log /var/log/nginx/sekm-portal-error.log;
proxy_pass http://127.0.0.1:5000;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_set_header Accept-Encoding "";
# proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# GEOSERVER
location ^~ /geoserver {
access_log /var/log/nginx/sekm-geoserver4-access.log;
error_log /var/log/nginx/sekm-geoserver4-error.log;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/geoserver;
}
# KIBANA
location /kibana {
# auth_basic "Pouze pro spávce";
# auth_basic_user_file /etc/nginx/.htpasswd;
access_log /var/log/nginx/sekm-kibana-access.log;
error_log /var/log/nginx/sekm-kibana-error.log;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:5601/;
rewrite ^/kibana/(.*)$ /$1 break;
}
# REST
location /rest/ {
access_log /var/log/nginx/sekm-rest-access.log;
error_log /var/log/nginx/sekm-rest-error.log;
proxy_pass http://localhost:3011/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
}
# RESTMOCK
location /restmock {
access_log /var/log/nginx/sekm-restmock-access.log;
error_log /var/log/nginx/sekm-restmock-error.log;
proxy_pass http://localhost:3001/restmock;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# WIREFRAME
location /wireframe/ {
access_log /var/log/nginx/sekm-wireframe-access.log;
error_log /var/log/nginx/sekm-wireframe-error.log;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:3000/;
rewrite ^/wireframe/(.*)$ /$1 break;
}
# PORTAINER
location /portainer/ {
access_log /var/log/nginx/sekm-portainer-access.log;
error_log /var/log/nginx/sekm-portainer-error.log;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:9000/;
rewrite ^/portainer/(.*)$ /$1 break;
}
}