valitovgaziz/tp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified: serv_nginx/.env

Browse Source 
modified:   serv_nginx/nginx/Dockerfile
	modified:   serv_nginx/nginx/nginx-ssl.conf
add new config new Dockerfile and nginx conf
This commit is contained in:
Газиз Валитов
2025-10-21 06:23:46 +05:00
parent 257da2958c
commit de988a3d02
3 changed files with 63 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
serv_nginx/nginx/nginx-ssl.conf
+27 -26
View File
@@ -22,7 +22,7 @@ server {
location / {
return 301 https://$host$request_uri;
}
# ✅ Добавляем uploads и в HTTP редирект
location /uploads/ {
alias /uploads/;
expires 1y;
@@ -33,7 +33,6 @@ server {
}
server {
listen 443 ssl;
server_name yalarba.ru www.yalarba.ru;
@@ -51,9 +50,30 @@ server {
try_files $uri $uri/ /index.html;
}
# New location for REST API
# Keycloak integration - исправленная конфигурация
location /auth/ {
proxy_pass http://keycloak_backend/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Важные настройки для Keycloak
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
# Таймауты
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
}
# REST API
location /api/ {
proxy_pass http://api/;
proxy_pass http://api_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -63,21 +83,9 @@ server {
proxy_send_timeout 600;
proxy_read_timeout 600;
}
# Keycloak integration
location /auth/ {
proxy_pass http://keycloak/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
}
}
# Остальные server блоки остаются без изменений...
server {
listen 443 ssl;
server_name valitovgaziz.ru www.valitovgaziz.ru;
@@ -85,7 +93,6 @@ server {
ssl_certificate /etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/valitovgaziz.ru/privkey.pem;
# Additional SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
@@ -104,7 +111,6 @@ server {
ssl_certificate /etc/letsencrypt/live/easysite102.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/easysite102.ru/privkey.pem;
# Additional SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
@@ -116,7 +122,6 @@ server {
}
}
server {
listen 443 ssl;
server_name xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai;
@@ -124,7 +129,6 @@ server {
ssl_certificate /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/privkey.pem;
# Additional SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
@@ -143,7 +147,6 @@ server {
ssl_certificate /etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/begushiybashkir.ru/privkey.pem;
# Additional SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
@@ -154,9 +157,8 @@ server {
try_files $uri $uri/ /index.html;
}
# New location for REST API
location /api/ {
proxy_pass http://api_bb/;
proxy_pass http://api_bb_backend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -172,5 +174,4 @@ server {
expires 1y;
add_header Cache-Control "public, immutable";
}
}
}