241 lines
7.4 KiB
Plaintext
241 lines
7.4 KiB
Plaintext
upstream api {
|
|
server api:8080;
|
|
}
|
|
|
|
upstream api_bb {
|
|
server api_bb:8080;
|
|
}
|
|
|
|
|
|
server {
|
|
listen 80;
|
|
server_name yalarba.ru www.yalarba.ru valitovgaziz.ru www.valitovgaziz.ru easysite102.ru www.easysite102.ru begushiybashkir.ru xn--80abahjtcfl5d0a8di.xn--p1ai;
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
root /var/www/certbot;
|
|
}
|
|
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
location /uploads/ {
|
|
alias /uploads/;
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
try_files $uri =404;
|
|
}
|
|
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name yalarba.ru www.yalarba.ru;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/yalarba.ru/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/yalarba.ru/privkey.pem;
|
|
|
|
# Additional SSL settings
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
|
|
location / {
|
|
root /usr/share/nginx/yalarba/html;
|
|
index index.html;
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
# REST API
|
|
location /api/ {
|
|
proxy_pass http://api/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_connect_timeout 600;
|
|
proxy_send_timeout 600;
|
|
proxy_read_timeout 600;
|
|
}
|
|
}
|
|
|
|
# Остальные server блоки остаются без изменений...
|
|
server {
|
|
listen 443 ssl;
|
|
server_name valitovgaziz.ru www.valitovgaziz.ru;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/valitovgaziz.ru/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/valitovgaziz.ru/privkey.pem;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
|
|
location / {
|
|
root /usr/share/nginx/valitovgaziz/html;
|
|
index index.html;
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
# Проксирование для аналитики
|
|
location /api/analytics {
|
|
proxy_pass http://analytics:3000;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# CORS headers
|
|
add_header Access-Control-Allow-Origin "*" always;
|
|
add_header Access-Control-Allow-Methods "POST, GET, OPTIONS" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
|
|
# Handle preflight requests
|
|
if ($request_method = OPTIONS) {
|
|
return 204;
|
|
}
|
|
|
|
# Таймауты
|
|
proxy_connect_timeout 30s;
|
|
proxy_send_timeout 30s;
|
|
proxy_read_timeout 30s;
|
|
}
|
|
|
|
# Health check для аналитики
|
|
location /api/analytics/health {
|
|
proxy_pass http://analytics:3000/health;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# Статистика аналитики
|
|
location /api/analytics/stats {
|
|
proxy_pass http://analytics:3000/api/stats;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name easysite102.ru www.easysite102.ru;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/easysite102.ru/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/easysite102.ru/privkey.pem;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
|
|
location / {
|
|
proxy_pass http://easysite:3000;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_connect_timeout 600;
|
|
proxy_send_timeout 600;
|
|
proxy_read_timeout 600;
|
|
}
|
|
|
|
# Новый блок для API
|
|
location /api/ {
|
|
proxy_pass http://api_es:8081/api/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_connect_timeout 600;
|
|
proxy_send_timeout 600;
|
|
proxy_read_timeout 600;
|
|
|
|
# CORS headers
|
|
add_header Access-Control-Allow-Origin "*";
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
|
|
|
|
# Handle preflight requests
|
|
if ($request_method = OPTIONS) {
|
|
return 204;
|
|
}
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name xn--80abahjtcfl5d0a8di.xn--p1ai www.xn--80abahjtcfl5d0a8di.xn--p1ai;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/xn--80abahjtcfl5d0a8di.xn--p1ai/privkey.pem;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
|
|
location / {
|
|
root /usr/share/nginx/begushiybashkir/html;
|
|
index index.html;
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
location /api/ {
|
|
proxy_pass http://api_bb/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_connect_timeout 600;
|
|
proxy_send_timeout 600;
|
|
proxy_read_timeout 600;
|
|
}
|
|
|
|
location /uploads/ {
|
|
alias /uploads/;
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name begushiybashkir.ru www.begushiybashkir.ru;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/begushiybashkir.ru/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/begushiybashkir.ru/privkey.pem;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
|
|
|
location / {
|
|
root /usr/share/nginx/begushiybashkir/html;
|
|
index index.html;
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
|
|
location /api/ {
|
|
proxy_pass http://api_bb/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_connect_timeout 600;
|
|
proxy_send_timeout 600;
|
|
proxy_read_timeout 600;
|
|
}
|
|
|
|
location /uploads/ {
|
|
alias /uploads/;
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
} |