github.com/diadata-org/diadata@v1.4.593/config/nginx/conf.d/default.conf (about) 1 2 3 4 upstream app_api.diadata.org { 5 server restserver:8080; 6 } 7 8 server { 9 listen 80; 10 listen 443 ssl; 11 12 server_name localhost; 13 14 location / { 15 root /usr/share/nginx/coinhub; 16 } 17 18 location /hello { 19 alias /usr/share/nginx/html; 20 index index.html index.htm; 21 auth_basic "Restricted Content"; 22 auth_basic_user_file /run/secrets/htpassword; 23 } 24 25 26 #error_page 404 /404.html; 27 28 # redirect server error pages to the static page /50x.html 29 # 30 error_page 500 502 503 504 /50x.html; 31 location = /50x.html { 32 root /usr/share/nginx/html; 33 } 34 35 ssl_certificate /run/secrets/d2_diadata_ssl_certificate; 36 ssl_certificate_key /run/secrets/d2_diadata_ssl_certificate_key; 37 38 # Improve HTTPS performance with session resumption 39 ssl_session_cache shared:SSL:10m; 40 ssl_session_timeout 5m; 41 42 # Enable server-side protection against BEAST attacks 43 ssl_prefer_server_ciphers on; 44 ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; 45 46 # Disable SSLv3 47 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 48 49 # Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security) 50 add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; 51 52 53 54 location ~ ^/api(/?)(.*) { 55 proxy_set_header X-Real-IP $remote_addr; 56 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 57 proxy_set_header Host $http_host; 58 proxy_set_header X-NginX-Proxy true; 59 proxy_pass http://app_api.diadata.org/$2; 60 proxy_redirect off; 61 if ($request_method = 'OPTIONS') { 62 add_header 'Access-Control-Allow-Origin' '*'; 63 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 64 # 65 # Custom headers and headers various browsers *should* be OK with but aren't 66 # 67 add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 68 # 69 # Tell client that this pre-flight info is valid for 20 days 70 # 71 add_header 'Access-Control-Max-Age' 1728000; 72 add_header 'Content-Type' 'text/plain; charset=utf-8'; 73 add_header 'Content-Length' 0; 74 return 204; 75 } 76 if ($request_method = 'POST') { 77 add_header 'Access-Control-Allow-Origin' '*'; 78 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 79 add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 80 add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 81 } 82 if ($request_method = 'GET') { 83 add_header 'Access-Control-Allow-Origin' '*'; 84 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 85 add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 86 add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 87 } 88 } 89 90 91 92 93 94 } 95 96 97 server { 98 listen 0.0.0.0:80; 99 100 listen 443 ssl; 101 server_name api.diadata.org api-copy.diadata.org; 102 103 location / { 104 proxy_set_header X-Real-IP $remote_addr; 105 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 106 proxy_set_header Host $http_host; 107 proxy_set_header X-NginX-Proxy true; 108 proxy_pass http://app_api.diadata.org/; 109 proxy_redirect off; 110 if ($request_method = 'OPTIONS') { 111 add_header 'Access-Control-Allow-Origin' '*'; 112 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 113 # 114 # Custom headers and headers various browsers *should* be OK with but aren't 115 # 116 add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 117 # 118 # Tell client that this pre-flight info is valid for 20 days 119 # 120 add_header 'Access-Control-Max-Age' 1728000; 121 add_header 'Content-Type' 'text/plain; charset=utf-8'; 122 add_header 'Content-Length' 0; 123 return 204; 124 } 125 if ($request_method = 'POST') { 126 add_header 'Access-Control-Allow-Origin' '*'; 127 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 128 add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 129 add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 130 } 131 if ($request_method = 'GET') { 132 add_header 'Access-Control-Allow-Origin' '*'; 133 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; 134 add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; 135 add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range'; 136 } 137 } 138 139 ssl_certificate /run/secrets/api_diadata_ssl_certificate; 140 ssl_certificate_key /run/secrets/api_diadata_ssl_certificate_key; 141 142 # Improve HTTPS performance with session resumption 143 ssl_session_cache shared:SSL:10m; 144 ssl_session_timeout 5m; 145 146 # Enable server-side protection against BEAST attacks 147 ssl_prefer_server_ciphers on; 148 ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; 149 150 # Disable SSLv3 151 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 152 153 # Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security) 154 add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; 155 }