diff --git a/nginx.conf b/nginx.conf index c58a355d..ecd2cf33 100644 --- a/nginx.conf +++ b/nginx.conf @@ -13,145 +13,150 @@ upstream storefront_frontend { server { listen 443 ssl http2; server_name api.evibes.com; - ssl_certificate /etc/letsencrypt/live/evibes.com/fullchain.pem; + ssl_certificate /etc/letsencrypt/live/evibes.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/evibes.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - ssl_session_cache shared:SSL:10m; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - add_header X-Frame-Options SAMEORIGIN always; - add_header X-Content-Type-Options nosniff always; - add_header Referrer-Policy no-referrer-when-downgrade always; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-Content-Type-Options nosniff always; + add_header Referrer-Policy no-referrer-when-downgrade always; client_max_body_size 100M; location / { - proxy_pass http://django_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - proxy_send_timeout 300; + proxy_pass http://django_backend; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + proxy_send_timeout 300; } location /favicon.ico { - add_header Access-Control-Allow-Origin "*"; - root /var/jenkins/workspace/evibes/static; + add_header Access-Control-Allow-Origin "*"; + root /var/jenkins/workspace/evibes/static; } location = /robots.txt { - add_header Access-Control-Allow-Origin "*"; - alias /var/jenkins/workspace/evibes/static/robots_backend.txt; - default_type text/plain; + add_header Access-Control-Allow-Origin "*"; + alias /var/jenkins/workspace/evibes/static/robots_backend.txt; + default_type text/plain; + } + + location /static/ { + add_header Access-Control-Allow-Origin "*"; + root /var/jenkins/workspace/evibes; + } + + location /media/ { + add_header Access-Control-Allow-Origin "*"; + root /var/jenkins/workspace/evibes; } error_page 500 502 503 504 /maintenance.html; location = /maintenance.html { - add_header Access-Control-Allow-Origin "*"; - root /var/jenkins/workspace/evibes/static; - internal; + add_header Access-Control-Allow-Origin "*"; + root /var/jenkins/workspace/evibes/static; + internal; } } server { listen 443 ssl http2; server_name evibes.com www.evibes.com; - ssl_certificate /etc/letsencrypt/live/evibes.com/fullchain.pem; + ssl_certificate /etc/letsencrypt/live/evibes.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/evibes.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - ssl_session_cache shared:SSL:10m; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - add_header X-Frame-Options SAMEORIGIN always; - add_header X-Content-Type-Options nosniff always; - add_header Referrer-Policy no-referrer-when-downgrade always; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-Content-Type-Options nosniff always; + add_header Referrer-Policy no-referrer-when-downgrade always; location /favicon.ico { - add_header Access-Control-Allow-Origin "*"; - root /var/jenkins/workspace/evibes/static; + add_header Access-Control-Allow-Origin "*"; + root /var/jenkins/workspace/evibes/static; } location = /robots.txt { - add_header Access-Control-Allow-Origin "*"; - alias /var/jenkins/workspace/evibes/static/robots_frontend.txt; - default_type text/plain; + add_header Access-Control-Allow-Origin "*"; + alias /var/jenkins/workspace/evibes/static/robots_frontend.txt; + default_type text/plain; } location ~ ^/sitemap(?:-(?P
[a-z]+)(?:-(?P\d+))?)?\.xml$ { - proxy_pass http://django_backend$request_uri; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Accept "application/xml"; + proxy_pass http://django_backend$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Accept "application/xml"; } location / { - proxy_pass http://storefront_frontend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://storefront_frontend; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } location @maintenance { - return 503; + return 503; } error_page 503 404 500 502 504 /maintenance.html; location = /maintenance.html { - add_header Access-Control-Allow-Origin "*"; - root /var/jenkins/workspace/evibes/static; - internal; + add_header Access-Control-Allow-Origin "*"; + root /var/jenkins/workspace/evibes/static; + internal; } } server { listen 443 ssl http2; server_name prometheus.evibes.com; - ssl_certificate /etc/letsencrypt/live/evibes.com/fullchain.pem; + ssl_certificate /etc/letsencrypt/live/evibes.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/evibes.com/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - ssl_session_cache shared:SSL:10m; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - add_header X-Frame-Options SAMEORIGIN always; - add_header X-Content-Type-Options nosniff always; - add_header Referrer-Policy no-referrer-when-downgrade always; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-Content-Type-Options nosniff always; + add_header Referrer-Policy no-referrer-when-downgrade always; client_max_body_size 100M; location / { - proxy_pass http://prom_backend; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://prom_backend; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } location = /robots.txt { - add_header Access-Control-Allow-Origin "*"; - alias /var/jenkins/workspace/evibes/static/robots_backend.txt; - default_type text/plain; - } - - location /static/ { - add_header Access-Control-Allow-Origin "*"; - root /var/jenkins/workspace/evibes; + add_header Access-Control-Allow-Origin "*"; + alias /var/jenkins/workspace/evibes/static/robots_backend.txt; + default_type text/plain; } location /favicon.ico { - add_header Access-Control-Allow-Origin "*"; - root /var/jenkins/workspace/evibes/static; + add_header Access-Control-Allow-Origin "*"; + root /var/jenkins/workspace/evibes/static; } error_page 500 502 503 504 /maintenance.html; location = /maintenance.html { - add_header Access-Control-Allow-Origin "*"; - root /var/jenkins/workspace/evibes/static; - internal; + add_header Access-Control-Allow-Origin "*"; + root /var/jenkins/workspace/evibes/static; + internal; } }