110swag / flashy-backend

Download as
Browse Code ยป

Commit 8fc000ea2a42149d6cd686e9707ac4684dfba23a

Authored by Andrew Buss
1 parent f53a10aaff
Exists in master

add splunk to nginx conf

Showing 1 changed file with 16 additions and 5 deletions Inline Diff

nginxconf/flashy.cards View file @ 8fc000e
upstream backend_production { 1 1 upstream backend_production {
# server unix:/tmp/flashy.sock; 2 2 # server unix:/tmp/flashy.sock;
server localhost:7002; 3 3 server localhost:7002;
} 4 4 }
5 5
upstream websocket_production { 6 6 upstream websocket_production {
server localhost:7001; 7 7 server localhost:7001;
} 8 8 }
9 9
server { 10 10 server {
11 11
server_name flashy.cards; 12 12 server_name flashy.cards;
listen 443 ssl; 13 13 listen 443 ssl;
14 14
15 15
location / { 16 16 location / {
root /srv/flashy.cards/; 17 17 root /srv/flashy.cards/;
index index.html /docs/_h5ai/server/php/index.php; 18 18 index index.html /docs/_h5ai/server/php/index.php;
location ~ \.php$ { 19 19 location ~ \.php$ {
try_files $uri =404; 20 20 try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock; 21 21 fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params; 22 22 include fastcgi_params;
} 23 23 }
} 24 24 }
25 25
location ^~ /static { 26 26 location ^~ /static {
root /srv/; 27 27 root /srv/;
access_log off; 28 28 access_log off;
expires 30d; 29 29 expires 30d;
} 30 30 }
31 31
location ^~ /app/ { 32 32 location ^~ /app/ {
alias /srv/flashy-frontend/; 33 33 alias /srv/flashy-frontend/;
try_files $uri /app/home.html; 34 34 try_files $uri /app/home.html;
} 35 35 }
36 36
location /ws/ { 37 37 location /ws/ {
proxy_http_version 1.1; 38 38 proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; 39 39 proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; 40 40 proxy_set_header Connection "upgrade";
proxy_pass http://websocket_production; 41 41 proxy_pass http://websocket_production;
} 42 42 }
43 43
location ~ /(api|admin|api-auth)/ { 44 44 location ~ /(api|admin|api-auth)/ {
add_header 'Access-Control-Allow-Origin' 'http://localhost'; 45 45 add_header 'Access-Control-Allow-Origin' 'http://localhost';
add_header 'Access-Control-Allow-Credentials' 'true'; 46 46 add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PATCH, PUT'; 47 47 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PATCH, PUT';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,Origin,Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-CSRFToken'; 48 48 add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,Origin,Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-CSRFToken';
proxy_pass http://backend_production; 49 49 proxy_pass http://backend_production;
proxy_redirect http://backend_production $scheme://flashy.cards; 50 50 proxy_redirect http://backend_production $scheme://flashy.cards;
proxy_set_header Host $host; 51 51 proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; 52 52 proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 53 53 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; 54 54 proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header REMOTE_ADDR $remote_addr; 55 55 proxy_set_header REMOTE_ADDR $remote_addr;
} 56 56 }
57 57
location ^~ /jenkins { 58 58 location ^~ /jenkins {
proxy_pass http://localhost:8080; 59 59 proxy_pass http://localhost:8080;
proxy_redirect http://localhost:8080 $scheme://flashy.cards; 60 60 proxy_redirect http://localhost:8080 $scheme://flashy.cards;
proxy_set_header Host $host; 61 61 proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; 62 62 proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 63 63 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; 64 64 proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90; 65 65 proxy_read_timeout 90;
} 66 66 }
67
68 location ^~ /splunk {
69 proxy_pass http://localhost:8000;
70 proxy_redirect http://localhost:8000 $scheme://flashy.cards;
71 proxy_set_header Host $host;
72 proxy_set_header X-Real-IP $remote_addr;
73 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
74 proxy_set_header X-Forwarded-Proto $scheme;
75 proxy_read_timeout 90;
76 }
77
ssl_certificate /etc/nginx/ssl/bundle.crt; 67 78 ssl_certificate /etc/nginx/ssl/bundle.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key; 68 79 ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 69 80 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; 70 81 ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on; 71 82 ssl_prefer_server_ciphers on;
keepalive_timeout 70; 72 83 keepalive_timeout 70;
ssl_session_cache shared:SSL:10m; 73 84 ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m; 74 85 ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=259200"; 75 86 add_header Strict-Transport-Security "max-age=259200";
} 76 87 }