106 lines
3.0 KiB
Plaintext
106 lines
3.0 KiB
Plaintext
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
# configuration of fw.op.fo / frode klevstul / oct 2025
|
|
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
|
|
|
# sc.op.fo ➔ fw.op.fo
|
|
server {
|
|
listen 80;
|
|
server_name sc.op.fo;
|
|
return 301 https://fw.op.fo$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
http2 on;
|
|
|
|
ssl_certificate /etc/nginx/acme.sh/op.fo/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/acme.sh/op.fo/key.pem;
|
|
ssl_trusted_certificate /etc/nginx/acme.sh/op.fo/cert.pem;
|
|
|
|
server_name sc.op.fo;
|
|
return 301 https://fw.op.fo$request_uri;
|
|
}
|
|
|
|
# http to https
|
|
server {
|
|
listen 80;
|
|
server_name fw.op.fo;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
# upstream configuration for postgrest (used as reversed proxy)
|
|
upstream postgrest {
|
|
server localhost:3000;
|
|
}
|
|
|
|
# https
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
http2 on;
|
|
|
|
ssl_certificate /etc/nginx/acme.sh/op.fo/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/acme.sh/op.fo/key.pem;
|
|
ssl_trusted_certificate /etc/nginx/acme.sh/op.fo/cert.pem;
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
|
|
|
root /var/www/fw.op.fo;
|
|
index index.html;
|
|
server_name fw.op.fo;
|
|
|
|
location @myownredirect {
|
|
return 302 /;
|
|
}
|
|
|
|
# postgrest reverse proxy
|
|
location / {
|
|
error_page 404 = @myownredirect;
|
|
}
|
|
|
|
# debug url: /dbg/string
|
|
location ~ ^/dbg/(\w+) {
|
|
default_type application/json;
|
|
proxy_hide_header Content-Location;
|
|
add_header Content-Location /rpc/$upstream_http_content_location;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_http_version 1.1;
|
|
proxy_pass http://postgrest/rpc/fwd?p_shortcode=$1&p_dbg=true;
|
|
}
|
|
|
|
|
|
|
|
# https://stackoverflow.com/questions/53353572/proxy-pass-cannot-have-uri-part-in-location-given-by-regular-expression
|
|
|
|
location ~ ^/([A-Za-z0-9]+) {
|
|
# rewrite ^/([A-Za-z0-9]+) /rpc/fwd?p_shortcode=$1&p_dbg=true break;
|
|
rewrite ^/([A-Za-z0-9]+) /rpc/fwd break;
|
|
default_type application/json;
|
|
proxy_hide_header Content-Location;
|
|
add_header Content-Location /rpc/$upstream_http_content_location;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_http_version 1.1;
|
|
proxy_method POST;
|
|
proxy_set_body $args;
|
|
proxy_pass http://postgrest;
|
|
}
|
|
|
|
# normal mode: /shortcode
|
|
# location ~ ^/\w+ {
|
|
# #rewrite ^/your_endpoint(.*)$ /your_backend_endpoint?args=$args break;
|
|
# #rewrite ^ /your_backend_endpoint?args=$args break;
|
|
# default_type application/json;
|
|
# proxy_hide_header Content-Location;
|
|
# add_header Content-Location /rpc/$upstream_http_content_location;
|
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# proxy_http_version 1.1;
|
|
# proxy_method post;
|
|
## proxy_pass http://postgrest/rpc/fwd?args=$args;
|
|
## proxy_pass http://postgrest/rpc/fwd;
|
|
# proxy_pass http://postgrest;
|
|
# proxy_set_body $args;
|
|
# }
|
|
|
|
}
|