63 lines
1.9 KiB
Plaintext
63 lines
1.9 KiB
Plaintext
# HTTP server configuration
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name ${NGINX_HOST};
|
|
|
|
# Redirect all incoming requests to HTTPS
|
|
return 301 https://$host:${NGINX_HTTPS_PORT}$request_uri;
|
|
}
|
|
|
|
# HTTPS server configuration
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
server_name ${NGINX_HOST};
|
|
|
|
# SSL settings
|
|
ssl_certificate ${SSL_CERT_PATH};
|
|
ssl_certificate_key ${SSL_CERT_KEY_PATH};
|
|
|
|
# Optional: SSL session settings and ciphers (adjust as required)
|
|
# ssl_session_cache shared:SSL:10m;
|
|
# ssl_session_timeout 10m;
|
|
# ssl_ciphers HIGH:!aNULL:!MD5;
|
|
# ssl_prefer_server_ciphers on;
|
|
|
|
location /api/ {
|
|
proxy_pass http://${NGINX_INTERNAL_HOST}:${API_PORT}/api/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
location /minio/ {
|
|
proxy_pass http://${NGINX_INTERNAL_HOST}:${MINIO_INTERNAL_PORT}/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# Serve static files if they exist, otherwise proxy to the UI backend
|
|
location / {
|
|
root ${UI_ROOT};
|
|
try_files $uri /index.html @ui_backend;
|
|
}
|
|
|
|
# Fallback to proxying for UI requests
|
|
location @ui_backend {
|
|
proxy_pass http://${NGINX_INTERNAL_HOST}:${UI_PORT};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
}
|