135 lines
3.2 KiB
Nginx Configuration File
135 lines
3.2 KiB
Nginx Configuration File
user www-data;
|
|
worker_processes 4;
|
|
|
|
error_log /var/log/nginx/error.log;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 4096;
|
|
use epoll;
|
|
}
|
|
|
|
http {
|
|
sendfile on;
|
|
proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=staticfilecache:180m max_size=500m;
|
|
|
|
upstream frontends {
|
|
# Add main .com handling frontends here
|
|
ip_hash;
|
|
}
|
|
upstream pro_frontends {
|
|
# Add subdomain handling frondends here
|
|
ip_hash;
|
|
}
|
|
|
|
map $host $pro_or_main {
|
|
default frontends;
|
|
~\d+comet\.hackpad\.com frontends;
|
|
~[a-zA-Z0-9]+\.hackpad\.com pro_frontends;
|
|
}
|
|
|
|
map $host $pro_or_main_header {
|
|
default "Main";
|
|
~\d+comet\.hackpad\.com "Main";
|
|
~[a-zA-Z0-9]+\.hackpad\.com "Pro";
|
|
}
|
|
|
|
proxy_pass_header Server;
|
|
proxy_set_header Host $http_host;
|
|
proxy_redirect off;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Scheme $scheme;
|
|
|
|
log_format timed_combined '$remote_addr - $remote_user [$time_local] '
|
|
'"$request" $status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent" '
|
|
'$request_time $upstream_response_time $pipe';
|
|
access_log /var/log/nginx/access.log timed_combined;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
ssl_ciphers ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:RC4:HIGH:!aNULL:!MD5:!kEDH;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_certificate /home/ubuntu/hackpad_combined.crt;
|
|
ssl_certificate_key /home/ubuntu/hackpad.com.key;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 15m;
|
|
keepalive_timeout 140;
|
|
|
|
server {
|
|
listen 80;
|
|
listen 443 ssl;
|
|
server_name www.hackpad.com;
|
|
rewrite ^(.*) https://hackpad.com$1 permanent;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name .hackpad.com;
|
|
rewrite ^(.*) https://$host$1 permanent;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl default_server;
|
|
server_name .hackpad.com;
|
|
add_header Strict-Transport-Security "max-age=31557600; includeSubdomains;" ;
|
|
add_header X-Hackpad-Server-Id $pro_or_main_header;
|
|
|
|
error_page 502 = /502.html;
|
|
location /502.html {
|
|
root /home/ubuntu/pad/etherpad/src/static;
|
|
}
|
|
|
|
location /solr {
|
|
deny all;
|
|
}
|
|
|
|
location /static/compressed {
|
|
proxy_pass http://$pro_or_main;
|
|
proxy_cache staticfilecache;
|
|
}
|
|
|
|
location /ep/api/spaces-info {
|
|
proxy_pass http://pro_frontends;
|
|
}
|
|
location /ep/api/accounts-info-pro {
|
|
proxy_pass http://pro_frontends;
|
|
}
|
|
location /ep/api/accounts-info-main {
|
|
proxy_pass http://frontends;
|
|
}
|
|
|
|
location /comet {
|
|
proxy_buffering off;
|
|
proxy_pass http://$pro_or_main;
|
|
}
|
|
|
|
location = / {
|
|
if ($http_cookie ~* ES2|PUAS2|PUAS3) {
|
|
set $cookie_nocache 1;
|
|
add_header X-No-Cache ON;
|
|
}
|
|
if ($host ~* .hackpad\.com) {
|
|
set $cookie_nocache 1;
|
|
add_header X-No-Cache ON;
|
|
}
|
|
proxy_cache staticfilecache;
|
|
proxy_cache_valid 60s;
|
|
proxy_no_cache $cookie_nocache;
|
|
proxy_cache_bypass $cookie_nocache;
|
|
proxy_pass http://$pro_or_main;
|
|
}
|
|
|
|
location / {
|
|
if ($http_user_agent ~ (Thunderbird) ) {
|
|
return 403;
|
|
}
|
|
if ($host ~* .*[0-9]+comet\.hackpad\.com) {
|
|
return 404;
|
|
}
|
|
|
|
proxy_pass http://$pro_or_main;
|
|
}
|
|
}
|
|
}
|