From 106fb8813f44b004cb608ca406eaa6fb04de80c3 Mon Sep 17 00:00:00 2001 From: yaso-meth Date: Wed, 24 Jul 2024 14:01:00 +0200 Subject: [PATCH] nginx with subdomain --- backend/main.py | 3 +- nginx/nginx copy | 144 ++++++++++++++++++++++++++++++++++++++ nginx/nginx.conf | 179 +++++++++++++++++++++++++---------------------- 3 files changed, 240 insertions(+), 86 deletions(-) create mode 100644 nginx/nginx copy diff --git a/backend/main.py b/backend/main.py index e3da601a..bd79c6a6 100644 --- a/backend/main.py +++ b/backend/main.py @@ -24,8 +24,7 @@ origins = [ "http://localhost:8080", "http://MIH-API-Hub:80", "http://MIH-API-Hub", - "http://mzansi-innovation-hub.co.za", - "http://mzansi-innovation-hub.co.za/api/", + "http://api.mzansi-innovation-hub.co.za", "*", ] diff --git a/nginx/nginx copy b/nginx/nginx copy new file mode 100644 index 00000000..ee6a5036 --- /dev/null +++ b/nginx/nginx copy @@ -0,0 +1,144 @@ +events { + worker_connections 1024; +} + + +http { + server_tokens off; + charset utf-8; + + upstream minioUI { + least_conn; + server minio:9001; + } + + upstream minioAPI { + least_conn; + server minio:9000; + } + + # always redirect to https + server { + listen 80 default_server; + + server_name _; + + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + http2 on; + # use the certificates + ssl_certificate /etc/letsencrypt/live/mzansi-innovation-hub.co.za/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mzansi-innovation-hub.co.za/privkey.pem; + server_name mzansi-innovation-hub.co.za; + root /var/www/html; + index index.php index.html index.htm; + + # To allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # To disable buffering + proxy_buffering off; + proxy_request_buffering off; + + # Web App + location / { + proxy_pass http://MIH-UX:83/; + } + + # API Hub + location /api/ { + proxy_pass http://MIH-API-Hub:8080/; + } + + # phpadmin Dashboard + location /phpmyadmin/ { + proxy_pass http://MIH-phpmyadmin:8081; + } + + # SuperTokens Dashboard + location /supertokens/ { + proxy_pass http://MIH-API-Hub:8080/auth/dashboard/; + } + + #Minio storage + location /files/ui/ { + rewrite ^/minio/ui/(.*) /$1 break; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; + + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; + + proxy_connect_timeout 300; + + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # Uncomment the following line to set the Origin request to an empty string + # proxy_set_header Origin ''; + + chunked_transfer_encoding off; + + proxy_pass http://minioUI/; + } + + #Minio storage API + location /files/ { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; + + proxy_pass http://minioAPI/; + } + + # location /phpmyadmin/ { + # proxy_pass http://192.168.1.69:8081/; + # } + + location ~ /.well-known/acme-challenge/ { + root /var/www/certbot; + } + } +} + +# events { +# worker_connections 1024; +# } + +# http { +# server_tokens off; +# charset utf-8; + +# # always redirect to https +# server { +# listen 80 default_server; + +# server_name mzansi-innovation-hub.co.za www.mzansi-innovation-hub.co.za; + +# location / { +# proxy_pass http://MIH-UX:83/; +# } +# location ~ /.well-known/acme-challenge/ { +# root /var/www/certbot; +# } + +# # return 301 https://$host$request_uri; +# } +# } diff --git a/nginx/nginx.conf b/nginx/nginx.conf index ee6a5036..f570dff6 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -17,13 +17,12 @@ http { server minio:9000; } - # always redirect to https server { - listen 80 default_server; + listen 80; - server_name _; + server_name app.mzansi-innovation-hub.co.za; - return 301 https://$host$request_uri; + return 301 https://app.mzansi-innovation-hub.co.za$request_uri; } server { @@ -32,7 +31,7 @@ http { # use the certificates ssl_certificate /etc/letsencrypt/live/mzansi-innovation-hub.co.za/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mzansi-innovation-hub.co.za/privkey.pem; - server_name mzansi-innovation-hub.co.za; + server_name app.mzansi-innovation-hub.co.za; root /var/www/html; index index.php index.html index.htm; @@ -50,95 +49,107 @@ http { proxy_pass http://MIH-UX:83/; } - # API Hub - location /api/ { + location ~ /.well-known/acme-challenge/ { + root /var/www/certbot; + } + } + + server { + listen 80; + + server_name api.mzansi-innovation-hub.co.za; + + return 301 https://api.mzansi-innovation-hub.co.za$request_uri; + } + + server { + listen 443 ssl; + http2 on; + # use the certificates + ssl_certificate /etc/letsencrypt/live/mzansi-innovation-hub.co.za/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mzansi-innovation-hub.co.za/privkey.pem; + server_name api.mzansi-innovation-hub.co.za; + root /var/www/html; + index index.php index.html index.htm; + + # To allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # To disable buffering + proxy_buffering off; + proxy_request_buffering off; + + # Web App + location / { proxy_pass http://MIH-API-Hub:8080/; } - # phpadmin Dashboard - location /phpmyadmin/ { - proxy_pass http://MIH-phpmyadmin:8081; - } - - # SuperTokens Dashboard - location /supertokens/ { - proxy_pass http://MIH-API-Hub:8080/auth/dashboard/; - } - - #Minio storage - location /files/ui/ { - rewrite ^/minio/ui/(.*) /$1 break; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-NginX-Proxy true; - - # This is necessary to pass the correct IP to be hashed - real_ip_header X-Real-IP; - - proxy_connect_timeout 300; - - # To support websockets in MinIO versions released after January 2023 - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) - # Uncomment the following line to set the Origin request to an empty string - # proxy_set_header Origin ''; - - chunked_transfer_encoding off; - - proxy_pass http://minioUI/; - } - - #Minio storage API - location /files/ { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; - - proxy_pass http://minioAPI/; - } - - # location /phpmyadmin/ { - # proxy_pass http://192.168.1.69:8081/; - # } - location ~ /.well-known/acme-challenge/ { root /var/www/certbot; - } + } } } -# events { -# worker_connections 1024; -# } +# # API Hub + # location /api/ { + # proxy_pass http://MIH-API-Hub:8080/; + # } -# http { -# server_tokens off; -# charset utf-8; + # # phpadmin Dashboard + # location /phpmyadmin/ { + # proxy_pass http://MIH-phpmyadmin:8081; + # } + + # # SuperTokens Dashboard + # location /supertokens/ { + # proxy_pass http://MIH-API-Hub:8080/auth/dashboard/; + # } -# # always redirect to https -# server { -# listen 80 default_server; + # #Minio storage + # location /files/ui/ { + # rewrite ^/minio/ui/(.*) /$1 break; + # proxy_set_header Host $http_host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_set_header X-NginX-Proxy true; -# server_name mzansi-innovation-hub.co.za www.mzansi-innovation-hub.co.za; + # # This is necessary to pass the correct IP to be hashed + # real_ip_header X-Real-IP; -# location / { -# proxy_pass http://MIH-UX:83/; -# } -# location ~ /.well-known/acme-challenge/ { -# root /var/www/certbot; -# } + # proxy_connect_timeout 300; -# # return 301 https://$host$request_uri; -# } -# } + # # To support websockets in MinIO versions released after January 2023 + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "upgrade"; + # # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # # Uncomment the following line to set the Origin request to an empty string + # # proxy_set_header Origin ''; + + # chunked_transfer_encoding off; + + # proxy_pass http://minioUI/; + # } + + # #Minio storage API + # location /files/ { + # proxy_set_header Host $http_host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + + # proxy_connect_timeout 300; + # # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + # proxy_http_version 1.1; + # proxy_set_header Connection ""; + # chunked_transfer_encoding off; + + # proxy_pass http://minioAPI/; + # } + + # location /phpmyadmin/ { + # proxy_pass http://192.168.1.69:8081/; + # } \ No newline at end of file