From 4121c17cdbbd1ad1da3ecc4c9526dbbf7553670f Mon Sep 17 00:00:00 2001 From: Yasien Mac Mini Date: Fri, 16 May 2025 00:07:19 +0200 Subject: [PATCH] nginx ssl on --- nginx/nginx.conf | 444 +++++++++++++++++++++++------------------------ 1 file changed, 222 insertions(+), 222 deletions(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 98e50e51..9f2734d5 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -28,162 +28,162 @@ http { server_name app.mzansi-innovation-hub.co.za; - #Web App + # #Web App + # location / { + # proxy_pass http://MIH-UX:83/; + # } + + # location ~ /.well-known/acme-challenge/ { + # root /var/www/certbot; + # } + + return 301 https://app.mzansi-innovation-hub.co.za$request_uri; + } + + server { + listen 443 ssl; + http2 on; + # use the certificates + ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; + server_name app.mzansi-innovation-hub.co.za; + root /var/www/html; + index index.php index.html index.htm; + + # To allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # To disable buffering + proxy_buffering off; + proxy_request_buffering off; + + # Web App location / { proxy_pass http://MIH-UX:83/; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; - } - - # return 301 https://app.mzansi-innovation-hub.co.za$request_uri; + } } - # server { - # listen 443 ssl; - # http2 on; - # # use the certificates - # ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; - # ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; - # server_name app.mzansi-innovation-hub.co.za; - # root /var/www/html; - # index index.php index.html index.htm; - - # # To allow special characters in headers - # ignore_invalid_headers off; - # # Allow any size file to be uploaded. - # # Set to a value such as 1000m; to restrict file size to a specific value - # client_max_body_size 0; - # # To disable buffering - # proxy_buffering off; - # proxy_request_buffering off; - - # # Web App - # location / { - # proxy_pass http://MIH-UX:83/; - # } - - # location ~ /.well-known/acme-challenge/ { - # root /var/www/certbot; - # } - # } - #================API Server================ server { listen 80; server_name api.mzansi-innovation-hub.co.za; - #Fast API + # # #Web App + # location / { + # proxy_pass http://MIH-API-Hub:8080/; + # } + + # location ~ /.well-known/acme-challenge/ { + # root /var/www/certbot; + # } + + return 301 https://api.mzansi-innovation-hub.co.za$request_uri; + } + + server { + listen 443 ssl; + http2 on; + # use the certificates + ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; + server_name api.mzansi-innovation-hub.co.za; + root /var/www/html; + index index.php index.html index.htm; + + # To allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # To disable buffering + proxy_buffering off; + proxy_request_buffering off; + + # Web Api location / { - proxy_pass http://MIH-API-Hub:8080/; + proxy_pass http://MIH-API-Hub:80/; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } - - # return 301 https://api.mzansi-innovation-hub.co.za$request_uri; } - # server { - # listen 443 ssl; - # http2 on; - # # use the certificates - # ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; - # ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; - # server_name api.mzansi-innovation-hub.co.za; - # root /var/www/html; - # index index.php index.html index.htm; - - # # To allow special characters in headers - # ignore_invalid_headers off; - # # Allow any size file to be uploaded. - # # Set to a value such as 1000m; to restrict file size to a specific value - # client_max_body_size 0; - # # To disable buffering - # proxy_buffering off; - # proxy_request_buffering off; - - # # Web Api - # location / { - # proxy_pass http://MIH-API-Hub:80/; - # } - - # location ~ /.well-known/acme-challenge/ { - # root /var/www/certbot; - # } - # } - #================AI Server================ server { listen 80; server_name ai.mzansi-innovation-hub.co.za; - # #Web App + # # #Web App + # location / { + # proxy_pass http://MIH-API-Hub:8080/; + # } + + # location ~ /.well-known/acme-challenge/ { + # root /var/www/certbot; + # } + + return 301 https://ai.mzansi-innovation-hub.co.za$request_uri; + } + + server { + listen 443 ssl; + http2 on; + # use the certificates + ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; + server_name ai.mzansi-innovation-hub.co.za; + root /var/www/html; + index index.php index.html index.htm; + + # To allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # To disable buffering + proxy_buffering off; + proxy_request_buffering off; + + # Web Api location / { - proxy_pass http://MIH-API-Hub:8080/; + # Handle preflight OPTIONS requests + # if ($request_method = OPTIONS ) { + # # Add CORS headers for preflight request + # add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always; + # # add_header 'Access-Control-Allow-Credentials' 'true' always; + # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; + # add_header 'Access-Control-Allow-Headers' '*'; + # add_header 'Access-Control-Max-Age' 1728000; + # return 204; + # } + + # add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always; + # # add_header 'Access-Control-Allow-Credentials' 'true' always; + # # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always + # add_header 'Access-Control-Allow-Headers' '*'; + + + proxy_pass http://MIH-AI:11434/; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } - - # return 301 https://ai.mzansi-innovation-hub.co.za$request_uri; } - # server { - # listen 443 ssl; - # http2 on; - # # use the certificates - # ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; - # ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; - # server_name ai.mzansi-innovation-hub.co.za; - # root /var/www/html; - # index index.php index.html index.htm; - - # # To allow special characters in headers - # ignore_invalid_headers off; - # # Allow any size file to be uploaded. - # # Set to a value such as 1000m; to restrict file size to a specific value - # client_max_body_size 0; - # # To disable buffering - # proxy_buffering off; - # proxy_request_buffering off; - - # # Web Api - # location / { - # # Handle preflight OPTIONS requests - # # if ($request_method = OPTIONS ) { - # # # Add CORS headers for preflight request - # # add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always; - # # # add_header 'Access-Control-Allow-Credentials' 'true' always; - # # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; - # # add_header 'Access-Control-Allow-Headers' '*'; - # # add_header 'Access-Control-Max-Age' 1728000; - # # return 204; - # # } - - # # add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always; - # # # add_header 'Access-Control-Allow-Credentials' 'true' always; - # # # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always - # # add_header 'Access-Control-Allow-Headers' '*'; - - - # proxy_pass http://MIH-AI:11434/; - # # proxy_set_header Host $host; - # # proxy_set_header X-Real-IP $remote_addr; - # # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # # proxy_set_header X-Forwarded-Proto $scheme; - # } - - # location ~ /.well-known/acme-challenge/ { - # root /var/www/certbot; - # } - # } - #================Monitor Server================ server { @@ -191,7 +191,38 @@ http { server_name monitor.mzansi-innovation-hub.co.za; - # #Web App + # # #Web App + # location / { + # proxy_pass http://MIH-Monitor:9443/; + # } + + # location ~ /.well-known/acme-challenge/ { + # root /var/www/certbot; + # } + + return 301 https://monitor.mzansi-innovation-hub.co.za$request_uri; + } + + server { + listen 443 ssl; + http2 on; + # use the certificates + ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; + server_name monitor.mzansi-innovation-hub.co.za; + root /var/www/html; + index index.php index.html index.htm; + + # To allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # To disable buffering + proxy_buffering off; + proxy_request_buffering off; + + # Web Api location / { proxy_pass http://MIH-Monitor:9443/; } @@ -199,120 +230,89 @@ http { location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } - - # return 301 https://monitor.mzansi-innovation-hub.co.za$request_uri; } - # server { - # listen 443 ssl; - # http2 on; - # # use the certificates - # ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; - # ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; - # server_name monitor.mzansi-innovation-hub.co.za; - # root /var/www/html; - # index index.php index.html index.htm; - - # # To allow special characters in headers - # ignore_invalid_headers off; - # # Allow any size file to be uploaded. - # # Set to a value such as 1000m; to restrict file size to a specific value - # client_max_body_size 0; - # # To disable buffering - # proxy_buffering off; - # proxy_request_buffering off; - - # # Web Api - # location / { - # proxy_pass http://MIH-Monitor:9443/; - # } - - # location ~ /.well-known/acme-challenge/ { - # root /var/www/certbot; - # } - # } - #================File Server================ server { listen 80; server_name minio.mzansi-innovation-hub.co.za; - #Web App + # #Web App + # location / { + # proxy_pass https://minioAPI; + # } + + # location ~ /.well-known/acme-challenge/ { + # root /var/www/certbot; + # } + + return 301 https://minio.mzansi-innovation-hub.co.za$request_uri; + } + + server { + listen 443 ssl; + http2 on; + # use the certificates + ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; + server_name minio.mzansi-innovation-hub.co.za; + root /var/www/html; + index index.php index.html index.htm; + + # To allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # To disable buffering + proxy_buffering off; + proxy_request_buffering off; + + location / { - proxy_pass https://minioAPI; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; + + proxy_pass http://MIH-Minio:9000; # This uses the upstream directive definition to load balance + } + + location /minio/ui/ { + rewrite ^/minio/ui/(.*) /$1 break; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; + + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; + + proxy_connect_timeout 300; + + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # Uncomment the following line to set the Origin request to an empty string + proxy_set_header Origin ''; + + chunked_transfer_encoding off; + + proxy_pass http://MIH-Minio:9001; # This uses the upstream directive definition to load balance } location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } - - # return 301 https://minio.mzansi-innovation-hub.co.za$request_uri; } - - # server { - # listen 443 ssl; - # http2 on; - # # use the certificates - # ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem; - # ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem; - # server_name minio.mzansi-innovation-hub.co.za; - # root /var/www/html; - # index index.php index.html index.htm; - - # # To allow special characters in headers - # ignore_invalid_headers off; - # # Allow any size file to be uploaded. - # # Set to a value such as 1000m; to restrict file size to a specific value - # client_max_body_size 0; - # # To disable buffering - # proxy_buffering off; - # proxy_request_buffering off; - - - # location / { - # proxy_set_header Host $http_host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - - # proxy_connect_timeout 300; - # # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - # proxy_http_version 1.1; - # proxy_set_header Connection ""; - # chunked_transfer_encoding off; - - # proxy_pass http://MIH-Minio:9000; # This uses the upstream directive definition to load balance - # } - - # location /minio/ui/ { - # rewrite ^/minio/ui/(.*) /$1 break; - # proxy_set_header Host $http_host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # proxy_set_header X-NginX-Proxy true; - - # # This is necessary to pass the correct IP to be hashed - # real_ip_header X-Real-IP; - - # proxy_connect_timeout 300; - - # # To support websockets in MinIO versions released after January 2023 - # proxy_http_version 1.1; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection "upgrade"; - # # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) - # # Uncomment the following line to set the Origin request to an empty string - # proxy_set_header Origin ''; - - # chunked_transfer_encoding off; - - # proxy_pass http://MIH-Minio:9001; # This uses the upstream directive definition to load balance - # } - - # location ~ /.well-known/acme-challenge/ { - # root /var/www/certbot; - # } - # } } \ No newline at end of file