diff --git a/docker-compose.yml b/docker-compose.yml index 60393ee7..fd50b64d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -110,7 +110,7 @@ services: - certbotConf:/etc/letsencrypt - certbotChall:/var/www/certbot #command: certonly --test-cert --webroot -w /var/www/certbot --force-renewal --email yasienmeth@gmail.com -d mzansi-innovation-hub.co.za -d www.mzansi-innovation-hub.co.za --agree-tos - command: certonly --webroot -w /var/www/certbot --force-renewal --email yasienmeth@gmail.com -d mzansi-innovation-hub.co.za -d app.mzansi-innovation-hub.co.za -d api.mzansi-innovation-hub.co.za --agree-tos + command: certonly --webroot -w /var/www/certbot --force-renewal --email yasienmeth@gmail.com -d mzansi-innovation-hub.co.za -d app.mzansi-innovation-hub.co.za -d api.mzansi-innovation-hub.co.za -d minio.mzansi-innovation-hub.co.za --agree-tos networks: - MIH-network depends_on: diff --git a/nginx/nginx copy b/nginx/nginx copy deleted file mode 100644 index ee6a5036..00000000 --- a/nginx/nginx copy +++ /dev/null @@ -1,144 +0,0 @@ -events { - worker_connections 1024; -} - - -http { - server_tokens off; - charset utf-8; - - upstream minioUI { - least_conn; - server minio:9001; - } - - upstream minioAPI { - least_conn; - server minio:9000; - } - - # always redirect to https - server { - listen 80 default_server; - - server_name _; - - return 301 https://$host$request_uri; - } - - server { - listen 443 ssl; - http2 on; - # use the certificates - ssl_certificate /etc/letsencrypt/live/mzansi-innovation-hub.co.za/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/mzansi-innovation-hub.co.za/privkey.pem; - server_name mzansi-innovation-hub.co.za; - root /var/www/html; - index index.php index.html index.htm; - - # To allow special characters in headers - ignore_invalid_headers off; - # Allow any size file to be uploaded. - # Set to a value such as 1000m; to restrict file size to a specific value - client_max_body_size 0; - # To disable buffering - proxy_buffering off; - proxy_request_buffering off; - - # Web App - location / { - proxy_pass http://MIH-UX:83/; - } - - # API Hub - location /api/ { - proxy_pass http://MIH-API-Hub:8080/; - } - - # phpadmin Dashboard - location /phpmyadmin/ { - proxy_pass http://MIH-phpmyadmin:8081; - } - - # SuperTokens Dashboard - location /supertokens/ { - proxy_pass http://MIH-API-Hub:8080/auth/dashboard/; - } - - #Minio storage - location /files/ui/ { - rewrite ^/minio/ui/(.*) /$1 break; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-NginX-Proxy true; - - # This is necessary to pass the correct IP to be hashed - real_ip_header X-Real-IP; - - proxy_connect_timeout 300; - - # To support websockets in MinIO versions released after January 2023 - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) - # Uncomment the following line to set the Origin request to an empty string - # proxy_set_header Origin ''; - - chunked_transfer_encoding off; - - proxy_pass http://minioUI/; - } - - #Minio storage API - location /files/ { - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; - - proxy_pass http://minioAPI/; - } - - # location /phpmyadmin/ { - # proxy_pass http://192.168.1.69:8081/; - # } - - location ~ /.well-known/acme-challenge/ { - root /var/www/certbot; - } - } -} - -# events { -# worker_connections 1024; -# } - -# http { -# server_tokens off; -# charset utf-8; - -# # always redirect to https -# server { -# listen 80 default_server; - -# server_name mzansi-innovation-hub.co.za www.mzansi-innovation-hub.co.za; - -# location / { -# proxy_pass http://MIH-UX:83/; -# } -# location ~ /.well-known/acme-challenge/ { -# root /var/www/certbot; -# } - -# # return 301 https://$host$request_uri; -# } -# } diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 0a996965..08e95d10 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -113,66 +113,87 @@ http { root /var/www/certbot; } } -} -# # API Hub - # location /api/ { + server { + listen 80; + + server_name minio.mzansi-innovation-hub.co.za; + + # #Web App + # location / { # proxy_pass http://MIH-API-Hub:8080/; # } - # # phpadmin Dashboard - # location /phpmyadmin/ { - # proxy_pass http://MIH-phpmyadmin:8081; - # } + # location ~ /.well-known/acme-challenge/ { + # root /var/www/certbot; + # } + + return 301 https://minio.mzansi-innovation-hub.co.za$request_uri; + } + + server { + listen 443 ssl; + http2 on; + # use the certificates + ssl_certificate /etc/letsencrypt/live/mzansi-innovation-hub.co.za-0002/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mzansi-innovation-hub.co.za-0002/privkey.pem; + server_name minio.mzansi-innovation-hub.co.za; + root /var/www/html; + index index.php index.html index.htm; + + # To allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # To disable buffering + proxy_buffering off; + proxy_request_buffering off; + - # # SuperTokens Dashboard - # location /supertokens/ { - # proxy_pass http://MIH-API-Hub:8080/auth/dashboard/; - # } + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; - # #Minio storage - # location /files/ui/ { - # rewrite ^/minio/ui/(.*) /$1 break; - # proxy_set_header Host $http_host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - # proxy_set_header X-NginX-Proxy true; + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; - # # This is necessary to pass the correct IP to be hashed - # real_ip_header X-Real-IP; + proxy_pass https://minioAPI; # This uses the upstream directive definition to load balance + } - # proxy_connect_timeout 300; + location /minio/ui/ { + rewrite ^/minio/ui/(.*) /$1 break; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; - # # To support websockets in MinIO versions released after January 2023 - # proxy_http_version 1.1; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection "upgrade"; - # # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) - # # Uncomment the following line to set the Origin request to an empty string - # # proxy_set_header Origin ''; + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; - # chunked_transfer_encoding off; + proxy_connect_timeout 300; - # proxy_pass http://minioUI/; - # } + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # Uncomment the following line to set the Origin request to an empty string + # proxy_set_header Origin ''; - # #Minio storage API - # location /files/ { - # proxy_set_header Host $http_host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; + chunked_transfer_encoding off; - # proxy_connect_timeout 300; - # # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - # proxy_http_version 1.1; - # proxy_set_header Connection ""; - # chunked_transfer_encoding off; + proxy_pass https://minioUI; # This uses the upstream directive definition to load balance + } - # proxy_pass http://minioAPI/; - # } - - # location /phpmyadmin/ { - # proxy_pass http://192.168.1.69:8081/; - # } \ No newline at end of file + location ~ /.well-known/acme-challenge/ { + root /var/www/certbot; + } + } +} \ No newline at end of file