yaso_meth/mih-project
2
4
Fork 2
Code Issues 8 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nginx ssl on

Browse Source
This commit is contained in:
Yasien Mac Mini
2025-05-16 00:07:19 +02:00
parent be47e07659
commit 4121c17cdb
1 changed files with 222 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

444
nginx/nginx.conf
View File

@@ -28,162 +28,162 @@ http {
server_name app.mzansi-innovation-hub.co.za;
#Web App
# #Web App
# location / {
# proxy_pass http://MIH-UX:83/;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
return 301 https://app.mzansi-innovation-hub.co.za$request_uri;
}
server {
listen 443 ssl;
http2 on;
# use the certificates
ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
server_name app.mzansi-innovation-hub.co.za;
root /var/www/html;
index index.php index.html index.htm;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
# Web App
location / {
proxy_pass http://MIH-UX:83/;
}
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# return 301 https://app.mzansi-innovation-hub.co.za$request_uri;
}
}
# server {
# listen 443 ssl;
# http2 on;
# # use the certificates
# ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
# server_name app.mzansi-innovation-hub.co.za;
# root /var/www/html;
# index index.php index.html index.htm;
# # To allow special characters in headers
# ignore_invalid_headers off;
# # Allow any size file to be uploaded.
# # Set to a value such as 1000m; to restrict file size to a specific value
# client_max_body_size 0;
# # To disable buffering
# proxy_buffering off;
# proxy_request_buffering off;
# # Web App
# location / {
# proxy_pass http://MIH-UX:83/;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
# }
#================API Server================
server {
listen 80;
server_name api.mzansi-innovation-hub.co.za;
#Fast API
# # #Web App
# location / {
# proxy_pass http://MIH-API-Hub:8080/;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
return 301 https://api.mzansi-innovation-hub.co.za$request_uri;
}
server {
listen 443 ssl;
http2 on;
# use the certificates
ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
server_name api.mzansi-innovation-hub.co.za;
root /var/www/html;
index index.php index.html index.htm;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
# Web Api
location / {
proxy_pass http://MIH-API-Hub:8080/;
proxy_pass http://MIH-API-Hub:80/;
}
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# return 301 https://api.mzansi-innovation-hub.co.za$request_uri;
}
# server {
# listen 443 ssl;
# http2 on;
# # use the certificates
# ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
# server_name api.mzansi-innovation-hub.co.za;
# root /var/www/html;
# index index.php index.html index.htm;
# # To allow special characters in headers
# ignore_invalid_headers off;
# # Allow any size file to be uploaded.
# # Set to a value such as 1000m; to restrict file size to a specific value
# client_max_body_size 0;
# # To disable buffering
# proxy_buffering off;
# proxy_request_buffering off;
# # Web Api
# location / {
# proxy_pass http://MIH-API-Hub:80/;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
# }
#================AI Server================
server {
listen 80;
server_name ai.mzansi-innovation-hub.co.za;
# #Web App
# # #Web App
# location / {
# proxy_pass http://MIH-API-Hub:8080/;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
return 301 https://ai.mzansi-innovation-hub.co.za$request_uri;
}
server {
listen 443 ssl;
http2 on;
# use the certificates
ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
server_name ai.mzansi-innovation-hub.co.za;
root /var/www/html;
index index.php index.html index.htm;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
# Web Api
location / {
proxy_pass http://MIH-API-Hub:8080/;
# Handle preflight OPTIONS requests
# if ($request_method = OPTIONS ) {
# # Add CORS headers for preflight request
# add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always;
# # add_header 'Access-Control-Allow-Credentials' 'true' always;
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
# add_header 'Access-Control-Allow-Headers' '*';
# add_header 'Access-Control-Max-Age' 1728000;
# return 204;
# }
# add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always;
# # add_header 'Access-Control-Allow-Credentials' 'true' always;
# # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always
# add_header 'Access-Control-Allow-Headers' '*';
proxy_pass http://MIH-AI:11434/;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# return 301 https://ai.mzansi-innovation-hub.co.za$request_uri;
}
# server {
# listen 443 ssl;
# http2 on;
# # use the certificates
# ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
# server_name ai.mzansi-innovation-hub.co.za;
# root /var/www/html;
# index index.php index.html index.htm;
# # To allow special characters in headers
# ignore_invalid_headers off;
# # Allow any size file to be uploaded.
# # Set to a value such as 1000m; to restrict file size to a specific value
# client_max_body_size 0;
# # To disable buffering
# proxy_buffering off;
# proxy_request_buffering off;
# # Web Api
# location / {
# # Handle preflight OPTIONS requests
# # if ($request_method = OPTIONS ) {
# # # Add CORS headers for preflight request
# # add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always;
# # # add_header 'Access-Control-Allow-Credentials' 'true' always;
# # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
# # add_header 'Access-Control-Allow-Headers' '*';
# # add_header 'Access-Control-Max-Age' 1728000;
# # return 204;
# # }
# # add_header 'Access-Control-Allow-Origin' 'https://app.mzansi-innovation-hub.co.za' always;
# # # add_header 'Access-Control-Allow-Credentials' 'true' always;
# # # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always
# # add_header 'Access-Control-Allow-Headers' '*';
# proxy_pass http://MIH-AI:11434/;
# # proxy_set_header Host $host;
# # proxy_set_header X-Real-IP $remote_addr;
# # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# # proxy_set_header X-Forwarded-Proto $scheme;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
# }
#================Monitor Server================
server {
@@ -191,7 +191,38 @@ http {
server_name monitor.mzansi-innovation-hub.co.za;
# #Web App
# # #Web App
# location / {
# proxy_pass http://MIH-Monitor:9443/;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
return 301 https://monitor.mzansi-innovation-hub.co.za$request_uri;
}
server {
listen 443 ssl;
http2 on;
# use the certificates
ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
server_name monitor.mzansi-innovation-hub.co.za;
root /var/www/html;
index index.php index.html index.htm;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
# Web Api
location / {
proxy_pass http://MIH-Monitor:9443/;
}
@@ -199,120 +230,89 @@ http {
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# return 301 https://monitor.mzansi-innovation-hub.co.za$request_uri;
}
# server {
# listen 443 ssl;
# http2 on;
# # use the certificates
# ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
# server_name monitor.mzansi-innovation-hub.co.za;
# root /var/www/html;
# index index.php index.html index.htm;
# # To allow special characters in headers
# ignore_invalid_headers off;
# # Allow any size file to be uploaded.
# # Set to a value such as 1000m; to restrict file size to a specific value
# client_max_body_size 0;
# # To disable buffering
# proxy_buffering off;
# proxy_request_buffering off;
# # Web Api
# location / {
# proxy_pass http://MIH-Monitor:9443/;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
# }
#================File Server================
server {
listen 80;
server_name minio.mzansi-innovation-hub.co.za;
#Web App
# #Web App
# location / {
# proxy_pass https://minioAPI;
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
return 301 https://minio.mzansi-innovation-hub.co.za$request_uri;
}
server {
listen 443 ssl;
http2 on;
# use the certificates
ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
server_name minio.mzansi-innovation-hub.co.za;
root /var/www/html;
index index.php index.html index.htm;
# To allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# To disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_pass https://minioAPI;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://MIH-Minio:9000; # This uses the upstream directive definition to load balance
}
location /minio/ui/ {
rewrite ^/minio/ui/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
proxy_set_header Origin '';
chunked_transfer_encoding off;
proxy_pass http://MIH-Minio:9001; # This uses the upstream directive definition to load balance
}
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# return 301 https://minio.mzansi-innovation-hub.co.za$request_uri;
}
# server {
# listen 443 ssl;
# http2 on;
# # use the certificates
# ssl_certificate /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/app.mzansi-innovation-hub.co.za/privkey.pem;
# server_name minio.mzansi-innovation-hub.co.za;
# root /var/www/html;
# index index.php index.html index.htm;
# # To allow special characters in headers
# ignore_invalid_headers off;
# # Allow any size file to be uploaded.
# # Set to a value such as 1000m; to restrict file size to a specific value
# client_max_body_size 0;
# # To disable buffering
# proxy_buffering off;
# proxy_request_buffering off;
# location / {
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_connect_timeout 300;
# # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# chunked_transfer_encoding off;
# proxy_pass http://MIH-Minio:9000; # This uses the upstream directive definition to load balance
# }
# location /minio/ui/ {
# rewrite ^/minio/ui/(.*) /$1 break;
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-NginX-Proxy true;
# # This is necessary to pass the correct IP to be hashed
# real_ip_header X-Real-IP;
# proxy_connect_timeout 300;
# # To support websockets in MinIO versions released after January 2023
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# # Uncomment the following line to set the Origin request to an empty string
# proxy_set_header Origin '';
# chunked_transfer_encoding off;
# proxy_pass http://MIH-Minio:9001; # This uses the upstream directive definition to load balance
# }
# location ~ /.well-known/acme-challenge/ {
# root /var/www/certbot;
# }
# }
}