mirror of
https://github.com/caprover/caprover
synced 2025-10-30 01:57:03 +00:00
47a5d8fa19
Continues on https://github.com/caprover/caprover/pull/2220 . Currently nginx cannot forward traffic to admin/3000 port (is using the one defined in configs.adminPortNumber3000).
149 lines
3.7 KiB
Plaintext
149 lines
3.7 KiB
Plaintext
|
|
# Default catch-all page. e.g. if you enter SOME-RANDOM-CHARS.captainroot.domain.com
|
|
server {
|
|
|
|
# Catch all HTTP
|
|
listen 80;
|
|
|
|
# Catch all HTTPS
|
|
listen 443 ssl;
|
|
ssl_certificate <%-fake.crtPath%>;
|
|
ssl_certificate_key <%-fake.keyPath%>;
|
|
|
|
server_name _;
|
|
|
|
location /nginx_status {
|
|
stub_status on;
|
|
|
|
access_log off;
|
|
|
|
# This can be improved by adding authentication as well.
|
|
# CIDR Range IPs:
|
|
allow 172.16.0.0/12;
|
|
allow 10.0.0.0/8;
|
|
allow 192.168.0.0/16;
|
|
|
|
deny all;
|
|
}
|
|
|
|
location / {
|
|
root <%-captain.defaultHtmlDir%>;
|
|
index index.html index.htm;
|
|
}
|
|
|
|
error_page 404 /index.html;
|
|
error_page 500 502 503 504 /error_generic_catch_all.html;
|
|
}
|
|
|
|
|
|
# Captain dashboard at captain.captainroot.domain.com
|
|
server {
|
|
|
|
listen 80;
|
|
client_max_body_size 300m;
|
|
|
|
gzip on;
|
|
gzip_disable "MSIE [1-6]\.";
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_min_length 16000;
|
|
gzip_buffers 16 8k;
|
|
gzip_types
|
|
text/css
|
|
text/plain
|
|
text/javascript
|
|
application/javascript
|
|
application/json
|
|
application/x-javascript
|
|
application/xml
|
|
application/xml+rss
|
|
application/xhtml+xml
|
|
application/x-font-ttf
|
|
application/x-font-opentype
|
|
application/vnd.ms-fontobject
|
|
image/svg+xml
|
|
image/x-icon
|
|
application/rss+xml
|
|
application/atom_xml;
|
|
|
|
|
|
|
|
<%
|
|
if (captain.hasRootSsl) {
|
|
%>
|
|
listen 443 ssl;
|
|
ssl_certificate <%-captain.crtPath%>;
|
|
ssl_certificate_key <%-captain.keyPath%>;
|
|
|
|
<%
|
|
}
|
|
%>
|
|
|
|
server_name <%-captain.domain%>;
|
|
|
|
# 127.0.0.11 is DNS set up by Docker, see:
|
|
# https://docs.docker.com/engine/userguide/networking/configure-dns/
|
|
# https://github.com/moby/moby/issues/20026
|
|
resolver 127.0.0.11 valid=10s;
|
|
set $upstream http://<%-captain.serviceName%>:<%-captain.serviceContainerPort3000%>;
|
|
|
|
# IMPORTANT!! Except proxy_read_timeout, this block should be same as location /api/v2/user/apps/appData
|
|
location / {
|
|
proxy_pass $upstream;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# temporary until build process becomes an asynchronous process
|
|
location /api/v2/user/apps/appData {
|
|
proxy_pass $upstream;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_read_timeout 120s;
|
|
}
|
|
|
|
# Used by Lets Encrypt
|
|
location /.well-known/acme-challenge/ {
|
|
root <%-captain.staticWebRoot%>;
|
|
}
|
|
|
|
# Used by CapRover for health check
|
|
location /.well-known/captain-identifier {
|
|
root <%-captain.staticWebRoot%>;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
# Built-in Docker Registry at registry.captainroot.domain.com
|
|
# Port 80/443 is used by Let's Encrypt to support HTTPS
|
|
# But the Registry engine runs on port 996
|
|
server {
|
|
|
|
listen 80;
|
|
client_max_body_size 500m;
|
|
|
|
<%
|
|
if (registry.hasRootSsl) {
|
|
%>
|
|
listen 443 ssl;
|
|
ssl_certificate <%-registry.crtPath%>;
|
|
ssl_certificate_key <%-registry.keyPath%>;
|
|
<%
|
|
}
|
|
%>
|
|
|
|
server_name <%-registry.domain%>;
|
|
|
|
location / {
|
|
root <%-registry.staticWebRoot%>;
|
|
}
|
|
}
|