mirror of
https://github.com/caprover/caprover
synced 2025-10-30 10:07:01 +00:00
115 lines
3.1 KiB
Plaintext
115 lines
3.1 KiB
Plaintext
|
|
# Default catch-all page. e.g. if you enter SOME-RANDOM-CHARS.captainroot.domain.com
|
|
server {
|
|
|
|
# Catch all HTTP
|
|
listen 80;
|
|
|
|
# Catch all HTTPS
|
|
<%
|
|
if (captain.hasRootSsl) {
|
|
%>
|
|
listen 443 ssl;
|
|
ssl_certificate <%-captain.crtPath%>;
|
|
ssl_certificate_key <%-captain.keyPath%>;
|
|
<%
|
|
}
|
|
%>
|
|
|
|
server_name _;
|
|
|
|
location /nginx_status {
|
|
stub_status on;
|
|
|
|
access_log off;
|
|
allow 10.0.0.0/24; # This can be improved by adding authentication as well.
|
|
deny all;
|
|
}
|
|
|
|
location / {
|
|
root <%-captain.defaultHtmlDir%>;
|
|
index index.html index.htm;
|
|
}
|
|
|
|
error_page 404 /index.html;
|
|
error_page 500 502 503 504 /error_generic_catch_all.html;
|
|
}
|
|
|
|
|
|
# Captain dashboard at captain.captainroot.domain.com
|
|
server {
|
|
|
|
listen 80;
|
|
client_max_body_size 300m;
|
|
|
|
<%
|
|
if (captain.hasRootSsl) {
|
|
%>
|
|
listen 443 ssl;
|
|
ssl_certificate <%-captain.crtPath%>;
|
|
ssl_certificate_key <%-captain.keyPath%>;
|
|
<%
|
|
}
|
|
%>
|
|
|
|
server_name <%-captain.domain%>;
|
|
|
|
# 127.0.0.11 is DNS set up by Docker, see:
|
|
# https://docs.docker.com/engine/userguide/networking/configure-dns/
|
|
# https://github.com/moby/moby/issues/20026
|
|
resolver 127.0.0.11 valid=10s;
|
|
set $upstream http://<%-captain.serviceName%>:<%-captain.serviceExposedPort%>;
|
|
|
|
# IMPORTANT!! Except proxy_read_timeout, this block should be same as location /api/v2/user/apps/appData
|
|
location / {
|
|
proxy_pass $upstream;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
|
|
# temporary until build process becomes an asynchronous process
|
|
location /api/v2/user/apps/appData {
|
|
proxy_pass $upstream;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_read_timeout 120s;
|
|
}
|
|
|
|
# Used by Let's Encrypt and CapRover self health monitoring
|
|
location /.well-known/ {
|
|
root <%-captain.staticWebRoot%>;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
# Built-in Docker Registry at registry.captainroot.domain.com
|
|
# Port 80/443 is used by Let's Encrypt to support HTTPS
|
|
# But the Registry engine runs on port 996
|
|
server {
|
|
|
|
listen 80;
|
|
client_max_body_size 500m;
|
|
|
|
<%
|
|
if (registry.hasRootSsl) {
|
|
%>
|
|
listen 443 ssl;
|
|
ssl_certificate <%-registry.crtPath%>;
|
|
ssl_certificate_key <%-registry.keyPath%>;
|
|
<%
|
|
}
|
|
%>
|
|
|
|
server_name <%-registry.domain%>;
|
|
|
|
location / {
|
|
root <%-registry.staticWebRoot%>;
|
|
}
|
|
}
|