mirror of
https://github.com/caprover/caprover
synced 2025-12-13 23:05:34 +00:00
112 lines
2.9 KiB
Plaintext
112 lines
2.9 KiB
Plaintext
<%
|
|
if (s.forceSsl) {
|
|
%>
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name <%-s.publicDomain%>;
|
|
|
|
# Used by Lets Encrypt
|
|
location /.well-known/acme-challenge/ {
|
|
root <%-s.staticWebRoot%>;
|
|
}
|
|
|
|
# Used by CapRover for health check
|
|
location /.well-known/captain-identifier {
|
|
root <%-s.staticWebRoot%>;
|
|
}
|
|
|
|
location / {
|
|
return 302 https://$http_host$request_uri$is_args$query_string;
|
|
}
|
|
}
|
|
<%
|
|
}
|
|
%>
|
|
|
|
|
|
server {
|
|
|
|
<%
|
|
if (!s.forceSsl) {
|
|
%>
|
|
listen 80;
|
|
<%
|
|
}
|
|
if (s.hasSsl) {
|
|
%>
|
|
listen 443 ssl;
|
|
ssl_certificate <%-s.crtPath%>;
|
|
ssl_certificate_key <%-s.keyPath%>;
|
|
|
|
ssl_session_cache shared:SSL:20m;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_tickets off;
|
|
|
|
|
|
# Mozilla Intermediate configuration. tweak to your needs.
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
ssl_prefer_server_ciphers off;
|
|
<%
|
|
}
|
|
%>
|
|
|
|
client_max_body_size 500m;
|
|
|
|
server_name <%-s.publicDomain%>;
|
|
|
|
# 127.0.0.11 is DNS set up by Docker, see:
|
|
# https://docs.docker.com/engine/userguide/networking/configure-dns/
|
|
# https://github.com/moby/moby/issues/20026
|
|
resolver 127.0.0.11 valid=10s;
|
|
# IMPORTANT!! If you are here from an old thread to set a custom port, you do not need to modify this port manually here!!
|
|
# Simply change the Container HTTP Port from the dashboard HTTP panel
|
|
set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;
|
|
|
|
location / {
|
|
|
|
<%
|
|
if (s.httpBasicAuthPath) {
|
|
%>
|
|
auth_basic "Restricted Access";
|
|
auth_basic_user_file <%-s.httpBasicAuthPath%>;
|
|
<%
|
|
}
|
|
%>
|
|
|
|
proxy_pass $upstream;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
<%
|
|
if (s.websocketSupport) {
|
|
%>
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_http_version 1.1;
|
|
<%
|
|
}
|
|
%>
|
|
}
|
|
|
|
# Used by Lets Encrypt
|
|
location /.well-known/acme-challenge/ {
|
|
root <%-s.staticWebRoot%>;
|
|
}
|
|
|
|
# Used by CapRover for health check
|
|
location /.well-known/captain-identifier {
|
|
root <%-s.staticWebRoot%>;
|
|
}
|
|
|
|
error_page 502 /captain_502_custom_error_page.html;
|
|
location = /captain_502_custom_error_page.html {
|
|
root <%-s.customErrorPagesDirectory%>;
|
|
internal;
|
|
}
|
|
}
|