From b7695ae3e2c778b9c9bab15e55d013fd38a43806 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20Dudr?= Date: Fri, 21 Apr 2023 08:29:53 +0200 Subject: [PATCH] nginx: cleanup --- dot_config/nginx/nginx.conf.tmpl | 120 ++----------------------------- 1 file changed, 5 insertions(+), 115 deletions(-) diff --git a/dot_config/nginx/nginx.conf.tmpl b/dot_config/nginx/nginx.conf.tmpl index 397a376..7a9af4c 100644 --- a/dot_config/nginx/nginx.conf.tmpl +++ b/dot_config/nginx/nginx.conf.tmpl @@ -116,6 +116,11 @@ http { alias {{ .chezmoi.homeDir }}/jopixel/errorpages/; } + add_header "Access-Control-Allow-Origin" "*"; + add_header "Access-Control-Allow-Headers" $http_access_control_request_headers; + if ($request_method = "OPTIONS") { + return 204; + } } map $host $php_version { @@ -426,29 +431,6 @@ http { } - server { - #server_name _; - server_name gin.localhost; - - listen 80; - listen [::]:80; - listen 443 ssl http2; - listen [::]:443 ssl http2; - - ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; - ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; - - - location / { - proxy_pass http://127.0.0.1:3000; - - location /api { - proxy_pass http://127.0.0.1:5204; - } - } - - } - server { #server_name _; server_name wp2.localhost; @@ -521,96 +503,4 @@ http { fastcgi_index index.php; } } - - server { - listen 443 ssl; - listen [::]:443 ssl; - server_name djinn1.localhost; - - # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - ssl_prefer_server_ciphers off; - - ssl_session_timeout 1d; - ssl_session_cache shared:SSL:10m; # about 40000 sessions - ssl_session_tickets off; - - add_header Strict-Transport-Security "max-age=63072000" always; - set $prefix ""; - - ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; - ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; - - root {{ .chezmoi.homeDir }}/jopixel/jitsi-meet/; - - # ssi on with javascript for multidomain variables in config.js - ssi on; - ssi_types application/x-javascript application/javascript; - - index index.html index.htm; - error_page 404 /static/404.html; - - gzip on; - gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm; - gzip_vary on; - gzip_proxied no-cache no-store private expired auth; - gzip_min_length 512; - - # location = /config.js { - # alias /etc/jitsi/meet/djinn1.jopixel.cz-config.js; - # } - - # location = /external_api.js { - # alias /usr/share/jitsi-meet/libs/external_api.min.js; - # } - - # ensure all static content can always be found first - location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ - { - add_header 'Access-Control-Allow-Origin' '*'; - alias {{ .chezmoi.homeDir }}/jopixel/jitsi-meet/$1/$2; - } - - location ~ ^/([^/?&:'"]+)$ { - try_files $uri @root_path; - } - - location @root_path { - rewrite ^/(.*)$ / break; - } - - # location ~ ^/([^/?&:'"]+)/config.js$ - # { - # set $subdomain "$1."; - # set $subdir "$1/"; - - # alias /etc/jitsi/meet/djinn1.jopixel.cz-config.js; - # } - - # BOSH for subdomains - location ~ ^/([^/?&:'"]+)/http-bind { - set $subdomain "$1."; - set $subdir "$1/"; - set $prefix "$1"; - - rewrite ^/(.*)$ /http-bind; - } - - # websockets for subdomains - location ~ ^/([^/?&:'"]+)/xmpp-websocket { - set $subdomain "$1."; - set $subdir "$1/"; - set $prefix "$1"; - - rewrite ^/(.*)$ /xmpp-websocket; - } - - # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / - location ~ ^/([^/?&:'"]+)/(.*)$ { - set $subdomain "$1."; - set $subdir "$1/"; - rewrite ^/([^/?&:'"]+)/(.*)$ /$2; - } - } }