worker_processes 1; working_directory {{ .chezmoi.homeDir }}/.config/nginx; error_log stderr info; daemon off; events { worker_connections 1024; } http { upstream php { server 127.0.0.1:9080; } upstream php81 { server 127.0.0.1:9081; } upstream php80 { server 127.0.0.1:9080; } upstream php74 { server 127.0.0.1:9074; } upstream php73 { server 127.0.0.1:9073; } upstream php72 { server 127.0.0.1:9072; } upstream php71 { server 127.0.0.1:9071; } include mime.types; default_type application/octet-stream; types_hash_bucket_size 128; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; # error_page 403 404 @errors; # proxy_intercept_errors on; # fastcgi_intercept_errors on; add_header "Access-Control-Allow-Origin" $http_origin; add_header "Access-Control-Allow-Credentials" true; add_header "Vary" "Origin"; access_log off; client_body_temp_path /run/user/{{ .chezmoi.uid }}/nginx/body; fastcgi_temp_path /run/user/{{ .chezmoi.uid }}/nginx/fastcgi; server { server_name files.*; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; client_max_body_size 10G; proxy_request_buffering off; proxy_buffering off; add_header "X-Dummy" 1; location /upload { proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:9999; } location /download { proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:9999; } location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://s3.appsincloud.net:7480/vizitapptest_files/; } } server { #server_name ~^static\.(?[^.]+)\.[^.]+$; server_name ~^static\.(.+\.)?(?[^.]+)\.[^.]+$; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; root {{ .chezmoi.homeDir }}/jopixel/$project/www/static; error_page 404 /errors/404.html; error_page 403 /errors/403.html; location /errors/ { alias {{ .chezmoi.homeDir }}/jopixel/errorpages/; } } map $host $php_version { hostnames; default php80; *.laya-server.localhost php74; *.invoicing.localhost php74; *.vizit.localhost php80; *.up123.localhost php72; *.katalogy.localhost php71; *.eno.localhost php71; } server { #server_name _; server_name ~^[^.]+\.(?[^.]+)\..+$; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; client_max_body_size 1G; root {{ .chezmoi.homeDir }}/jopixel/$project/www/www; #add_header Access-Control-Allow-Origin "*"; index index.php; location /favicon.ico { log_not_found off; access_log off; } location /fpm-status { fastcgi_pass unix:/run/user/{{ .chezmoi.uid }}/$php_version-fpm/status.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location / { fastcgi_hide_header Access-Control-Allow-Origin; fastcgi_pass unix:/run/user/{{ .chezmoi.uid }}/$php_version-fpm/fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root/index.php; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $request_uri; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param PATH_INFO $request_uri; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_keep_conn on; fastcgi_read_timeout 300s; fastcgi_index index.php; } location /_files/ { internal; proxy_set_header X-Forwarded-Proto $scheme; proxy_method GET; proxy_pass_request_body off; #proxy_pass_request_headers off; proxy_pass http://s3.appsincloud.net:7480/; } location /files/ { proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://s3.appsincloud.net:7480/; } location /_static/ { internal; root {{ .chezmoi.homeDir }}/jopixel/$project/www/static; try_files $uri =404; } # ^~ == prefix location, ignoruj regexp locations location ^~ /static/ { alias {{ .chezmoi.homeDir }}/jopixel/$project/www/static/; expires max; log_not_found off; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; error_page 404 /errors/404.html; error_page 403 /errors/403.html; location /errors/ { alias {{ .chezmoi.homeDir }}/jopixel/errorpages/; } } # include sites/*.conf; server { server_name static.hlasovani.ordinaceroku.cz; listen 80 ; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; root {{ .chezmoi.homeDir }}/jopixel/katalogy/www/static/; } server { #server_name _; server_name *.zdravotniregistr.cz *.ordinaceroku.cz; listen 80 default_server; listen [::]:80 default_server; listen 443 ssl default_server http2; listen [::]:443 ssl default_server http2; ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; client_max_body_size 1G; set $project "katalogy"; root {{ .chezmoi.homeDir }}/jopixel/$project/www/www; #add_header Access-Control-Allow-Origin "*"; index index.php; location /favicon.ico { log_not_found off; access_log off; } location /fpm-status { fastcgi_pass php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location / { fastcgi_hide_header Access-Control-Allow-Origin; fastcgi_pass php71; fastcgi_param SCRIPT_FILENAME $document_root/index.php; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME index.php; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_keep_conn on; fastcgi_read_timeout 300s; fastcgi_index index.php; } location /_files/ { internal; proxy_set_header X-Forwarded-Proto $scheme; proxy_method GET; proxy_pass_request_body off; #proxy_pass_request_headers off; proxy_pass http://s3.appsincloud.net:7480/; } location /_static/ { internal; root {{ .chezmoi.homeDir }}/jopixel/$project/www/static; try_files $uri =404; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; error_page 404 /errors/404.html; error_page 403 /errors/403.html; location /errors/ { alias {{ .chezmoi.homeDir }}/jopixel/errorpages/; } } server { #server_name _; server_name recepce.vizit.localhost; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; if ($https != 'on') { return 301 https://$host$request_uri; } ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; add_header "Access-Control-Allow-Headers" "Content-Type"; add_header "Access-Control-Allow-Origin" $http_origin; add_header "Access-Control-Allow-Credentials" true; root {{ .chezmoi.homeDir }}/jopixel/vizit/www/www; location / { proxy_pass http://127.0.0.1:3000; } location /api { fastcgi_hide_header Access-Control-Allow-Origin; fastcgi_pass $php_version; fastcgi_param SCRIPT_FILENAME $document_root/index.php; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME index.php; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_keep_conn on; fastcgi_read_timeout 300s; fastcgi_index index.php; } } server { #server_name _; server_name gin.localhost; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; location / { proxy_pass http://127.0.0.1:3000; location /api { proxy_pass http://127.0.0.1:5204; } } } server { #server_name _; server_name wp2.localhost; server_name *.wp2.localhost; listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; client_max_body_size 1G; root {{ .chezmoi.homeDir }}/jopixel/wp2.localhost/live/www/www; #add_header Access-Control-Allow-Origin "*"; index index.php; location /favicon.ico { log_not_found off; access_log off; } location / { try_files $uri $uri/ /index.php?$args; } location /skel { alias {{ .chezmoi.homeDir }}/jopixel/vpscontroller/wordpress-skel/uploads/; } location ~ .php$ { fastcgi_hide_header Access-Control-Allow-Origin; fastcgi_pass php80; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_keep_conn on; fastcgi_read_timeout 300s; fastcgi_index index.php; } } server { listen 443 ssl; listen [::]:443 ssl; server_name djinn1.localhost; # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; # about 40000 sessions ssl_session_tickets off; add_header Strict-Transport-Security "max-age=63072000" always; set $prefix ""; ssl_certificate {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.crt; ssl_certificate_key {{ .chezmoi.homeDir }}/.config/nginx/ssl/localhost.key; root {{ .chezmoi.homeDir }}/jopixel/jitsi-meet/; # ssi on with javascript for multidomain variables in config.js ssi on; ssi_types application/x-javascript application/javascript; index index.html index.htm; error_page 404 /static/404.html; gzip on; gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm; gzip_vary on; gzip_proxied no-cache no-store private expired auth; gzip_min_length 512; # location = /config.js { # alias /etc/jitsi/meet/djinn1.jopixel.cz-config.js; # } # location = /external_api.js { # alias /usr/share/jitsi-meet/libs/external_api.min.js; # } # ensure all static content can always be found first location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$ { add_header 'Access-Control-Allow-Origin' '*'; alias {{ .chezmoi.homeDir }}/jopixel/jitsi-meet/$1/$2; } location ~ ^/([^/?&:'"]+)$ { try_files $uri @root_path; } location @root_path { rewrite ^/(.*)$ / break; } # location ~ ^/([^/?&:'"]+)/config.js$ # { # set $subdomain "$1."; # set $subdir "$1/"; # alias /etc/jitsi/meet/djinn1.jopixel.cz-config.js; # } # BOSH for subdomains location ~ ^/([^/?&:'"]+)/http-bind { set $subdomain "$1."; set $subdir "$1/"; set $prefix "$1"; rewrite ^/(.*)$ /http-bind; } # websockets for subdomains location ~ ^/([^/?&:'"]+)/xmpp-websocket { set $subdomain "$1."; set $subdir "$1/"; set $prefix "$1"; rewrite ^/(.*)$ /xmpp-websocket; } # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to / location ~ ^/([^/?&:'"]+)/(.*)$ { set $subdomain "$1."; set $subdir "$1/"; rewrite ^/([^/?&:'"]+)/(.*)$ /$2; } } }