sr2/ansible-collection-apps
4
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions
ansible-collection-apps/roles/podman_seafile/templates/home/podman/nginx/nginx.conf

125 lines
3.3 KiB
Nginx Configuration File
Raw Normal View History

feat(podman_seafile): initial import
2025-12-01 15:09:46 +00:00
# {{ ansible_managed }}
error_log /dev/stdout info;
access_log /dev/stdout;
resolver 10.89.0.1 ipv6=off valid=10s;
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# Mitigate httpoxy attack
proxy_set_header Proxy "";
server {
listen 80;
listen [::]:80;
server_name {{ podman_seafile_hostname }};
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://{{ podman_seafile_hostname }}$request_uri;
}
}
upstream seafile {
zone seafile_upstream 64k;
server seafile:80 resolve;
}
upstream seadoc {
zone seadoc_upstream 64k;
server seadoc:80 resolve;
}
upstream onlyoffice {
zone onlyoffice_upstream 64k;
server onlyoffice:80 resolve;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
server {
server_name {{ podman_seafile_hostname }};
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/{{ podman_seafile_hostname }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ podman_seafile_hostname }}/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
add_header Referrer-Policy origin always; # make sure outgoing links don't show the URL to the instance
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
location ~ ^(/accounts/login)(.*)$ {
return 301 /oauth/login$2;
}
location / {
proxy_pass http://seafile;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
client_max_body_size 100m;
}
location /sdoc-server/ {
proxy_pass http://seadoc/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 100m;
}
location /socket.io {
proxy_pass http://seadoc;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_redirect off;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
location /onlyofficeds/ {
proxy_pass http://onlyoffice/;
proxy_http_version 1.1;
client_max_body_size 100M;
proxy_read_timeout 3600s;
proxy_connect_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Forwarded-Host $host/onlyofficeds;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Reference in a new issue Copy permalink