nginx.conf.template

# SPDX-FileCopyrightText: 2023 ImpulsoGov <contato@impulsogov.org>
#
# SPDX-License-Identifier: MIT


# Substitua o arquivo `/etc/nginx/nginx.conf` por este.

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;
	server_tokens off;
	client_max_body_size 50M;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;

	server {
		server_name $PREFECT_DOMINIO;
		location / {
			proxy_pass http://127.0.0.1:4200/;
			proxy_http_version  1.1;
			proxy_set_header    Upgrade     $http_upgrade;
			add_header X-Frame-Options "ALLOW-FROM http://sites.google.com/";
			add_header X-Frame-Options "ALLOW-FROM https://sites.google.com/";
			add_header X-Frame-Options "ALLOW-FROM http://www.sites.google.com/";
			add_header X-Frame-Options "ALLOW-FROM https://www.sites.google.com/";
			auth_basic "Acesso restrito";
			auth_basic_user_file /etc/apache2/.htpasswd;
		}
		listen 443 ssl; # managed by Certbot
		ssl_certificate /etc/letsencrypt/live/$PREFECT_DOMINIO/fullchain.pem; # managed by Certbot
		ssl_certificate_key /etc/letsencrypt/live/$PREFECT_DOMINIO/privkey.pem; # managed by Certbot
		include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
		ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}

	server {
		if ($host = $PREFECT_DOMINIO) {
			return 301 https://$host$request_uri;
		} # managed by Certbot

		listen 80;
		return 404; # managed by Certbot
	}
}