-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 89a5f59
Showing
7 changed files
with
180 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
version: "3.5" | ||
|
||
x-logging: | ||
&default-logging | ||
driver: "json-file" | ||
options: | ||
max-size: "10m" | ||
max-file: "2" | ||
|
||
networks: | ||
backbone-net: | ||
name: backbone-net | ||
|
||
services: | ||
nginx-controller: | ||
container_name: nginx-controller | ||
image: nginx:1.17.8 | ||
logging: *default-logging | ||
restart: always | ||
environment: | ||
- TZ=Asia/Bangkok | ||
volumes: | ||
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro | ||
- ./nginx/conf.d:/etc/nginx/conf.d:ro | ||
- ./nginx/ssl.d:/ssl.d:ro | ||
- ./webroot.d:/webroot.d:ro | ||
- certs:/etc/letsencrypt:ro | ||
- certs-data:/data/letsencrypt:ro | ||
networks: | ||
- backbone-net | ||
ports: | ||
- 80:80 | ||
- 443:443 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
server { | ||
listen 80 default_server; | ||
root /usr/share/nginx/html; | ||
index index.html index.htm; | ||
server_name localhost; | ||
|
||
location / { | ||
try_files $uri $uri/ =404; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
server { | ||
listen 80; | ||
server_name example.ltd www.example.ltd; | ||
|
||
## uncomment when using letsencrypt SSL | ||
# location ^~ /.well-known { | ||
# allow all; | ||
# root /data/letsencrypt/; | ||
# } | ||
|
||
return 301 https://$server_name$request_uri; | ||
} | ||
|
||
server { | ||
listen 443 ssl http2; | ||
server_name example.ltd; | ||
|
||
ssl_session_cache shared:SSL:20m; | ||
ssl_session_timeout 10m; | ||
|
||
## non-letsencrypt SSL | ||
ssl_certificate /ssl.d/$server_name/server.crt; | ||
ssl_certificate_key /ssl.d/$server_name/server.key; | ||
|
||
## uncomment when using letsencrypt SSL | ||
# ssl_stapling on; | ||
# ssl_stapling_verify on; | ||
# ssl_certificate /etc/letsencrypt/live/$server_name/fullchain.pem; | ||
# ssl_certificate_key /etc/letsencrypt/live/$server_name/privkey.pem; | ||
# ssl_trusted_certificate /etc/letsencrypt/live/$server_name/chain.pem; | ||
|
||
add_header Strict-Transport-Security "max-age=31536000; always"; | ||
add_header X-Frame-Options DENY; | ||
add_header X-Content-Type-Options nosniff; | ||
add_header X-XSS-Protection "1; mode=block"; | ||
|
||
resolver 127.0.0.1 valid=30s; | ||
|
||
proxy_set_header Host $host:$server_port; | ||
proxy_set_header X-Forwarded-Host $http_host; | ||
proxy_set_header X-Forwarded-Port $server_port; | ||
proxy_set_header X-Real-IP $remote_addr; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header X-Forwarded-Proto $scheme; | ||
|
||
proxy_max_temp_file_size 0; | ||
proxy_buffering off; | ||
proxy_request_buffering off; | ||
proxy_set_header Connection ""; | ||
|
||
location / { | ||
proxy_pass http://backend.service:10180; | ||
} | ||
|
||
location /phpmyadmin/ { | ||
rewrite ^/phpmyadmin(/.*)$ /$1 break; | ||
proxy_pass http://phpmyadmin.service:10181; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
server { | ||
listen 80; | ||
server_name dl.example.ltd; | ||
|
||
## uncomment when using letsencrypt SSL | ||
# location ^~ /.well-known { | ||
# allow all; | ||
# root /data/letsencrypt/; | ||
# } | ||
|
||
return 301 https://$server_name$request_uri; | ||
} | ||
|
||
server { | ||
listen 443 ssl http2; | ||
server_name dl.example.ltd; | ||
|
||
ssl_session_cache shared:SSL:20m; | ||
ssl_session_timeout 10m; | ||
|
||
# non-letsencrypt SSL | ||
ssl_certificate /ssl.d/$server_name/server.crt; | ||
ssl_certificate_key /ssl.d/$server_name/server.key; | ||
|
||
## uncomment when using letsencrypt SSL | ||
# ssl_stapling on; | ||
# ssl_stapling_verify on; | ||
# ssl_certificate /etc/letsencrypt/live/$server_name/fullchain.pem; | ||
# ssl_certificate_key /etc/letsencrypt/live/$server_name/privkey.pem; | ||
# ssl_trusted_certificate /etc/letsencrypt/live/$server_name/chain.pem; | ||
|
||
add_header Strict-Transport-Security "max-age=31536000; always"; | ||
add_header X-Frame-Options DENY; | ||
add_header X-Content-Type-Options nosniff; | ||
add_header X-XSS-Protection "1; mode=block"; | ||
|
||
location / { | ||
autoindex on; | ||
root /webroot.d/$server_name; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
user root; | ||
worker_processes auto; | ||
|
||
error_log /var/log/nginx/error.log warn; | ||
pid /var/run/nginx.pid; | ||
|
||
events { | ||
worker_connections 4095; | ||
} | ||
|
||
http { | ||
include /etc/nginx/mime.types; | ||
default_type application/octet-stream; | ||
|
||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | ||
'$status $body_bytes_sent "$http_referer" ' | ||
'"$http_user_agent" "$http_x_forwarded_for"'; | ||
|
||
access_log /var/log/nginx/access.log main; | ||
|
||
sendfile on; | ||
tcp_nopush on; | ||
keepalive_timeout 30; | ||
|
||
server_tokens off; | ||
server_names_hash_bucket_size 512; | ||
client_max_body_size 250m; | ||
types_hash_max_size 2048; | ||
|
||
# SSL Global Setting | ||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
ssl_prefer_server_ciphers on; | ||
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; | ||
|
||
include /etc/nginx/conf.d/*.conf; | ||
} |
Empty file.
Empty file.