-
Notifications
You must be signed in to change notification settings - Fork 5
/
zestedesavoir.j2
108 lines (86 loc) · 2.44 KB
/
zestedesavoir.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
upstream zdsappserver {
server unix:{{ rundir }}/gunicorn.sock fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
{% if acme %}
location ~ /.well-known/acme-challenge {
include snippets/proxy.conf;
proxy_pass http://localhost:402;
}
{% endif %}
{% if certificate is defined and cert.stat.exists %}
{% if http_host %}
server_name {{ http_host }};
{% endif %}
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
{% endif %}
{% if http_host %}
server_name {{ http_host }};
{% endif %}
try_files $uri @proxy;
server_tokens off;
client_max_body_size 100M;
{% if certificate is defined and cert.stat.exists %}
ssl_certificate {{ certificate.cert }};
ssl_certificate_key {{ certificate.key }};
include snippets/ssl.conf;
{% endif %}
# Logging
access_log {{ logdir }}/nginx-access.log;
error_log {{ logdir }}/nginx-error.log;
# Rewrite de l'ancienne page de teasing
rewrite ^/teasing/$ / permanent;
root {{ webroot }};
{% if acme %}
location ~ /.well-known {
allow all;
}
{% endif %}
{% if not public %}
add_header X-Robots-Tag "none" always;
{% endif %}
location @proxy {
# 503 si la maintenance est active
if (-f $document_root/maintenance.html) {
return 503;
}
# Ajout d'un trailing slash sur les URLs
if ($uri !~ (\.|^/api)) {
rewrite ^(.*[^/])$ $1/ permanent;
}
include snippets/proxy.conf;
proxy_pass http://zdsappserver;
}
location @maintenance {
rewrite ^(.*)$ /maintenance.html break;
}
# Cache headers on static resources
location ~* ^/(static|media|errors)/ {
access_log off;
log_not_found off;
include snippets/static-cache.conf;
include snippets/clem_smileys.conf;
}
# HOTFIX 20171116 vhf
# disallow everything except this because of security issues
# with DELETE on API endpoints
error_page 405 @error405;
location @error405 {
add_header Allow "GET, POST, HEAD, PUT" always;
}
if ( $request_method !~ ^(GET|POST|HEAD|PUT)$ ) {
return 405;
}
# END HOTFIX
# Error pages
error_page 500 502 504 /errors/500.html;
error_page 503 @maintenance;
include snippets/headers.conf;
include snippets/antispam.conf;
}