diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-03-25 20:55:53 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-03-25 20:55:53 +0100 |
| commit | e328d1bb0fe0f08b2f993a5a933307b77ad95c29 (patch) | |
| tree | c612f8062fade03d2cc30649c62ea765df57541e /roles/apps/collabora/code/templates/nginx-vhost.conf.j2 | |
| parent | sk-cloudia: new nextcloud instnace next.skillz.biz (diff) | |
move some roles to app/
Diffstat (limited to 'roles/apps/collabora/code/templates/nginx-vhost.conf.j2')
| -rw-r--r-- | roles/apps/collabora/code/templates/nginx-vhost.conf.j2 | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/roles/apps/collabora/code/templates/nginx-vhost.conf.j2 b/roles/apps/collabora/code/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..cec811f9 --- /dev/null +++ b/roles/apps/collabora/code/templates/nginx-vhost.conf.j2 @@ -0,0 +1,108 @@ +server { + listen 80; + listen [::]:80; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/tls.conf; + ssl_certificate /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey; + include snippets/hsts.conf; + + + client_max_body_size 128M; + + # static files + location ^~ /loleaflet { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # Capabilities + location ^~ /hosting/capabilities { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # main websocket + location ~ ^/lool/(.*)/ws$ { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_read_timeout 36000s; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # download, presentation and image upload + location ~ ^/lool { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # Admin Console websocket + location ^~ /lool/adminws { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_read_timeout 36000s; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } +} |