diff --git a/confs/nginx/_effective_20250924-190412/conf.d/default.conf b/confs/nginx/_effective_20250924-190412/conf.d/default.conf new file mode 100755 index 0000000..ff2ced6 --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/conf.d/default.conf @@ -0,0 +1,44 @@ +server { + listen 80; + server_name localhost; + + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + diff --git a/confs/nginx/_effective_20250924-190412/nginx.conf b/confs/nginx/_effective_20250924-190412/nginx.conf new file mode 100755 index 0000000..622f1c2 --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/nginx.conf @@ -0,0 +1,34 @@ + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + +include /etc/nginx/stream.d/*.conf; + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/confs/nginx/_effective_20250924-190412/sites-enabled/demo.4nkweb.com b/confs/nginx/_effective_20250924-190412/sites-enabled/demo.4nkweb.com new file mode 120000 index 0000000..b429eff --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/sites-enabled/demo.4nkweb.com @@ -0,0 +1 @@ +/etc/nginx/sites-available/demo.4nkweb.com \ No newline at end of file diff --git a/confs/nginx/_effective_20250924-190412/sites-enabled/dev1.4nkweb.com b/confs/nginx/_effective_20250924-190412/sites-enabled/dev1.4nkweb.com new file mode 120000 index 0000000..cf74f1b --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/sites-enabled/dev1.4nkweb.com @@ -0,0 +1 @@ +/etc/nginx/sites-available/dev1.4nkweb.com \ No newline at end of file diff --git a/confs/nginx/_effective_20250924-190412/sites-enabled/dev2.4nkweb.com b/confs/nginx/_effective_20250924-190412/sites-enabled/dev2.4nkweb.com new file mode 120000 index 0000000..a790e77 --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/sites-enabled/dev2.4nkweb.com @@ -0,0 +1 @@ +/etc/nginx/sites-available/dev2.4nkweb.com \ No newline at end of file diff --git a/confs/nginx/_effective_20250924-190412/sites-enabled/dev3.4nkweb.com b/confs/nginx/_effective_20250924-190412/sites-enabled/dev3.4nkweb.com new file mode 100755 index 0000000..040d5e4 --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/sites-enabled/dev3.4nkweb.com @@ -0,0 +1,162 @@ +server { + listen 443 ssl; + server_name dev3.4nkweb.com; + + # Callback IdNot -> backend, avec CORS dynamique et masquage des en-têtes upstream + location = /idnot/callback { + # Masquer les en-têtes CORS envoyés par l'upstream (Express) + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + # CORS dynamique: autorise dev4, local.4nkweb.com:3000, localhost:3000 et sous-domaines *.4nkweb.com + set $cors_origin ""; + if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + # Préflight OPTIONS + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always; + return 204; + } + + # En-têtes CORS pour les autres méthodes + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always; + + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + ssl_certificate /etc/letsencrypt/live/dev3.4nkweb.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev3.4nkweb.com/privkey.pem; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers HIGH:!aNULL:!MD5; + # Redirection des requêtes HTTP normales vers Vite + location / { + proxy_pass http://localhost:3004; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } + + location /ws/ { + proxy_pass http://localhost:8090; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; + + proxy_read_timeout 86400; + proxy_set_header Connection "Upgrade"; + } + + location /storage/ { + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always; + add_header 'Access-Control-Max-Age' 86400; + add_header 'Content-Length' 0; + add_header 'Content-Type' 'text/plain'; + return 204; + } + + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always; + + rewrite ^/storage(/.*)$ $1 break; + proxy_pass http://localhost:8080; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } + + location ^~ /api/ { + # Masquer les en-têtes CORS de l'upstream (Express) + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + # CORS dynamique: autorise dev4, local.4nkweb.com:3000, localhost:3000 et sous-domaines *.4nkweb.com + set $cors_origin ""; + if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + # Préflight OPTIONS + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always; + return 204; + } + + # En-têtes CORS pour les autres méthodes + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always; + + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location @handle_502 { + internal; + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always; + add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, X-Requested-With" always; + return 502; + } + +} + +server { + if ($host = dev3.4nkweb.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name dev3.4nkweb.com; + location = /idnot/callback { + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + return 301 https://$host$request_uri; + + +} diff --git a/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio-dev2.4nkweb.com b/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio-dev2.4nkweb.com new file mode 120000 index 0000000..b20a8e5 --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio-dev2.4nkweb.com @@ -0,0 +1 @@ +/etc/nginx/sites-available/lecoffreio-dev2.4nkweb.com \ No newline at end of file diff --git a/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio.4nkweb.com b/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio.4nkweb.com new file mode 120000 index 0000000..f1c479a --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio.4nkweb.com @@ -0,0 +1 @@ +/etc/nginx/sites-available/lecoffreio.4nkweb.com \ No newline at end of file diff --git a/confs/nginx/_effective_20250924-190412/sites-enabled/local.lecoffreio.4nkweb.com b/confs/nginx/_effective_20250924-190412/sites-enabled/local.lecoffreio.4nkweb.com new file mode 100755 index 0000000..a61ac3b --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/sites-enabled/local.lecoffreio.4nkweb.com @@ -0,0 +1,7 @@ +server { + listen 80; + server_name local.lecoffreio.4nkweb.com; + + # Redirige vers le front final en conservant chemin + query + return 301 https://dev3.4nkweb.com/idnot/callback$is_args$args; +} diff --git a/confs/nginx/_effective_20250924-190412/sites-enabled/relay235.4nkweb.com b/confs/nginx/_effective_20250924-190412/sites-enabled/relay235.4nkweb.com new file mode 120000 index 0000000..08ab0de --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/sites-enabled/relay235.4nkweb.com @@ -0,0 +1 @@ +/etc/nginx/sites-available/relay235.4nkweb.com \ No newline at end of file diff --git a/confs/nginx/_effective_20250924-190412/stream.d/3000-multiplex.conf b/confs/nginx/_effective_20250924-190412/stream.d/3000-multiplex.conf new file mode 100644 index 0000000..0392232 --- /dev/null +++ b/confs/nginx/_effective_20250924-190412/stream.d/3000-multiplex.conf @@ -0,0 +1,11 @@ +stream { + map $ssl_preread_protocol $upstream_3000 { + "" 127.0.0.1:3001; # HTTP clair + default 127.0.0.1:3443; # TLS -> HTTPS + } + server { + listen 3000; + proxy_pass $upstream_3000; + ssl_preread on; + } +}