chore(nginx): snapshot effective nginx config into confs/nginx/_effective_20250924-190412

2025-09-24 19:04:12 +02:00 · 2025-09-24 19:04:12 +02:00 · 11a77054b0
commit 11a77054b0
parent 51ff0a00c9
11 changed files with 264 additions and 0 deletions
--- a/confs/nginx/_effective_20250924-190412/conf.d/default.conf
+++ b/confs/nginx/_effective_20250924-190412/conf.d/default.conf
@ -0,0 +1,44 @@
+server {
+    listen       80;
+    server_name  localhost;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}
+
--- a/confs/nginx/_effective_20250924-190412/nginx.conf
+++ b/confs/nginx/_effective_20250924-190412/nginx.conf
@ -0,0 +1,34 @@
+
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+include /etc/nginx/stream.d/*.conf;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}
--- a/confs/nginx/_effective_20250924-190412/sites-enabled/demo.4nkweb.com
+++ b/confs/nginx/_effective_20250924-190412/sites-enabled/demo.4nkweb.com
@ -0,0 +1 @@
+/etc/nginx/sites-available/demo.4nkweb.com
--- a/confs/nginx/_effective_20250924-190412/sites-enabled/dev1.4nkweb.com
+++ b/confs/nginx/_effective_20250924-190412/sites-enabled/dev1.4nkweb.com
@ -0,0 +1 @@
+/etc/nginx/sites-available/dev1.4nkweb.com
--- a/confs/nginx/_effective_20250924-190412/sites-enabled/dev2.4nkweb.com
+++ b/confs/nginx/_effective_20250924-190412/sites-enabled/dev2.4nkweb.com
@ -0,0 +1 @@
+/etc/nginx/sites-available/dev2.4nkweb.com
--- a/confs/nginx/_effective_20250924-190412/sites-enabled/dev3.4nkweb.com
+++ b/confs/nginx/_effective_20250924-190412/sites-enabled/dev3.4nkweb.com
@ -0,0 +1,162 @@
+server {
+	listen 443 ssl;
+	server_name dev3.4nkweb.com;
+
+    # Callback IdNot -> backend, avec CORS dynamique et masquage des en-têtes upstream
+    location = /idnot/callback {
+        # Masquer les en-têtes CORS envoyés par l'upstream (Express)
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Allow-Methods;
+
+        # CORS dynamique: autorise dev4, local.4nkweb.com:3000, localhost:3000 et sous-domaines *.4nkweb.com
+        set $cors_origin "";
+        if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) {
+            set $cors_origin $http_origin;
+        }
+
+        # Préflight OPTIONS
+        if ($request_method = OPTIONS) {
+            add_header Access-Control-Allow-Origin $cors_origin always;
+            add_header Access-Control-Allow-Credentials "true" always;
+            add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+            add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
+            return 204;
+        }
+
+        # En-têtes CORS pour les autres méthodes
+        add_header Access-Control-Allow-Origin $cors_origin always;
+        add_header Access-Control-Allow-Credentials "true" always;
+        add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+        add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
+
+        proxy_pass http://127.0.0.1:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+	ssl_certificate /etc/letsencrypt/live/dev3.4nkweb.com/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/dev3.4nkweb.com/privkey.pem;
+
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_prefer_server_ciphers on;
+	ssl_ciphers HIGH:!aNULL:!MD5;
+	# Redirection des requêtes HTTP normales vers Vite
+	location / {
+		proxy_pass http://localhost:3004;
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
+		proxy_set_header Host $host;
+	}
+
+	location /ws/ {
+		proxy_pass http://localhost:8090;
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
+		proxy_set_header Host $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-NginX-Proxy true;
+
+		proxy_read_timeout 86400;
+		proxy_set_header Connection "Upgrade";
+	}
+
+	location /storage/ {
+		if ($request_method = 'OPTIONS') {
+			add_header 'Access-Control-Allow-Origin' '*' always;
+			add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+			add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
+			add_header 'Access-Control-Max-Age' 86400;
+			add_header 'Content-Length' 0;
+			add_header 'Content-Type' 'text/plain';
+			return 204;
+		}
+
+		add_header 'Access-Control-Allow-Origin' '*' always;
+		add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+		add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
+
+		rewrite ^/storage(/.*)$ $1 break;
+		proxy_pass http://localhost:8080;
+		proxy_http_version 1.1;
+		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "Upgrade";
+		proxy_set_header Host $host;
+	}
+
+	location ^~ /api/ {
+		# Masquer les en-têtes CORS de l'upstream (Express)
+		proxy_hide_header Access-Control-Allow-Origin;
+		proxy_hide_header Access-Control-Allow-Credentials;
+		proxy_hide_header Access-Control-Allow-Headers;
+		proxy_hide_header Access-Control-Allow-Methods;
+
+		# CORS dynamique: autorise dev4, local.4nkweb.com:3000, localhost:3000 et sous-domaines *.4nkweb.com
+		set $cors_origin "";
+		if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) {
+			set $cors_origin $http_origin;
+		}
+
+		# Préflight OPTIONS
+		if ($request_method = OPTIONS) {
+			add_header Access-Control-Allow-Origin $cors_origin always;
+			add_header Access-Control-Allow-Credentials "true" always;
+			add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
+			add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+			add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
+			return 204;
+		}
+
+		# En-têtes CORS pour les autres méthodes
+		add_header Access-Control-Allow-Origin $cors_origin always;
+		add_header Access-Control-Allow-Credentials "true" always;
+		add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
+		add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+		add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
+
+		proxy_pass http://127.0.0.1:8080;
+		proxy_set_header Host              $host;
+		proxy_set_header X-Real-IP         $remote_addr;
+		proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-Proto $scheme;
+	}
+
+	location @handle_502 {
+		internal;
+		add_header Access-Control-Allow-Origin  "*" always;
+		add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
+		add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, X-Requested-With" always;
+		return 502;
+	}
+
+}
+
+server {
+	if ($host = dev3.4nkweb.com) {
+		return 301 https://$host$request_uri;
+	} # managed by Certbot
+
+
+	listen 80;
+	server_name dev3.4nkweb.com;
+    location = /idnot/callback {
+        proxy_pass http://127.0.0.1:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+	return 301 https://$host$request_uri;
+
+
+}
--- a/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio-dev2.4nkweb.com
+++ b/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio-dev2.4nkweb.com
@ -0,0 +1 @@
+/etc/nginx/sites-available/lecoffreio-dev2.4nkweb.com
--- a/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio.4nkweb.com
+++ b/confs/nginx/_effective_20250924-190412/sites-enabled/lecoffreio.4nkweb.com
@ -0,0 +1 @@
+/etc/nginx/sites-available/lecoffreio.4nkweb.com
--- a/confs/nginx/_effective_20250924-190412/sites-enabled/local.lecoffreio.4nkweb.com
+++ b/confs/nginx/_effective_20250924-190412/sites-enabled/local.lecoffreio.4nkweb.com
@ -0,0 +1,7 @@
+server {
+    listen 80;
+    server_name local.lecoffreio.4nkweb.com;
+
+    # Redirige vers le front final en conservant chemin + query
+    return 301 https://dev3.4nkweb.com/idnot/callback$is_args$args;
+}
--- a/confs/nginx/_effective_20250924-190412/sites-enabled/relay235.4nkweb.com
+++ b/confs/nginx/_effective_20250924-190412/sites-enabled/relay235.4nkweb.com
@ -0,0 +1 @@
+/etc/nginx/sites-available/relay235.4nkweb.com
--- a/confs/nginx/_effective_20250924-190412/stream.d/3000-multiplex.conf
+++ b/confs/nginx/_effective_20250924-190412/stream.d/3000-multiplex.conf
@ -0,0 +1,11 @@
+stream {
+    map $ssl_preread_protocol $upstream_3000 {
+        ""       127.0.0.1:3001;   # HTTP clair
+        default  127.0.0.1:3443;   # TLS -> HTTPS
+    }
+    server {
+        listen 3000;
+        proxy_pass $upstream_3000;
+        ssl_preread on;
+    }
+}
				`@ -0,0 +1 @@`
				`/etc/nginx/sites-available/lecoffreio-dev2.4nkweb.com`
				`@ -0,0 +1 @@`
				`/etc/nginx/sites-available/lecoffreio.4nkweb.com`
				`@ -0,0 +1 @@`
				`/etc/nginx/sites-available/relay235.4nkweb.com`