NicolasCantu
ba2c36c014
All checks were successful
Build and Push to Registry / build-and-push (push) Successful in 47s
216 lines
9.0 KiB
Plaintext
216 lines
9.0 KiB
Plaintext
server {
|
|
# Logs Nginx spécifiques à ce vhost
|
|
access_log /var/log/nginx/dev3.4nkweb.com.access.log main;
|
|
error_log /var/log/nginx/dev3.4nkweb.com.error.log warn;
|
|
listen 443 ssl;
|
|
server_name dev3.4nkweb.com;
|
|
|
|
# Callback IdNot -> backend, avec CORS dynamique et masquage des en-têtes upstream
|
|
location = /idnot/callback {
|
|
# Masquer les en-têtes CORS envoyés par l'upstream (Express)
|
|
proxy_hide_header Access-Control-Allow-Origin;
|
|
proxy_hide_header Access-Control-Allow-Credentials;
|
|
proxy_hide_header Access-Control-Allow-Headers;
|
|
proxy_hide_header Access-Control-Allow-Methods;
|
|
|
|
# CORS dynamique: autorise dev4, lecoffreio.4nkweb.com, localhost:3000 et sous-domaines *.4nkweb.com
|
|
set $cors_origin "";
|
|
if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) {
|
|
set $cors_origin $http_origin;
|
|
}
|
|
|
|
# Préflight OPTIONS
|
|
if ($request_method = OPTIONS) {
|
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id, x-request-id" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
|
|
return 204;
|
|
}
|
|
|
|
# En-têtes CORS pour les autres méthodes
|
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id, x-request-id" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
|
|
add_header X-Request-Id $request_id always;
|
|
|
|
proxy_pass http://127.0.0.1:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Request-Id $request_id;
|
|
}
|
|
|
|
# Redirection front (authorized-client) -> backend Express
|
|
location = /authorized-client {
|
|
# Masquer les en-têtes CORS envoyés par l'upstream (Express)
|
|
proxy_hide_header Access-Control-Allow-Origin;
|
|
proxy_hide_header Access-Control-Allow-Credentials;
|
|
proxy_hide_header Access-Control-Allow-Headers;
|
|
proxy_hide_header Access-Control-Allow-Methods;
|
|
|
|
# CORS dynamique
|
|
set $cors_origin "";
|
|
if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) {
|
|
set $cors_origin $http_origin;
|
|
}
|
|
|
|
# Préflight OPTIONS
|
|
if ($request_method = OPTIONS) {
|
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id, x-request-id" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
|
|
return 204;
|
|
}
|
|
|
|
# En-têtes CORS pour les autres méthodes
|
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id, x-request-id" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
|
|
add_header X-Request-Id $request_id always;
|
|
|
|
proxy_pass http://127.0.0.1:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Request-Id $request_id;
|
|
}
|
|
|
|
ssl_certificate /etc/letsencrypt/live/dev3.4nkweb.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/dev3.4nkweb.com/privkey.pem;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
# Redirection des requêtes HTTP normales vers Vite
|
|
location / {
|
|
proxy_pass http://localhost:3004;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Request-Id $request_id;
|
|
}
|
|
|
|
location /ws/ {
|
|
proxy_pass http://localhost:8090;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-NginX-Proxy true;
|
|
proxy_set_header X-Request-Id $request_id;
|
|
|
|
proxy_read_timeout 86400;
|
|
proxy_set_header Connection "Upgrade";
|
|
}
|
|
|
|
location /storage/ {
|
|
if ($request_method = 'OPTIONS') {
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
|
|
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
|
|
add_header 'Access-Control-Max-Age' 86400;
|
|
add_header 'Content-Length' 0;
|
|
add_header 'Content-Type' 'text/plain';
|
|
return 204;
|
|
}
|
|
|
|
add_header 'Access-Control-Allow-Origin' '*' always;
|
|
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
|
|
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With' always;
|
|
|
|
rewrite ^/storage(/.*)$ $1 break;
|
|
proxy_pass http://localhost:8080;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "Upgrade";
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Request-Id $request_id;
|
|
}
|
|
|
|
location ^~ /api/ {
|
|
# Masquer les en-têtes CORS de l'upstream (Express)
|
|
proxy_hide_header Access-Control-Allow-Origin;
|
|
proxy_hide_header Access-Control-Allow-Credentials;
|
|
proxy_hide_header Access-Control-Allow-Headers;
|
|
proxy_hide_header Access-Control-Allow-Methods;
|
|
|
|
# CORS dynamique: autorise dev4, lecoffreio.4nkweb.com, localhost:3000 et sous-domaines *.4nkweb.com
|
|
set $cors_origin "";
|
|
if ($http_origin ~* ^(https://dev4\.4nkweb\.com|http://local\.4nkweb\.com:3000|http://localhost:3000|https://.*\.4nkweb\.com)$) {
|
|
set $cors_origin $http_origin;
|
|
}
|
|
|
|
# Préflight OPTIONS
|
|
if ($request_method = OPTIONS) {
|
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
|
|
return 204;
|
|
}
|
|
|
|
# En-têtes CORS pour les autres méthodes
|
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
add_header Access-Control-Allow-Credentials "true" always;
|
|
add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-session-id" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
add_header Vary "Origin, Access-Control-Request-Method, Access-Control-Request-Headers" always;
|
|
add_header X-Request-Id $request_id always;
|
|
proxy_pass http://127.0.0.1:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Request-Id $request_id;
|
|
}
|
|
|
|
location @handle_502 {
|
|
internal;
|
|
add_header Access-Control-Allow-Origin "*" always;
|
|
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
|
|
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, X-Requested-With" always;
|
|
return 502;
|
|
}
|
|
|
|
}
|
|
|
|
server {
|
|
# Logs Nginx spécifiques à ce vhost (HTTP -> redir HTTPS)
|
|
access_log /var/log/nginx/dev3.4nkweb.com.access.log main;
|
|
error_log /var/log/nginx/dev3.4nkweb.com.error.log warn;
|
|
if ($host = dev3.4nkweb.com) {
|
|
return 301 https://$host$request_uri;
|
|
} # managed by Certbot
|
|
|
|
|
|
listen 80;
|
|
server_name dev3.4nkweb.com;
|
|
location = /idnot/callback {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Request-Id $request_id;
|
|
}
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
|
|
}
|