From bb535387a69062688e168bb63023f69166d94e74 Mon Sep 17 00:00:00 2001 From: ITQ Date: Thu, 8 May 2025 15:06:10 +0300 Subject: [PATCH] chore: improvements in nginx.conf --- infrastructure/nginx/nginx.conf | 61 ++++++++++++++++++++++++++------- 1 file changed, 48 insertions(+), 13 deletions(-) diff --git a/infrastructure/nginx/nginx.conf b/infrastructure/nginx/nginx.conf index 3f53c34..68b16af 100644 --- a/infrastructure/nginx/nginx.conf +++ b/infrastructure/nginx/nginx.conf @@ -21,7 +21,7 @@ http { ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; - resolver 1.1.1.1 1.0.0.1 8.8.8.8 valid=300s; + resolver 127.0.0.11 valid=30s; resolver_timeout 5s; server_names_hash_bucket_size 128; @@ -74,23 +74,56 @@ http { server_tokens off; + upstream frontend { + server frontend:80 resolve; + } + + upstream backend { + server backend:8080 resolve; + } + + upstream backend-staticfiles { + server backend-staticfiles:80 resolve; + } + + upstream docs { + server docs:80 resolve; + } + + upstream grafana { + server grafana:3000 resolve; + } + + upstream minio { + server minio:9000 resolve; + } + + upstream minio-ui { + server minio:9001 resolve; + } + server { listen 80 default_server; listen [::]:80 default_server; server_name _; + + http2 on; + return 444; } server { - listen 80 http2; - listen [::]:80 http2; + listen 80; + listen [::]:80; server_name datarush.itqdev.xyz; + http2 on; + add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; location / { - proxy_pass http://frontend:80; + proxy_pass http://frontend; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -109,7 +142,7 @@ http { location /docs { rewrite ^/docs(.*) /$1 break; - proxy_pass http://docs:80; + proxy_pass http://docs; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -128,7 +161,7 @@ http { location /static { rewrite ^/static/(.*)$ /$1 break; - proxy_pass http://backend-staticfiles:80; + proxy_pass http://backend-staticfiles; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -146,7 +179,7 @@ http { } location /api { - proxy_pass http://backend:8080; + proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -169,7 +202,7 @@ http { } location /admin { - proxy_pass http://backend:8080; + proxy_pass http://backend; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -182,7 +215,7 @@ http { } location /admin/grafana { - proxy_pass http://grafana:3000/admin/grafana; + proxy_pass http://grafana/admin/grafana; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; @@ -197,10 +230,12 @@ http { } server { - listen 80 http2; - listen [::]:80 http2; + listen 80; + listen [::]:80; server_name s3.datarush.itqdev.xyz; + http2 on; + add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; @@ -220,7 +255,7 @@ http { proxy_set_header Connection ""; chunked_transfer_encoding off; - proxy_pass http://minio:9000; + proxy_pass http://minio; } location /minio/ui/ { @@ -241,7 +276,7 @@ http { chunked_transfer_encoding off; - proxy_pass http://minio:9001; + proxy_pass http://minio-ui; } } }