PROD.2025/DataRush
1
0
Fork 0
mirror of https://gitlab.com/megazordpobeda/DataRush.git synced 2026-05-22 20:57:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore: improvements in nginx.conf

Browse Source
This commit is contained in:
ITQ
2025-05-08 15:06:10 +03:00
parent 9ffe7b797f
commit bb535387a6
1 changed files with 48 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infrastructure/nginx/nginx.conf
+48 -13
View File
@@ -21,7 +21,7 @@ http {
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 valid=300s; resolver 127.0.0.11 valid=30s;
resolver_timeout 5s; resolver_timeout 5s;
server_names_hash_bucket_size 128; server_names_hash_bucket_size 128;
@@ -74,23 +74,56 @@ http {
server_tokens off; server_tokens off;
upstream frontend {
server frontend:80 resolve;
}
upstream backend {
server backend:8080 resolve;
}
upstream backend-staticfiles {
server backend-staticfiles:80 resolve;
}
upstream docs {
server docs:80 resolve;
}
upstream grafana {
server grafana:3000 resolve;
}
upstream minio {
server minio:9000 resolve;
}
upstream minio-ui {
server minio:9001 resolve;
}
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
server_name _; server_name _;
http2 on;
return 444; return 444;
} }
server { server {
listen 80 http2; listen 80;
listen [::]:80 http2; listen [::]:80;
server_name datarush.itqdev.xyz; server_name datarush.itqdev.xyz;
http2 on;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
location / { location / {
proxy_pass http://frontend:80; proxy_pass http://frontend;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
@@ -109,7 +142,7 @@ http {
location /docs { location /docs {
rewrite ^/docs(.*) /$1 break; rewrite ^/docs(.*) /$1 break;
proxy_pass http://docs:80; proxy_pass http://docs;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
@@ -128,7 +161,7 @@ http {
location /static { location /static {
rewrite ^/static/(.*)$ /$1 break; rewrite ^/static/(.*)$ /$1 break;
proxy_pass http://backend-staticfiles:80; proxy_pass http://backend-staticfiles;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
@@ -146,7 +179,7 @@ http {
} }
location /api { location /api {
proxy_pass http://backend:8080; proxy_pass http://backend;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@@ -169,7 +202,7 @@ http {
} }
location /admin { location /admin {
proxy_pass http://backend:8080; proxy_pass http://backend;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@@ -182,7 +215,7 @@ http {
} }
location /admin/grafana { location /admin/grafana {
proxy_pass http://grafana:3000/admin/grafana; proxy_pass http://grafana/admin/grafana;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
@@ -197,10 +230,12 @@ http {
} }
server { server {
listen 80 http2; listen 80;
listen [::]:80 http2; listen [::]:80;
server_name s3.datarush.itqdev.xyz; server_name s3.datarush.itqdev.xyz;
http2 on;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
@@ -220,7 +255,7 @@ http {
proxy_set_header Connection ""; proxy_set_header Connection "";
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass http://minio:9000; proxy_pass http://minio;
} }
location /minio/ui/ { location /minio/ui/ {
@@ -241,7 +276,7 @@ http {
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass http://minio:9001; proxy_pass http://minio-ui;
} }
} }
} }