Главная Обзор Помощь
Регистрация Вход
root
/
apps
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Ветка: master
Ветки Метки
apps
/
ix-dev
/
stable
/
collabora
/
templates
/
macros
/
nginx.conf.jinja

nginx.conf.jinja 3.2 KB
Постоянная ссылка История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. {% macro nginx_conf(values) -%}
    2. 

  2. {%- set nginx_host = "%s:%d" | format(values.consts.nginx_container_name, values.network.web_port.port_number) %}
    3. 

  3. {%- set nginx_url = "https://%s" | format(nginx_host) %}
    4. 

  4. events {
    5. 

  5.   worker_connections  1024;
    6. 

  6. }
    7. 

  7. http {
    8. 

  8.   include       mime.types;
    9. 

  9.   default_type  application/octet-stream;
    10. 

  10.   # Types to enable gzip compression on
    11. 

  11.   gzip_types
    12. 

  12.     text/plain text/css text/js text/xml
    13. 

  13.     text/javascript application/javascript
    14. 

  14.     application/x-javascript application/json
    15. 

  15.     application/xml application/rss+xml
    16. 

  16.     image/svg+xml;
    17. 

  17.   sendfile        on;
    18. 

  18.   client_max_body_size 1000m;
    19. 

  19.   keepalive_timeout  65;
    20. 

  20.   # Disable tokens for security (#23684)
    21. 

  21.   server_tokens off;
    22. 

  22.   gzip  on;
    23. 

  23.   client_body_temp_path /var/tmp/firmware;
    24. 

  24.   server {
    25. 

  25.     server_name            "{{ nginx_host }}";
    26. 

  26.     listen                 0.0.0.0:{{ values.network.web_port.port_number }} default_server ssl http2;
    27. 

  27.     ssl_certificate        "{{ values.consts.nginx_ssl_cert_path }}";
    28. 

  28.     ssl_certificate_key    "{{ values.consts.nginx_ssl_key_path }}";
    29. 

  29.     ssl_session_timeout    120m;
    30. 

  30.     ssl_session_cache      shared:ssl:16m;
    31. 

  31.     ssl_protocols TLSv1.2 TLSv1.3;
    32. 

  32.     ssl_prefer_server_ciphers on;
    33. 

  33.     ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384;
    34. 

  34.     add_header Strict-Transport-Security max-age=31536000;
    35. 

  35.     location = /robots.txt {
    36. 

  36.       add_header Content-Type text/plain;
    37. 

  37.       proxy_set_header Referer "{{ nginx_url }}";
    38. 

  38.       return 200 "User-agent: *\nDisallow: /loleaflet/*\n";
    39. 

  39.     }
    40. 

  40.     # static files
    41. 

  41.     location ^~ /browser {
    42. 

  42.       proxy_pass http://{{ values.consts.collabora_container_name }}:9980;
    43. 

  43.       proxy_set_header Host $host;
    44. 

  44.       # proxy_set_header Referer "{{ nginx_url }}";
    45. 

  45.     }
    46. 

  46.     # WOPI discovery URL
    47. 

  47.     location ^~ /hosting/discovery {
    48. 

  48.       set $upstream_collabora {{ values.consts.collabora_container_name }};
    49. 

  49.       proxy_pass http://$upstream_collabora:9980;
    50. 

  50.       proxy_set_header Host $http_host;
    51. 

  51.       # proxy_set_header Referer "{{ nginx_url }}";
    52. 

  52.     }
    53. 

  53.     # Capabilities
    54. 

  54.     location ^~ /hosting/capabilities {
    55. 

  55.       proxy_pass http://{{ values.consts.collabora_container_name }}:9980;
    56. 

  56.       proxy_set_header Host $host;
    57. 

  57.       # proxy_set_header Referer "{{ nginx_url }}";
    58. 

  58.     }
    59. 

  59.     # main websocket
    60. 

  60.     location ~ ^/cool/(.*)/ws$ {
    61. 

  61.       proxy_pass http://{{ values.consts.collabora_container_name }}:9980;
    62. 

  62.       proxy_set_header Host $host;
    63. 

  63.       proxy_set_header Upgrade $http_upgrade;
    64. 

  64.       proxy_set_header Connection "Upgrade";
    65. 

  65.       # proxy_set_header Referer "{{ nginx_url }}";
    66. 

  66.       proxy_read_timeout 36000s;
    67. 

  67.     }
    68. 

  68.     # download, presentation and image upload
    69. 

  69.     location ~ ^/(c|l)ool {
    70. 

  70.       proxy_pass http://{{ values.consts.collabora_container_name }}:9980;
    71. 

  71.       proxy_set_header Host $host;
    72. 

  72.       proxy_set_header Referer "{{ nginx_url }}";
    73. 

  73.     }
    74. 

  74.     # Admin Console websocket
    75. 

  75.     location ^~ /cool/adminws {
    76. 

  76.       proxy_pass http://{{ values.consts.collabora_container_name }}:9980;
    77. 

  77.       proxy_set_header Host $host;
    78. 

  78.       proxy_set_header Upgrade $http_upgrade;
    79. 

  79.       proxy_set_header Connection "Upgrade";
    80. 

  80.       # proxy_set_header Referer "{{ nginx_url }}";
    81. 

  81.       proxy_read_timeout 36000s;
    82. 

  82.     }
    83. 

  83.   }
    84. 

  84. }
    85. 

  85. {%- endmacro %}
    86.