Merge pull request #31 from bybatkhuu/dev

🧑‍💻 Add Nginx configuration templates for dynamic and stat…

Author: bybatkhuu

templates/nginx.conf/000.base.conf.template renamed to templates/nginx.conf/dynamic/000.base.conf.template

@@ -0,0 +1,20 @@
+# allow 192.168.0.0/24;
+
+# ## Cloudflare settings:
+# include /etc/nginx/conf.d/cloudflare/whitelist.conf;
+
+
+# server {
+# 	listen 192.168.0.1:80;
+
+# 	## Nginx stats (basic auth):
+# 	location = /status {
+# 		auth_basic "Closed site";
+# 		auth_basic_user_file /etc/nginx/ssl/.htpasswd;
+
+# 		allow 127.0.0.1;
+# 		allow 192.168.0.0/24;
+# 		deny all;
+# 		stub_status;
+# 	}
+# }

templates/nginx.conf/010.http.conf.template renamed to templates/nginx.conf/dynamic/010.http.conf.template

@@ -0,0 +1,71 @@
+upstream api-server {
+	server 127.0.0.1:8000;
+
+	## Or Load Balancing:
+	# least_conn;
+	# hash $binary_remote_addr consistent;
+	# server 127.0.0.1:8000;
+	# server 127.0.0.1:8001;
+	# server 127.0.0.1:8002;
+}
+
+
+## HTTP:
+server {
+	listen 80;
+	listen [::]:80;
+
+	## Logging:
+	access_log /dev/stdout realip_combined if=$loggable;
+	access_log /var/log/nginx/access.$map_date_now.log realip_combined if=$loggable;
+	access_log /var/log/nginx/access.json.$map_date_now.log json_combined if=$loggable;
+	# access_log /var/log/nginx/access.json.$map_date_now.log cf_json_combined if=$loggable;
+
+	## Restrict methods:
+	if ($request_method ~ ^(TRACE)$) {
+		return '405';
+	}
+
+	## Security headers:
+	include /etc/nginx/conf.d/security-headers.conf;
+
+	## Additional configs:
+	include /etc/nginx/conf.d/general.conf;
+	include /etc/nginx/conf.d/well-known.conf;
+
+	## Static files:
+	root /var/www/web/public;
+
+	location / {
+		try_files $uri $uri.html $uri/ =404;
+	}
+
+	# error_page 404 /404.html;
+	# location = /404.html {
+	# 	internal;
+	# }
+
+	# include /etc/nginx/conf.d/error-pages.conf;
+
+	## Sub-path as static files:
+	# location ^~ /demo {
+	# 	alias /var/www/demo/public;
+	# 	try_files ${_DOLLAR}uri ${_DOLLAR}uri/ =404;
+	# }
+
+	location ^~ /api {
+		rewrite ^/api/(.*)$ /$1?$args break;
+
+		## Cloudflare headers:
+		# include /etc/nginx/conf.d/cloudflare/proxy.conf;
+
+		## Proxy headers:
+		include /etc/nginx/conf.d/proxy.conf;
+		# include /etc/nginx/conf.d/proxy-timeout.conf;
+		include /etc/nginx/conf.d/api-headers.conf;
+
+		proxy_pass http://api-server;
+	}
+
+	# include /etc/nginx/conf.d/status.conf;
+}

templates/nginx.conf/010.https.self.conf.template renamed to templates/nginx.conf/dynamic/010.https.self.conf.template

@@ -0,0 +1,87 @@
+upstream api-server {
+	server 127.0.0.1:8000;
+
+	## Or Load Balancing:
+	# least_conn;
+	# hash $binary_remote_addr consistent;
+	# server 127.0.0.1:8000;
+	# server 127.0.0.1:8001;
+	# server 127.0.0.1:8002;
+}
+
+
+## HTTPS:
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	http2 on;
+
+	## Logging:
+	access_log /dev/stdout realip_combined if=$loggable;
+	access_log /var/log/nginx/access.$map_date_now.log realip_combined if=$loggable;
+	access_log /var/log/nginx/access.json.$map_date_now.log json_combined if=$loggable;
+	# access_log /var/log/nginx/access.json.$map_date_now.log cf_json_combined if=$loggable;
+
+	## Restrict methods:
+	if ($request_method ~ ^(TRACE)$) {
+		return '405';
+	}
+
+	## SSL:
+	include /etc/nginx/conf.d/ssl.conf;
+	ssl_certificate /etc/nginx/ssl/self.crt;
+	ssl_certificate_key /etc/nginx/ssl/self.key;
+
+	## Security headers:
+	include /etc/nginx/conf.d/security-headers.conf;
+
+	## Additional configs:
+	include /etc/nginx/conf.d/general.conf;
+	include /etc/nginx/conf.d/well-known.conf;
+
+	## Static files:
+	root /var/www/web/public;
+
+	location / {
+		try_files $uri $uri.html $uri/ =404;
+	}
+
+	# error_page 404 /404.html;
+	# location = /404.html {
+	# 	internal;
+	# }
+
+	# include /etc/nginx/conf.d/error-pages.conf;
+
+	## Sub-path as static files:
+	# location ^~ /demo {
+	# 	alias /var/www/demo/public;
+	# 	try_files ${_DOLLAR}uri ${_DOLLAR}uri/ =404;
+	# }
+
+	location ^~ /api {
+		rewrite ^/api/(.*)$ /$1?$args break;
+
+		## Cloudflare headers:
+		# include /etc/nginx/conf.d/cloudflare/proxy.conf;
+
+		## Proxy headers:
+		include /etc/nginx/conf.d/proxy.conf;
+		# include /etc/nginx/conf.d/proxy-timeout.conf;
+		include /etc/nginx/conf.d/api-headers.conf;
+
+		proxy_pass http://api-server;
+	}
+
+	# include /etc/nginx/conf.d/status.conf;
+}
+
+## HTTP redirect:
+server {
+	listen 80;
+	listen [::]:80;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}

templates/nginx.conf/100.example.com_https.conf.template renamed to templates/nginx.conf/dynamic/100.example.com.conf.template

@@ -0,0 +1,119 @@
+upstream api-server {
+	server 127.0.0.1:8000;
+
+	## Or Load Balancing:
+	# least_conn;
+	# hash $binary_remote_addr consistent;
+	# server 127.0.0.1:8000;
+	# server 127.0.0.1:8001;
+	# server 127.0.0.1:8002;
+}
+
+
+# Main domain as static files (HTTPS):
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	http2 on;
+	server_name example.com www.example.com;
+
+	## Logging:
+	access_log /dev/stdout realip_combined if=$loggable;
+	access_log /var/log/nginx/example.com.access.$map_date_now.log realip_combined if=$loggable;
+	access_log /var/log/nginx/example.com.access.json.$map_date_now.log json_combined if=$loggable;
+	# access_log /var/log/nginx/example.com.access.json.$map_date_now.log cf_json_combined if=$loggable;
+
+	## Restrict methods:
+	if ($request_method ~ ^(TRACE)$) {
+		return '405';
+	}
+
+	## SSL:
+	include /etc/nginx/conf.d/ssl.conf;
+	ssl_stapling on;
+	ssl_certificate /etc/nginx/ssl/example.com/cert.pem;
+	ssl_certificate_key /etc/nginx/ssl/example.com/key.pem;
+
+	## Security headers:
+	add_header Access-Control-Allow-Origin "https://example.com" always;
+	include /etc/nginx/conf.d/security-headers.conf;
+
+	## Additional configs:
+	include /etc/nginx/conf.d/general.conf;
+	include /etc/nginx/conf.d/well-known.conf;
+
+	## Static files:
+	root /var/www/example.com/public;
+
+	location / {
+		try_files $uri $uri.html $uri/ =404;
+	}
+
+	# error_page 404 /404.html;
+	# location = /404.html {
+	# 	internal;
+	# }
+
+	include /etc/nginx/conf.d/error-pages.conf;
+
+	## Sub-path as static files:
+	# location ^~ /demo {
+	# 	alias /var/www/demo.example.com/public;
+	# 	try_files ${_DOLLAR}uri ${_DOLLAR}uri/ =404;
+	# }
+
+	# include /etc/nginx/conf.d/status.conf;
+}
+
+## Subdomain as reverse proxy (HTTPS):
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	http2 on;
+	server_name api.example.com;
+
+	## Logging:
+	access_log /dev/stdout realip_combined;
+	access_log /var/log/nginx/api.example.com.access.$map_date_now.log realip_combined;
+	access_log /var/log/nginx/api.example.com.access.json.$map_date_now.log json_combined;
+	# access_log /var/log/nginx/api.example.com.access.json.$map_date_now.log cf_json_combined if=$loggable;
+
+	## Restrict methods:
+	if ($request_method ~ ^(TRACE)$) {
+		return '405';
+	}
+
+	## SSL:
+	include /etc/nginx/conf.d/ssl.conf;
+	ssl_stapling on;
+	ssl_certificate /etc/nginx/ssl/example.com/cert.pem;
+	ssl_certificate_key /etc/nginx/ssl/example.com/key.pem;
+
+	## Security headers:
+	# include /etc/nginx/conf.d/security-headers.conf;
+
+	## Cloudflare headers:
+	# include /etc/nginx/conf.d/cloudflare/proxy.conf;
+
+	## Proxy headers:
+	include /etc/nginx/conf.d/proxy.conf;
+	# include /etc/nginx/conf.d/proxy-timeout.conf;
+	include /etc/nginx/conf.d/api-headers.conf;
+
+	## Reverse proxy:
+	location / {
+		# rewrite ^/api/(.*)$ /$1?$args break;
+		proxy_pass http://api-server;
+	}
+}
+
+## HTTP redirect:
+server {
+	listen 80;
+	listen [::]:80;
+	server_name .example.com;
+
+	location / {
+		return 301 https://$host$request_uri;
+	}
+}