mirror of
https://gitlab.com/MoonTestUse1/AdministrationItDepartmens.git
synced 2025-08-14 00:25:46 +02:00
75 lines
2.2 KiB
Plaintext
75 lines
2.2 KiB
Plaintext
upstream backend_upstream {
|
||
server backend:8000;
|
||
}
|
||
|
||
upstream frontend_upstream {
|
||
server frontend:5173;
|
||
}
|
||
|
||
# Редирект с HTTP на HTTPS
|
||
server {
|
||
listen 80;
|
||
server_name itformhelp.ru www.itformhelp.ru;
|
||
|
||
location /.well-known/acme-challenge/ {
|
||
root /var/www/certbot;
|
||
}
|
||
|
||
location / {
|
||
return 301 https://$host$request_uri;
|
||
}
|
||
}
|
||
|
||
# Основной HTTPS сервер
|
||
server {
|
||
listen 443 ssl http2;
|
||
server_name itformhelp.ru www.itformhelp.ru;
|
||
|
||
ssl_certificate /etc/letsencrypt/live/itformhelp.ru/fullchain.pem;
|
||
ssl_certificate_key /etc/letsencrypt/live/itformhelp.ru/privkey.pem;
|
||
|
||
# Дополнительные настройки SSL
|
||
ssl_trusted_certificate /etc/letsencrypt/live/itformhelp.ru/chain.pem;
|
||
ssl_stapling on;
|
||
ssl_stapling_verify on;
|
||
resolver 8.8.8.8 8.8.4.4 valid=300s;
|
||
resolver_timeout 5s;
|
||
|
||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||
add_header X-Frame-Options SAMEORIGIN;
|
||
add_header X-Content-Type-Options nosniff;
|
||
add_header X-XSS-Protection "1; mode=block";
|
||
|
||
# Frontend proxy
|
||
location / {
|
||
proxy_pass http://frontend_upstream;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection 'upgrade';
|
||
proxy_set_header Host $host;
|
||
proxy_cache_bypass $http_upgrade;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
|
||
# API proxy
|
||
location /api/ {
|
||
proxy_pass http://backend_upstream;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection 'upgrade';
|
||
proxy_set_header Host $host;
|
||
proxy_cache_bypass $http_upgrade;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
}
|
||
}
|
||
|
||
# Редирект с IP на домен
|
||
server {
|
||
listen 80;
|
||
server_name 185.139.70.62;
|
||
return 301 https://itformhelp.ru$request_uri;
|
||
} |