2017-03-08 09:29:37 -05:00
|
|
|
# Redirect all HTTP traffic to HTTPS
|
|
|
|
server {
|
|
|
|
server_name _;
|
|
|
|
|
|
|
|
listen {{$AIO_NGINX_PORT_HTTP}} default_server;
|
|
|
|
listen [::]:{{$AIO_NGINX_PORT_HTTP}};
|
|
|
|
|
2017-03-08 09:30:55 -05:00
|
|
|
access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
|
|
|
|
error_log {{$AIO_NGINX_LOGS_DIR}}/error.log;
|
|
|
|
|
2017-03-08 09:29:37 -05:00
|
|
|
# Ideally we want 308 (permanent + keep original method),
|
|
|
|
# but it is relatively new and not supported by some clients (e.g. cURL).
|
|
|
|
return 307 https://$host:{{$AIO_NGINX_PORT_HTTPS}}$request_uri;
|
|
|
|
}
|
|
|
|
|
2017-02-06 13:40:28 -05:00
|
|
|
# Serve PR-preview requests
|
|
|
|
server {
|
2017-06-25 15:13:03 -04:00
|
|
|
server_name "~^pr(?<pr>[1-9][0-9]*)-(?<sha>[0-9a-f]{7,40})\.";
|
2017-02-27 05:11:55 -05:00
|
|
|
|
2017-05-17 00:07:28 -04:00
|
|
|
listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2;
|
|
|
|
listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2;
|
2017-02-06 13:40:28 -05:00
|
|
|
|
2017-05-17 00:07:28 -04:00
|
|
|
ssl_certificate {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt;
|
|
|
|
ssl_certificate_key {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
|
2017-02-06 13:40:28 -05:00
|
|
|
|
|
|
|
root {{$AIO_BUILDS_DIR}}/$pr/$sha;
|
|
|
|
disable_symlinks on from=$document_root;
|
|
|
|
index index.html;
|
|
|
|
|
2017-05-10 17:22:16 -04:00
|
|
|
gzip on;
|
|
|
|
gzip_comp_level 7;
|
|
|
|
gzip_types *;
|
|
|
|
|
2017-03-08 09:30:55 -05:00
|
|
|
access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
|
|
|
|
error_log {{$AIO_NGINX_LOGS_DIR}}/error.log;
|
|
|
|
|
2017-03-13 12:35:16 -04:00
|
|
|
location "~/[^/]+\.[^/]+$" {
|
2017-02-06 13:40:28 -05:00
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
}
|
2017-03-13 12:35:16 -04:00
|
|
|
|
|
|
|
location / {
|
2017-03-21 09:46:20 -04:00
|
|
|
try_files $uri $uri/ /index.html =404;
|
2017-03-13 12:35:16 -04:00
|
|
|
}
|
2017-02-06 13:40:28 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
# Handle all other requests
|
|
|
|
server {
|
2017-02-27 05:11:55 -05:00
|
|
|
server_name _;
|
|
|
|
|
2017-05-17 00:07:28 -04:00
|
|
|
listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2 default_server;
|
|
|
|
listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2;
|
2017-02-06 13:40:28 -05:00
|
|
|
|
2017-05-17 00:07:28 -04:00
|
|
|
ssl_certificate {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt;
|
|
|
|
ssl_certificate_key {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
|
2017-02-06 13:40:28 -05:00
|
|
|
|
2017-03-08 09:30:55 -05:00
|
|
|
access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
|
|
|
|
error_log {{$AIO_NGINX_LOGS_DIR}}/error.log;
|
|
|
|
|
2017-02-06 13:40:28 -05:00
|
|
|
# Health check
|
2017-03-13 12:35:16 -04:00
|
|
|
location "~^/health-check/?$" {
|
2017-02-06 13:40:28 -05:00
|
|
|
add_header Content-Type text/plain;
|
|
|
|
return 200 '';
|
|
|
|
}
|
|
|
|
|
|
|
|
# Upload builds
|
2017-03-13 12:35:16 -04:00
|
|
|
location "~^/create-build/(?<pr>[1-9][0-9]*)/(?<sha>[0-9a-f]{40})/?$" {
|
2017-02-06 13:40:28 -05:00
|
|
|
if ($request_method != "POST") {
|
|
|
|
add_header Allow "POST";
|
|
|
|
return 405;
|
|
|
|
}
|
|
|
|
|
|
|
|
client_body_temp_path /tmp/aio-create-builds;
|
|
|
|
client_body_buffer_size 128K;
|
|
|
|
client_max_body_size {{$AIO_UPLOAD_MAX_SIZE}};
|
|
|
|
client_body_in_file_only on;
|
|
|
|
|
|
|
|
proxy_pass_request_headers on;
|
|
|
|
proxy_set_header X-FILE $request_body_file;
|
|
|
|
proxy_set_body off;
|
|
|
|
proxy_redirect off;
|
|
|
|
proxy_method GET;
|
|
|
|
proxy_pass http://{{$AIO_UPLOAD_HOSTNAME}}:{{$AIO_UPLOAD_PORT}}$request_uri;
|
|
|
|
|
|
|
|
resolver 127.0.0.1;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Everything else
|
|
|
|
location / {
|
|
|
|
return 404;
|
|
|
|
}
|
|
|
|
}
|