# Redirect all HTTP traffic to HTTPS server { server_name _; listen {{$AIO_NGINX_PORT_HTTP}} default_server; listen [::]:{{$AIO_NGINX_PORT_HTTP}}; access_log {{$AIO_NGINX_LOGS_DIR}}/access.log; error_log {{$AIO_NGINX_LOGS_DIR}}/error.log; # Ideally we want 308 (permanent + keep original method), # but it is relatively new and not supported by some clients (e.g. cURL). return 307 https://$host:{{$AIO_NGINX_PORT_HTTPS}}$request_uri; } # Serve PR-preview requests server { server_name "~^pr(?[1-9][0-9]*)-(?[0-9a-f]{7,40})\."; listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2; listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2; ssl_certificate {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt; ssl_certificate_key {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; root {{$AIO_BUILDS_DIR}}/$pr/$sha; disable_symlinks on from=$document_root; index index.html; gzip on; gzip_comp_level 7; gzip_types *; access_log {{$AIO_NGINX_LOGS_DIR}}/access.log; error_log {{$AIO_NGINX_LOGS_DIR}}/error.log; location "~/[^/]+\.[^/]+$" { try_files $uri $uri/ =404; } location / { try_files $uri $uri/ /index.html =404; } } # Handle all other requests server { server_name _; listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2 default_server; listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2; ssl_certificate {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt; ssl_certificate_key {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; access_log {{$AIO_NGINX_LOGS_DIR}}/access.log; error_log {{$AIO_NGINX_LOGS_DIR}}/error.log; # Health check location "~^/health-check/?$" { add_header Content-Type text/plain; return 200 ''; } # Upload builds location "~^/create-build/(?[1-9][0-9]*)/(?[0-9a-f]{40})/?$" { if ($request_method != "POST") { add_header Allow "POST"; return 405; } client_body_temp_path /tmp/aio-create-builds; client_body_buffer_size 128K; client_max_body_size {{$AIO_UPLOAD_MAX_SIZE}}; client_body_in_file_only on; proxy_pass_request_headers on; proxy_set_header X-FILE $request_body_file; proxy_set_body off; proxy_redirect off; proxy_method GET; proxy_pass http://{{$AIO_UPLOAD_HOSTNAME}}:{{$AIO_UPLOAD_PORT}}$request_uri; resolver 127.0.0.1; } # Notify about PR changes location "~^/pr-updated/?$" { if ($request_method != "POST") { add_header Allow "POST"; return 405; } proxy_pass_request_headers on; proxy_redirect off; proxy_method POST; proxy_pass http://{{$AIO_UPLOAD_HOSTNAME}}:{{$AIO_UPLOAD_PORT}}$request_uri; resolver 127.0.0.1; } # Everything else location / { return 404; } }