angular-cn/aio/aio-builds-setup/dockerbuild/nginx/aio-builds.conf

# Redirect all HTTP traffic to HTTPS
server {
  server_name _;

  listen {{$AIO_NGINX_PORT_HTTP}} default_server;
  listen [::]:{{$AIO_NGINX_PORT_HTTP}};

  access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
  error_log  {{$AIO_NGINX_LOGS_DIR}}/error.log;

  # Ideally we want 308 (permanent + keep original method),
  # but it is relatively new and not supported by some clients (e.g. cURL).
  return 307 https://$host:{{$AIO_NGINX_PORT_HTTPS}}$request_uri;
}

# Serve PR-preview requests
server {
  server_name "~^pr(?<pr>[1-9][0-9]*)-(?<sha>[0-9a-f]{7,40})\.";

  listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2;
  listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2;

  ssl_certificate           {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt;
  ssl_certificate_key       {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key;
  ssl_prefer_server_ciphers on;
  ssl_ciphers               EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

  root             {{$AIO_BUILDS_DIR}}/$pr/$sha;
  disable_symlinks on from=$document_root;
  index            index.html;

  gzip            on;
  gzip_comp_level 7;
  gzip_types      *;

  access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
  error_log  {{$AIO_NGINX_LOGS_DIR}}/error.log;

  error_page 404 /404.html;
  location "=/404.html" {
    internal;
  }

  location "~/[^/]+\.[^/]+$" {
    try_files $uri $uri/ =404;
  }

  location / {
    try_files $uri $uri/ /index.html =404;
  }
}

# Handle all other requests
server {
  server_name _;

  listen {{$AIO_NGINX_PORT_HTTPS}} ssl http2 default_server;
  listen [::]:{{$AIO_NGINX_PORT_HTTPS}} ssl http2;

  ssl_certificate           {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.crt;
  ssl_certificate_key       {{$AIO_LOCALCERTS_DIR}}/{{$AIO_DOMAIN_NAME}}.key;
  ssl_prefer_server_ciphers on;
  ssl_ciphers               EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

  access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
  error_log  {{$AIO_NGINX_LOGS_DIR}}/error.log;

  # Health check
  location "~^/health-check/?$" {
    add_header Content-Type text/plain;
    return 200 '';
  }

  # Check PRs previewability
  location "~^/can-have-public-preview/\d+/?$" {
    if ($request_method != "GET") {
      add_header Allow "GET";
      return 405;
    }

    proxy_pass_request_headers on;
    proxy_redirect             off;
    proxy_method               GET;
    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;

    resolver 127.0.0.1;
  }

  # Notify about CircleCI builds
  location "~^/circle-build/?$" {
    if ($request_method != "POST") {
      add_header Allow "POST";
      return 405;
    }

    proxy_pass_request_headers on;
    proxy_redirect             off;
    proxy_method               POST;
    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;

    resolver 127.0.0.1;
  }

  # Notify about PR changes
  location "~^/pr-updated/?$" {
    if ($request_method != "POST") {
      add_header Allow "POST";
      return 405;
    }

    proxy_pass_request_headers on;
    proxy_redirect             off;
    proxy_method               POST;
    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;

    resolver 127.0.0.1;
  }

  # Everything else
  location / {
    return 404;
  }
}