# Your App
upstream yourapp {
server localhost:5442;
}
upstream openviduserver {
server localhost:5443;
}
server {
listen 80;
listen [::]:80;
server_name i12a405.p.ssafy.io;
if ($host = i12a405.p.ssafy.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
# Redirect to https
location / {
rewrite ^(.*) https://i12a405.p.ssafy.io:443$1 permanent;
}
location /jenkins {
proxy_pass <http://127.0.0.1:9090>; # 외부 9090 포트를 내부 8080 포트로 포워딩
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
# letsencrypt
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location /nginx_status {
stub_status;
allow 127.0.0.1; #only allow requests from localhost
deny all; #deny all other hosts
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name i12a405.p.ssafy.io;
# SSL Config
ssl_certificate /etc/letsencrypt/live/i12a405.p.ssafy.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/i12a405.p.ssafy.io/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/i12a405.p.ssafy.io/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
# Proxy
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_headers_hash_bucket_size 512;
proxy_redirect off;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Your App
location / {
proxy_pass <http://yourapp>; # Openvidu call by default
}
location /jenkins {
proxy_pass <http://127.0.0.1:9090>; # 외부 9090 포트를 내부 8080 포트로 포워딩
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
########################
# OpenVidu Locations #
########################
#################################
# Common rules CE #
#################################
# Dashboard rule
location /dashboard {
allow all;
deny all;
proxy_pass <http://openviduserver>;
}
# Websocket rule
location ~ /openvidu$ {
proxy_pass <http://openviduserver>;
}
#################################
# New API #
#################################
location /openvidu/layouts {
rewrite ^/openvidu/layouts/(.*)$ /custom-layout/$1 break;
root /opt/openvidu;
}
location /openvidu/recordings {
proxy_pass <http://openviduserver>;
}
location /openvidu/api {
allow all;
deny all;
proxy_pass <http://openviduserver>;
}
location /openvidu/info {
allow all;
deny all;
proxy_pass <http://openviduserver>;
}
location /openvidu/accept-certificate {
proxy_pass <http://openviduserver>;
}
location /openvidu/cdr {
allow all;
deny all;
proxy_pass <http://openviduserver>;
}
#################################
# LetsEncrypt #
#################################
location /.well-known/acme-challenge {
root /var/www/certbot;
try_files $uri $uri/ =404;
}
}