cobnet-java/default at main · LilPoppy/cobnet-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
upstream cobnet {

	server 127.0.0.1:8089	max_fails=3 fail_timeout=30s;
}

upstream web-socket {

	server 127.0.0.1:8090	max_fails=3 fail_timeout=30s;
}


server {

	listen	80;
	server_name www.storebeans.com storebeans.com;

	location / {

		if ($request_method ~ ^(POST|DELETE|OPTIONS|PATCH|PUT|COPY|HEAD|LINK|UNLINK|PURGE|LOCK|UNLOCK|PROPFIND|VIEW)$) {

	     	proxy_pass https://www.storebeans.com;
	       	break;
	   	}

	   	return 301 https://www.storebeans.com$request_uri;
   	}
}

server {

	listen       443;
	server_name  storebeans.com ssl;

	ssl_certificate     /etc/ssl/certs/www.storebeans.com.crt;
	ssl_certificate_key /etc/ssl/private/www.storebeans.com.key;
	ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;

	location / {

		if ($request_method ~ ^(POST|DELETE|OPTIONS|PATCH|PUT|COPY|HEAD|LINK|UNLINK|PURGE|LOCK|UNLOCK|PROPFIND|VIEW)$) {

	     	proxy_pass https://www.storebeans.com;
	       	break;
	   	}

	   	return 301 https://www.storebeans.com$request_uri;
   	}
}

server {
	listen 443 default_server ssl;
	listen [::]:443 default_server ssl;
     ssl_certificate  /etc/ssl/certs/www.storebeans.com.crt;
     ssl_certificate_key /etc/ssl/private/www.storebeans.com.key;
     ssl_session_timeout 5m;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     ssl_prefer_server_ciphers on;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;
	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		index 200.html;
		try_files $uri $uri/ =404;
		proxy_http_version 1.1;
	 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	 	proxy_set_header X-Forwarded-Proto $scheme;
	 	proxy_set_header X-Forwarded-Port $server_port;
	}

	location /web-socket {

		proxy_set_header Host              	$host;
		proxy_set_header X-Real-IP         	$remote_addr;
		proxy_set_header X-Forwarded-For   	$proxy_add_x_forwarded_for;
     	proxy_set_header X-Forwarded-Prefix	/web-socket;
     	proxy_set_header X-Forwarded-Proto 	$scheme;
     	proxy_set_header X-Forwarded-Host 		$host;
     	proxy_set_header X-Forwarded-Port 		$server_port;
     	proxy_pass	http://web-socket;
	}

     location /api {

     	set $result "";


		if ($request_uri = "/api/visitor/login" ) {

	  		set $result u;
	  	}

		if ($request_method = GET ) {

			set $result "${result}m";
		}

		if ($result = um){

			return 301	https://www.storebeans.com;
  	 	}

    		rewrite /api/(.*) /$1  break;


		add_header TEST		$request_method;
		proxy_set_header Host              	$host;
		proxy_set_header X-Real-IP         	$remote_addr;
		proxy_set_header X-Forwarded-For   	$proxy_add_x_forwarded_for;
     	proxy_set_header X-Forwarded-Prefix	/api;
     	proxy_set_header X-Forwarded-Proto 	$scheme;
     	proxy_set_header X-Forwarded-Host 		$host;
     	proxy_set_header X-Forwarded-Port 		$server_port;
          proxy_pass 	http://cobnet;

	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}

	error_log /var/www/error.log;
	access_log /var/www/access.log;
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}