ssl_certificate /run/secrets/site.fullchain.crt; ssl_certificate_key /run/secrets/site.key; ssl_session_timeout 1d; ssl_session_cache shared:MySSL:10m; ssl_session_tickets off; ssl_dhparam /dhparam.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; add_header Strict-Transport-Security "max-age=63072000" always; ssl_trusted_certificate /run/secrets/site.fullchain.crt; send_timeout 11s; proxy_connect_timeout 3s; proxy_send_timeout 3s; proxy_read_timeout 10s; client_header_timeout 3s; client_max_body_size 1m; error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 599 /error.html; proxy_intercept_errors off; upstream gui { server gui:8080 fail_timeout=5s; } upstream aoa { server aoa:3333 max_fails=2 fail_timeout=5s; keepalive 4; } upstream api { server api:3000 max_fails=2 fail_timeout=5s; keepalive 4; } upstream pwa { server pwa:3030 max_fails=2 fail_timeout=5s; keepalive 4; } server { listen 8888; listen [::]:8888; server_name _; return 301 https://uqrate.org$request_uri; } server { listen 8888; listen [::]:8888; listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.uqrate.org; return 301 https://uqrate.org$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name uqrate.org; location = /error.html { ssi on; internal; auth_basic off; root /usr/share/nginx/html; } location = /error.json { ssi on; internal; auth_basic off; root /usr/share/nginx/html; } location = /50x.html { root /usr/share/nginx/html; } location = /favicon.svg { root /usr/share/nginx/html; } location = /rpx_status { allow 192.168.1.0/24; allow 10.0.0.0/24; allow 2601:140:8f00:29a:1534:1d1a:36e4:8526; deny all; stub_status; } location /adm/ { proxy_pass http://gui/; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto $scheme; error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.json; } location /aoa/v1/ { proxy_pass http://aoa/aoa/v1/; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto $scheme; error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.json; } location /api/v1/ { proxy_pass http://api/api/v1/; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto $scheme; error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.json; } location / { proxy_pass http://pwa/; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto $scheme; } }