update nginx config to use api.nutra.tk subdomain

author nutra-bot <nutradigest@gmail.com>

Thu, 20 Apr 2023 23:18:17 +0000 (23:18 +0000)

committer nutra-bot <nutradigest@gmail.com>

Thu, 20 Apr 2023 23:23:29 +0000 (23:23 +0000)
author nutra-bot <nutradigest@gmail.com>
Thu, 20 Apr 2023 23:18:17 +0000 (23:18 +0000)
committer nutra-bot <nutradigest@gmail.com>
Thu, 20 Apr 2023 23:23:29 +0000 (23:23 +0000)
diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf

index 7fe2e71a4d3563e6fc5e68269d60e2f57f67e81f..aaca5ce6ddf18aec6bd4e617485b4b232b19f723 100644 (file)
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -1,9 +1,3 @@
-upstream dev.nutra.tk {
-  keepalive 100;
-  server 127.0.0.1:20000;
-  # server unix:/tmp/sanic.sock;
-}
-
  # Redirect all HTTP to HTTPS with no-WWW
  server {
    listen 80 default_server;
@@ -12,13 +6,38 @@ server {
    return 301 https://$1$request_uri;
  }
  
+# API
+server {
+  server_name api-dev.nutra.tk api.dev.nutra.tk;
+  #listen 80;
+  listen 443 ssl http2;
+  resolver 127.0.0.1;
+
+  # Sanic
+  location / {
+    proxy_pass http://127.0.0.1:20000; # API server
+    # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered)
+    proxy_http_version 1.1;
+    proxy_request_buffering off;
+    proxy_buffering off;
+    # Proxy forwarding (password configured in app.config.FORWARDED_SECRET)
+    proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\"";
+    # Allow websockets and keep-alive (avoid connection: close)
+    proxy_set_header connection "upgrade";
+    proxy_set_header upgrade $http_upgrade;
+  }
+}
+
+# UI, blog, favicon, default server
  server {
    server_name dev.nutra.tk;
    #listen 80 default_server;
    #listen [::]:80 ipv6only=on;
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+  # HSTS
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
@@ -32,29 +51,12 @@ server {
      #try_files $uri $uri/ /index.html =404;
    }
  
-
    # Blog / Sphinx
    location /blog {
      alias /var/www/blog;
      index index.html;
    }
  
-
-  # Sanic
-  location /api/ {
-    proxy_pass http://$server_name;
-    # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered)
-    proxy_http_version 1.1;
-    proxy_request_buffering off;
-    proxy_buffering off;
-    # Proxy forwarding (password configured in app.config.FORWARDED_SECRET)
-    proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\"";
-    # Allow websockets and keep-alive (avoid connection: close)
-    proxy_set_header connection "upgrade";
-    proxy_set_header upgrade $http_upgrade;
-  }
-
-
    # default favicon
    location = /favicon.ico {
      alias /var/www/favicon.gif;
@@ -65,7 +67,6 @@ server {
      allow all;
    }
  
-
    # HTTPS / SSL
    ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot
author	nutra-bot <nutradigest@gmail.com>
	Thu, 20 Apr 2023 23:18:17 +0000 (23:18 +0000)
committer	nutra-bot <nutradigest@gmail.com>
	Thu, 20 Apr 2023 23:23:29 +0000 (23:23 +0000)