From: nutra-bot <nutradigest@gmail.com>
Date: Thu, 20 Apr 2023 23:18:17 +0000 (+0000)
Subject: update nginx config to use api.nutra.tk subdomain
X-Git-Url: https://git.nutra.tk/v2?a=commitdiff_plain;h=42ea699ebc84a31448b3b40d64243cc258dd69c1;p=nutratech%2Fvps-root.git

update nginx config to use api.nutra.tk subdomain
---

diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index 7fe2e71..aaca5ce 100644
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -1,9 +1,3 @@
-upstream dev.nutra.tk {
-  keepalive 100;
-  server 127.0.0.1:20000;
-  # server unix:/tmp/sanic.sock;
-}
-
 # Redirect all HTTP to HTTPS with no-WWW
 server {
   listen 80 default_server;
@@ -12,13 +6,38 @@ server {
   return 301 https://$1$request_uri;
 }
 
+# API
+server {
+  server_name api-dev.nutra.tk api.dev.nutra.tk;
+  #listen 80;
+  listen 443 ssl http2;
+  resolver 127.0.0.1;
+
+  # Sanic
+  location / {
+    proxy_pass http://127.0.0.1:20000; # API server
+    # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered)
+    proxy_http_version 1.1;
+    proxy_request_buffering off;
+    proxy_buffering off;
+    # Proxy forwarding (password configured in app.config.FORWARDED_SECRET)
+    proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\"";
+    # Allow websockets and keep-alive (avoid connection: close)
+    proxy_set_header connection "upgrade";
+    proxy_set_header upgrade $http_upgrade;
+  }
+}
+
+# UI, blog, favicon, default server
 server {
   server_name dev.nutra.tk;
   #listen 80 default_server;
   #listen [::]:80 ipv6only=on;
   listen 443 ssl http2 default_server;
   listen [::]:443 ssl ipv6only=on; # managed by Certbot
+  # HSTS
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+  # OCSP stapling
   ssl_stapling on;
   ssl_stapling_verify on;
   ssl_trusted_certificate /etc/ssl/private/ca-certs.pem;
@@ -32,29 +51,12 @@ server {
     #try_files $uri $uri/ /index.html =404;
   }
 
-
   # Blog / Sphinx
   location /blog {
     alias /var/www/blog;
     index index.html;
   }
 
-
-  # Sanic
-  location /api/ {
-    proxy_pass http://$server_name;
-    # Allow fast streaming HTTP/1.1 pipes (keep-alive, unbuffered)
-    proxy_http_version 1.1;
-    proxy_request_buffering off;
-    proxy_buffering off;
-    # Proxy forwarding (password configured in app.config.FORWARDED_SECRET)
-    proxy_set_header forwarded "$proxy_forwarded;secret=\"REDACTED\"";
-    # Allow websockets and keep-alive (avoid connection: close)
-    proxy_set_header connection "upgrade";
-    proxy_set_header upgrade $http_upgrade;
-  }
-
-
   # default favicon
   location = /favicon.ico {
     alias /var/www/favicon.gif;
@@ -65,7 +67,6 @@ server {
     allow all;
   }
 
-
   # HTTPS / SSL
   ssl_certificate /etc/letsencrypt/live/dev.nutra.tk/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot