fixes

SergTyapkin · Dec 9, 2024 · 9249796 · 9249796
1 parent e2dc81c
commit 9249796
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 53 deletions.
diff --git a/docker-deploy/docker-compose.template.yaml b/docker-deploy/docker-compose.template.yaml
@@ -10,6 +10,7 @@ services:
         - NGINX_RELEASE
         - NODE_RELEASE
     volumes:
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./container-dist:/frontend-dist:rw
       - ./certbot/www:/var/www/certbot/:ro
       - ./certbot/conf/:/etc/nginx/ssl/:ro

diff --git a/docker-deploy/nginx/nginx.conf b/docker-deploy/nginx/nginx.conf
@@ -0,0 +1,36 @@
+# load_module modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
+# load_module modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    gzip on;
+#     brotli on;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    include /etc/nginx/conf.d/*.conf;
+}
diff --git a/docker-deploy/nginx/templates/default.conf.template b/docker-deploy/nginx/templates/default.conf.template
@@ -1,61 +1,26 @@
-# load_module modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
-# load_module modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
+server {
+    listen 80;
+    listen [::]:80;
+    server_name ${DOMAIN_URL};
 
-user nginx;
-worker_processes auto;
-error_log /var/log/nginx/error.log;
-pid /run/nginx.pid;
+    include /etc/nginx/include_locations/http/*.conf;
 
-# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
-include /usr/share/nginx/modules/*.conf;
-
-events {
-    worker_connections 1024;
+    return 301 https://$host$request_uri;  # redirect on https
 }
 
-http {
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile            on;
-    tcp_nopush          on;
-    tcp_nodelay         on;
-    keepalive_timeout   65;
-    types_hash_max_size 2048;
-
-    gzip on;
-#     brotli on;
-
-    include             /etc/nginx/mime.types;
-    default_type        application/octet-stream;
-
-    server {
-        listen 80;
-        listen [::]:80;
-        server_name ${DOMAIN_URL};
-
-        include /etc/nginx/include_locations/http/*.conf;
-
-        return 301 https://$host$request_uri;  # redirect on https
-    }
-
-    server {
-        listen       443 ssl default_server;
-        listen       [::]:443 ssl;
-        server_name  ${DOMAIN_URL};
-        http2 on;
+server {
+    listen       443 ssl default_server;
+    listen       [::]:443 ssl;
+    server_name  ${DOMAIN_URL};
+    http2 on;
 
-        http2_push_preload on;
+    http2_push_preload on;
 
-        ssl_certificate /etc/nginx/ssl/live/${DOMAIN_URL}/fullchain.pem;
-        ssl_certificate_key /etc/nginx/ssl/live/${DOMAIN_URL}/privkey.pem;
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-        ssl_prefer_server_ciphers on;
+    ssl_certificate /etc/nginx/ssl/live/${DOMAIN_URL}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/${DOMAIN_URL}/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+    ssl_prefer_server_ciphers on;
 
-        include /etc/nginx/include_locations/https/*.conf;
-    }
+    include /etc/nginx/include_locations/https/*.conf;
 }
diff --git a/src/utils/constants.ts → src/constants.ts b/src/utils/constants.ts → src/constants.ts