diff --git a/docker-deploy/docker-compose.template.yaml b/docker-deploy/docker-compose.template.yaml index cd20033..a042042 100644 --- a/docker-deploy/docker-compose.template.yaml +++ b/docker-deploy/docker-compose.template.yaml @@ -10,6 +10,7 @@ services: - NGINX_RELEASE - NODE_RELEASE volumes: + - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./container-dist:/frontend-dist:rw - ./certbot/www:/var/www/certbot/:ro - ./certbot/conf/:/etc/nginx/ssl/:ro diff --git a/docker-deploy/nginx/nginx.conf b/docker-deploy/nginx/nginx.conf new file mode 100644 index 0000000..ebd6f62 --- /dev/null +++ b/docker-deploy/nginx/nginx.conf @@ -0,0 +1,36 @@ +# load_module modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly +# load_module modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + gzip on; +# brotli on; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/docker-deploy/nginx/templates/default.conf.template b/docker-deploy/nginx/templates/default.conf.template index c767c9a..a91d8ac 100644 --- a/docker-deploy/nginx/templates/default.conf.template +++ b/docker-deploy/nginx/templates/default.conf.template @@ -1,61 +1,26 @@ -# load_module modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly -# load_module modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files +server { + listen 80; + listen [::]:80; + server_name ${DOMAIN_URL}; -user nginx; -worker_processes auto; -error_log /var/log/nginx/error.log; -pid /run/nginx.pid; + include /etc/nginx/include_locations/http/*.conf; -# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. -include /usr/share/nginx/modules/*.conf; - -events { - worker_connections 1024; + return 301 https://$host$request_uri; # redirect on https } -http { - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - - gzip on; -# brotli on; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - server { - listen 80; - listen [::]:80; - server_name ${DOMAIN_URL}; - - include /etc/nginx/include_locations/http/*.conf; - - return 301 https://$host$request_uri; # redirect on https - } - - server { - listen 443 ssl default_server; - listen [::]:443 ssl; - server_name ${DOMAIN_URL}; - http2 on; +server { + listen 443 ssl default_server; + listen [::]:443 ssl; + server_name ${DOMAIN_URL}; + http2 on; - http2_push_preload on; + http2_push_preload on; - ssl_certificate /etc/nginx/ssl/live/${DOMAIN_URL}/fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/live/${DOMAIN_URL}/privkey.pem; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; - ssl_prefer_server_ciphers on; + ssl_certificate /etc/nginx/ssl/live/${DOMAIN_URL}/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/${DOMAIN_URL}/privkey.pem; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ssl_prefer_server_ciphers on; - include /etc/nginx/include_locations/https/*.conf; - } + include /etc/nginx/include_locations/https/*.conf; } diff --git a/src/utils/constants.ts b/src/constants.ts similarity index 100% rename from src/utils/constants.ts rename to src/constants.ts