env-docker/Config/ReverseProxy/config/nginx.conf

# 2022-10-05 Hyperling

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid       /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] $host "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    #tcp_nopush on;

    keepalive_timeout 65;

    #gzip on;

    ## Proxy Settings ##
    proxy_redirect     off;
    proxy_set_header   Host               $host;
    proxy_set_header   X-Real-IP          $remote_addr;
    proxy_set_header   X-Forwarded-For    $remote_addr;
    proxy_set_header   X-Forwarded-Proto  $scheme;
    proxy_set_header   HTTP_AUTHORIZATION $http_authorization;
    proxy_hide_header                     X-Powered-By;
    proxy_intercept_errors                on;
    proxy_http_version                    1.1;
    # Proxy Buffer settings - See http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size
    proxy_buffer_size          4k;
    proxy_buffers              4 32k;
    proxy_busy_buffers_size    64k;
    proxy_temp_file_write_size 64k;
    # Timeouts, give up to 5 minutes for slow apps.
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;

    ## LetsEncrypt Certbot Setup ##
    # Allow nginx to fulfill LetsEncrypt Certbot challenges.
    #   This is not working from here, but is working from the individual conf files for some reason.
    #   Have tried adding listen and server_name directives here with no change in functionality.
    server {
        location ^~ /.well-known/acme-challenge/ {
            default_type "text/plain";
            root /etc/nginx/letsencrypt/;
        }
    }

    ## Upstream Configuration ##
    include /etc/nginx/hosts/*;

    ## Reverse Proxied Website Configurations ##
    include /etc/nginx/conf.d/*;
}

# TBD, going live with HTTP first.
mail {
    ## Reverse Proxied Mail Server Configurations ##
    #include /etc/nginx/mail.conf.d/*;
}

stream {
    ## Service Forwarding and Load Balancing ##
    # If this supports the `listen` and `server_name` directives then this may
    # be a better choice than mail{} since it will not require an auth server.
    # It could also be useful as a frontend for ssh, databases, APIs, etc.
    include /etc/nginx/load.conf.d/*;
}
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00			`# 2022-10-05 Hyperling`

Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`user nginx;`
			`worker_processes auto;`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`error_log /var/log/nginx/error.log notice;`
			`pid /var/run/nginx.pid;`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00
			`events {`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`worker_connections 1024;`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00			`}`

			`http {`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`include /etc/nginx/mime.types;`
			`default_type application/octet-stream;`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00
Fixes for Reverse Proxy Go-Live (#6) * Add new area for defining upstream systems. * Example file for demonstration domain. * Use the new upstream hosts section. * Do the proxy directives in the main file. * Commit any final changes. * Fix example resource name. * Mention the need to have ports specified in the upstream file, not server block. * Adjust formatting. 2023-07-09 16:02:47 -07:00			`log_format main '$remote_addr - $remote_user [$time_local] $host "$request" '`
Formatting changes. 2023-07-05 18:02:43 -07:00			`'$status $body_bytes_sent "$http_referer" '`
			`'"$http_user_agent" "$http_x_forwarded_for"';`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00
Formatting changes. 2023-07-05 18:02:43 -07:00			`access_log /var/log/nginx/access.log main;`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`sendfile on;`
			`#tcp_nopush on;`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00
Formatting changes. 2023-07-05 18:02:43 -07:00			`keepalive_timeout 65;`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`#gzip on;`

Fixes for Reverse Proxy Go-Live (#6) * Add new area for defining upstream systems. * Example file for demonstration domain. * Use the new upstream hosts section. * Do the proxy directives in the main file. * Commit any final changes. * Fix example resource name. * Mention the need to have ports specified in the upstream file, not server block. * Adjust formatting. 2023-07-09 16:02:47 -07:00			`## Proxy Settings ##`
			`proxy_redirect off;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $remote_addr;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header HTTP_AUTHORIZATION $http_authorization;`
			`proxy_hide_header X-Powered-By;`
			`proxy_intercept_errors on;`
			`proxy_http_version 1.1;`
			`# Proxy Buffer settings - See http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size`
			`proxy_buffer_size 4k;`
			`proxy_buffers 4 32k;`
			`proxy_busy_buffers_size 64k;`
			`proxy_temp_file_write_size 64k;`
			`# Timeouts, give up to 5 minutes for slow apps.`
			`proxy_connect_timeout 600;`
			`proxy_send_timeout 600;`
			`proxy_read_timeout 600;`
			`send_timeout 600;`

Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`## LetsEncrypt Certbot Setup ##`
			`# Allow nginx to fulfill LetsEncrypt Certbot challenges.`
ReverseProxy Fixes, Nextcloud MariaDB Upgrade (#7) * Working on getting Reverse Proxy certs to work. * Upgrade mariadb to 10.6. * Checking if anything has missed a check in. * Let's Encrypt is working now after moving the location directive to the conf.d files. Unsure why nginx.conf is not passing it along, so added it to the examples too. 2023-07-21 22:23:46 -07:00			`# This is not working from here, but is working from the individual conf files for some reason.`
			`# Have tried adding listen and server_name directives here with no change in functionality.`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`server {`
ReverseProxy Fixes, Nextcloud MariaDB Upgrade (#7) * Working on getting Reverse Proxy certs to work. * Upgrade mariadb to 10.6. * Checking if anything has missed a check in. * Let's Encrypt is working now after moving the location directive to the conf.d files. Unsure why nginx.conf is not passing it along, so added it to the examples too. 2023-07-21 22:23:46 -07:00			`location ^~ /.well-known/acme-challenge/ {`
			`default_type "text/plain";`
			`root /etc/nginx/letsencrypt/;`
Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`}`
			`}`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00
Fixes for Reverse Proxy Go-Live (#6) * Add new area for defining upstream systems. * Example file for demonstration domain. * Use the new upstream hosts section. * Do the proxy directives in the main file. * Commit any final changes. * Fix example resource name. * Mention the need to have ports specified in the upstream file, not server block. * Adjust formatting. 2023-07-09 16:02:47 -07:00			`## Upstream Configuration ##`
			`include /etc/nginx/hosts/*;`

Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. 2023-07-05 20:54:53 -07:00			`## Reverse Proxied Website Configurations ##`
Include files of all names, no longer need a `.conf`. 2023-07-05 18:59:45 -07:00			`include /etc/nginx/conf.d/*;`
First attempt at an NGINX reverse proxy skeleton. 2022-10-05 02:51:52 -05:00			`}`
Add the mail section for later. Confirmed that docker is compiled with the mail modules. 2023-07-08 11:32:22 -07:00
			`# TBD, going live with HTTP first.`
			`mail {`
			`## Reverse Proxied Mail Server Configurations ##`
Comment the directory which does not exist yet. 2023-07-08 11:57:57 -07:00			`#include /etc/nginx/mail.conf.d/*;`
Add the mail section for later. Confirmed that docker is compiled with the mail modules. 2023-07-08 11:32:22 -07:00			`}`
Add a TBD for stream{}. 2023-07-09 06:36:37 -07:00
			`stream {`
			`## Service Forwarding and Load Balancing ##`
			# If this supports the `listen` and `server_name` directives then this may
			`# be a better choice than mail{} since it will not require an auth server.`
			`# It could also be useful as a frontend for ssh, databases, APIs, etc.`
ReverseProxy Fixes, Nextcloud MariaDB Upgrade (#7) * Working on getting Reverse Proxy certs to work. * Upgrade mariadb to 10.6. * Checking if anything has missed a check in. * Let's Encrypt is working now after moving the location directive to the conf.d files. Unsure why nginx.conf is not passing it along, so added it to the examples too. 2023-07-21 22:23:46 -07:00			`include /etc/nginx/load.conf.d/*;`
Add a TBD for stream{}. 2023-07-09 06:36:37 -07:00			`}`