# user nginx; worker_processes auto; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log warn; proxy_cache_path /tmp/cache keys_zone=my_cache:10m max_size=1g inactive=60m use_temp_path=off; client_max_body_size 5G; gzip on; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; gzip_min_length 1000; limit_req_zone $binary_remote_addr zone=api_limit:10m rate=5r/s; # upstream web_backend { # least_conn; # server web_backend1:5000; # server web_backend2:5000; # # } upstream gitea { least_conn; server gitea:3000; } upstream drone { least_conn; server drone:80; } server { #https://nginx.org/ru/docs/http/ngx_http_stub_status_module.html #https://github.com/nginx/nginx-prometheus-exporter listen 9888; server_name localhost; location /nginx_status { stub_status; allow all; # allow 127.0.0.1; # allow 172.18.0.0/16; # deny all; } } server { listen 80; server_name ronis0505.tech git.ronis0505.tech drone.ronis0505.tech grafana.ronis0505.tech; location /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name git.ronis0505.tech; ssl_certificate /etc/letsencrypt/live/ronis0505.tech/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ronis0505.tech/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; include /etc/nginx/shared_locations.conf; location / { proxy_pass http://gitea; client_max_body_size 5G; include /etc/nginx/proxy_common.conf; error_page 502 504 /server_not_available.html; } } server { listen 443 ssl; server_name grafana.ronis0505.tech; ssl_certificate /etc/letsencrypt/live/ronis0505.tech/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ronis0505.tech/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; include /etc/nginx/shared_locations.conf; location / { proxy_pass http://grafana:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; include /etc/nginx/proxy_common.conf; error_page 502 504 /server_not_available.html; } } server { listen 443 ssl; server_name drone.ronis0505.tech; ssl_certificate /etc/letsencrypt/live/ronis0505.tech/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ronis0505.tech/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; include /etc/nginx/shared_locations.conf; location / { proxy_pass http://drone; include /etc/nginx/proxy_common.conf; error_page 502 504 /server_not_available.html; } } server { listen 443 ssl; server_name www.ronis0505.tech; ssl_certificate /etc/letsencrypt/live/ronis0505.tech/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ronis0505.tech/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; include /etc/nginx/shared_locations.conf; # location /api/ { # rewrite ^/api/(.*)$ /$1 break; #deleting "/api/" from path # proxy_pass http://web_backend; # # proxy_cache my_cache; # # proxy_cache_valid 200 1h; # # proxy_cache_valid 404 1m; # include /etc/nginx/proxy_common.conf; # error_page 502 504 /server_not_available.html; # } } }