alekgrischenko · March 26, 2019 16:15 · Mar 26, 2019
diff --git a/nginx-pasenger.conf b/nginx-pasenger.conf
@@ -0,0 +1,139 @@
+# PASSENGER DEV OK
+server {
+  listen 80;
+  listen 443 ssl http2;
+  listen [::]:80;
+  listen [::]:443 ssl http2;
+
+  server_name webapp.example.com;
+
+  location /.well-known/acme-challenge/ { alias /opt/le/.acme-challenges/; }
+
+  gzip on;
+  gzip_static on;
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css application/json
+;
+
+  if ($scheme = http) {
+    rewrite ^ https://$server_name$request_uri permanent;
+  }
+
+  location /img/ {
+    root   /opt/webapp-here/dist;
+  }
+
+#  location /*.* {
+#    root   /opt/webapp-here/dist;
+#  }
+
+  location / {
+    try_files $uri /index.html;
+#    rewrite ^ /index.html$args permanent;
+  }
+
+  location /index.html {
+    root   /opt/webapp-here/dist;
+  }
+
+
+  location /bundle.js {
+    root   /opt/webapp-here/dist;
+  }
+
+  location /api {
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+    proxy_pass_request_headers on;
+    proxy_pass_request_body on;
+    proxy_cookie_domain     localhost webapp.example.com;
+##    include /etc/nginx/passenger.conf;
+##    fastcgi_pass_request_headers on;
+##    proxy_pass              http://webapp-here;
+##    proxy_redirect          default; #localhost;
+
+##    alias $1;
+##    passenger_base_uri /api;
+    passenger_enabled on;
+    passenger_app_env production;
+
+    root /opt/webapp-here/public;
+    passenger_app_root /opt/webapp-here;
+    passenger_document_root /public;
+    passenger_enabled on;
+    passenger_ruby /home/webapp-here/.rbenv/shims/ruby;
+
+    if ($request_method = 'OPTIONS') {
+      add_header 'Access-Control-Allow-Origin' 'https://webapp.example.com';
+      add_header 'Access-Control-Allow-Credentials' 'true';
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
+      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Sin
+ce,Cache-Control,Content-Type,auth-token';
+      add_header 'Access-Control-Max-Age' 1728000;
+      add_header 'Content-Type' 'application/json charset=UTF-8';
+      add_header 'Content-Length' 0;
+      return 204;
+    }
+    if ($request_method = 'POST') {
+      add_header 'Access-Control-Allow-Origin' 'https://webapp.example.com';
+      add_header 'Access-Control-Allow-Credentials' 'true';
+      add_header 'Access-Control-Allow-Methods' 'POST, PUT, OPTIONS, DELETE';
+      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Sin
+ce,Cache-Control,Content-Type,auth-token';
+    }
+    if ($request_method = 'GET') {
+      add_header 'Access-Control-Allow-Origin' 'https://webapp.example.com';
+      add_header 'Access-Control-Allow-Credentials' 'true';
+      add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS';
+      add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Sin
+ce,Cache-Control,Content-Type,auth-token';
+    }
+    access_log /var/log/nginx/webapp-here.access.log;
+    error_log  /var/log/nginx/webapp-here.error.log;
+  }
+
+  ssl_certificate /opt/le/certs/webapp.example.com/fullchain.pem;
+  ssl_certificate_key /opt/le/certs/webapp.example.com/privkey.pem;
+#  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_tickets off; # Requires nginx >= 1.5.9
+  ssl_stapling on; # Requires nginx >= 1.3.7
+  ssl_stapling_verify on; # Requires nginx => 1.3.7
+  resolver 172.17.0.1 valid=300s;
+  resolver_timeout 5s;
+  add_header X-Frame-Options DENY;
+  error_log  /var/log/nginx/webapp-here.error.log;
+  }
+
+  ssl_certificate /opt/le/certs/webapp.example.com/fullchain.pem;
+  ssl_certificate_key /opt/le/certs/webapp.example.com/privkey.pem;
+#  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_tickets off; # Requires nginx >= 1.5.9
+  ssl_stapling on; # Requires nginx >= 1.3.7
+  ssl_stapling_verify on; # Requires nginx => 1.3.7
+  resolver 172.17.0.1 valid=300s;
+  resolver_timeout 5s;
+  add_header X-Frame-Options DENY;
+  add_header X-Content-Type-Options nosniff;
+  ssl_dhparam /etc/nginx/dhparam.pem;
+  ssl_session_timeout 24h;
+  ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEE
+D:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
+  add_header Strict-Transport-Security "max-age=25200; includeSubdomains; preload";
+# add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; sty
+le-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
+# add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; sty
+le-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
+  access_log /var/log/nginx/webapp-here.access.log;
+  error_log  /var/log/nginx/webapp-here.error.log;
+}
No results found