upstream jingrow-bench-jingrow { server 127.0.0.1:8000 fail_timeout=0; } upstream jingrow-bench-socketio-server { server 127.0.0.1:9000 fail_timeout=0; } server { listen 80 default_server; server_name ""; return 444; } server { listen 443 ssl http2 default_server; server_name ""; ssl on; ssl_certificate /etc/letsencrypt/live/jingrow.cloud/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/jingrow.cloud/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_stapling on; ssl_stapling_verify on; ssl_ecdh_curve secp384r1; return 444; } # setup maps map $host $site_name_sxjfjnv { jcloud.jingrow.com jingrow.cloud; default $host; } # server blocks server { listen 443 ssl http2; server_name jingrow.cloud ; root /home/jingrow/jingrow-bench/sites; ssl on; ssl_certificate /etc/letsencrypt/live/code.jcloud.jingrow.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/code.jcloud.jingrow.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_stapling on; ssl_stapling_verify on; ssl_ecdh_curve secp384r1; add_header X-Frame-Options "SAMEORIGIN"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; return 301 https://jcloud.jingrow.com$request_uri; } # http to https redirect server { if ($host = jingrow.cloud) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name jingrow.cloud ; return 301 https://$host$request_uri; } proxy_cache_path /var/cache/nginx/jscache levels=1:2 keys_zone=jscache:100m inactive=30d use_temp_path=off max_size=100m; proxy_cache_path /var/cache/nginx/assets keys_zone=assets_cache:10m loader_threshold=300 loader_files=200 max_size=200m; server { listen 443 ssl http2; server_name jcloud.jingrow.com ; root /home/jingrow/jingrow-bench/sites; ssl on; ssl_certificate /etc/letsencrypt/live/code.jcloud.jingrow.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/code.jcloud.jingrow.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_stapling on; ssl_stapling_verify on; ssl_ecdh_curve secp384r1; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; add_header X-Frame-Options "SAMEORIGIN"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Referrer-Policy "same-origin, strict-origin-when-cross-origin"; location /status { auth_basic "NGINX VTS"; auth_basic_user_file /home/jingrow/jingrow-bench/monitoring.htpasswd; vhost_traffic_status_display; vhost_traffic_status_display_format html; } location /metrics { auth_basic "Prometheus"; auth_basic_user_file /home/jingrow/jingrow-bench/monitoring.htpasswd; location /metrics/node { proxy_pass http://127.0.0.1:9100/metrics; } location /metrics/docker { proxy_pass http://127.0.0.1:9323/metrics; } location /metrics/cadvisor { proxy_pass http://127.0.0.1:9338/metrics; } location /metrics/nginx { vhost_traffic_status_display; vhost_traffic_status_display_format prometheus; } location /metrics/mariadb { proxy_pass http://127.0.0.1:9104/metrics; } location /metrics/gunicorn { proxy_pass http://127.0.0.1:9102/metrics; } location /metrics/process { proxy_pass http://127.0.0.1:9256/metrics; } location /metrics/rq { proxy_pass http://127.0.0.1:9726/metrics; } location /metrics/redis { proxy_pass http://127.0.0.1:9121/metrics; } location /metrics/jcloude { proxy_http_version 1.1; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Jingrow-Site-Name $site_name_sxjfjnv; proxy_set_header Host $host; proxy_set_header X-Use-X-Accel-Redirect True; proxy_read_timeout 120; proxy_redirect off; proxy_set_header Authorization ""; rewrite /metrics/jcloude /metrics break; proxy_pass http://jingrow-bench-jingrow; } } location /assets { proxy_cache assets_cache; proxy_cache_key $scheme$host$request_uri; proxy_cache_valid 200 302 10m; proxy_cache_valid 404 1m; proxy_cache_bypass $http_secret_cache_purge; add_header X-Cache-Status $upstream_cache_status; add_header Cache-Control "max-age=31536000"; try_files $uri =404; } location ~ ^/protected/(.*) { internal; try_files /$site_name_sxjfjnv/$1 =404; } location = /js/script.js { proxy_pass https://analytics.jingrow.cloud/js/plausible.js; proxy_buffering on; proxy_cache jscache; proxy_cache_valid 200 6h; proxy_cache_use_stale updating error timeout invalid_header http_500; proxy_set_header Host analytics.jingrow.cloud; proxy_ssl_name analytics.jingrow.cloud; proxy_ssl_server_name on; proxy_ssl_session_reuse off; proxy_ssl_protocols TLSv1.3; proxy_hide_header Cache-Control; proxy_ignore_headers Cache-Control; add_header Cache-Control "max-age=31536000"; add_header X-Cache-Status $upstream_cache_status; } location = /api/event { proxy_pass https://analytics.jingrow.cloud/api/event; proxy_buffering on; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $REMOTE_ADDR; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header Host analytics.jingrow.cloud; proxy_ssl_name analytics.jingrow.cloud; proxy_ssl_server_name on; proxy_ssl_session_reuse off; proxy_ssl_protocols TLSv1.3; add_header Cache-Control "max-age=31536000"; } location /socket.io { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Jingrow-Site-Name $site_name_sxjfjnv; proxy_set_header Origin $scheme://$http_host; proxy_set_header Host $host; proxy_pass http://jingrow-bench-socketio-server; } location = /website_script.js { proxy_cache assets_cache; proxy_cache_key $scheme$host$request_uri; proxy_cache_valid 200 302 10m; proxy_cache_valid 404 1m; proxy_cache_bypass $http_secret_cache_purge; proxy_set_header X-Forwarded-For $REMOTE_ADDR; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Jingrow-Site-Name $site_name_sxjfjnv; proxy_set_header Host $host; proxy_read_timeout 120; proxy_redirect off; proxy_hide_header Set-Cookie; proxy_ignore_headers Set-Cookie; proxy_set_header Cookie ""; add_header Cache-Control "max-age=31536000"; proxy_pass http://jingrow-bench-jingrow; } location ~ ^/saas/billing.* { proxy_cache assets_cache; proxy_cache_key $scheme$host$request_uri; proxy_cache_valid 200 302 10m; proxy_cache_valid 404 1m; proxy_ignore_headers "Set-Cookie"; proxy_hide_header "Set-Cookie"; proxy_set_header Cookie ""; add_header Content-Security-Policy "frame-ancestors 'self' https://*.jerp.jingrow.com https://*.jingrowhr.com https://*.jingrow.cloud https://*.jingrowdesk.com;"; add_header X-Cache-Status $upstream_cache_status; proxy_set_header X-Forwarded-For $REMOTE_ADDR; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Jingrow-Site-Name $site_name_sxjfjnv; proxy_set_header Host $host; proxy_set_header X-Use-X-Accel-Redirect True; proxy_read_timeout 120; proxy_redirect off; proxy_pass http://jingrow-bench-jingrow; http2_push_preload on; } location ~ ^/dashboard/checkout* { proxy_cache assets_cache; proxy_cache_key $scheme$host$request_uri; proxy_cache_valid 200 302 10m; proxy_cache_valid 404 1m; proxy_ignore_headers "Set-Cookie"; proxy_hide_header "Set-Cookie"; proxy_set_header Cookie ""; add_header Content-Security-Policy "frame-ancestors 'self' https://*.jerp.jingrow.com https://*.jingrowhr.com https://*.jingrow.cloud https://*.jingrowdesk.com;"; add_header X-Cache-Status $upstream_cache_status; proxy_set_header X-Forwarded-For $REMOTE_ADDR; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Jingrow-Site-Name $site_name_sxjfjnv; proxy_set_header Host $host; proxy_set_header X-Use-X-Accel-Redirect True; proxy_read_timeout 120; proxy_redirect off; proxy_pass http://jingrow-bench-jingrow; http2_push_preload on; } location ~ ^/dashboard/in-desk-billing* { proxy_cache assets_cache; proxy_cache_key $scheme$host$request_uri; proxy_cache_valid 200 302 10m; proxy_cache_valid 404 1m; proxy_ignore_headers "Set-Cookie"; proxy_hide_header "Set-Cookie"; proxy_set_header Cookie ""; add_header Content-Security-Policy "frame-ancestors 'self' https://*.jerp.jingrow.com https://*.jingrowhr.com https://*.jingrow.cloud https://*.jingrowdesk.com;"; add_header X-Cache-Status $upstream_cache_status; proxy_set_header X-Forwarded-For $REMOTE_ADDR; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Jingrow-Site-Name $site_name_sxjfjnv; proxy_set_header Host $host; proxy_set_header X-Use-X-Accel-Redirect True; proxy_read_timeout 120; proxy_redirect off; proxy_pass http://jingrow-bench-jingrow; http2_push_preload on; } location ~ ^/api/action/jcloude.api.developer.saas.* { if ($request_method = 'OPTIONS') { add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; add_header Access-Control-Allow-Headers "x-jingrow-cmd,x-jingrow-csrf-token"; add_header Access-Control-Max-Age 1728000; add_header Content-Type "text/plain; charset=utf-8"; add_header Content-Length 0; return 204; } proxy_cache assets_cache; proxy_cache_key $scheme$host$request_uri; proxy_cache_valid 200 302 10m; proxy_cache_valid 404 1m; add_header Access-Control-Allow-Origin "*" always; add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; add_header Access-Control-Allow-Headers "x-jingrow-cmd,x-jingrow-csrf-token"; add_header X-Cache-Status $upstream_cache_status; proxy_set_header X-Forwarded-For $REMOTE_ADDR; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Jingrow-Site-Name $site_name_sxjfjnv; proxy_set_header Host $host; proxy_set_header X-Use-X-Accel-Redirect True; proxy_read_timeout 120; proxy_redirect off; proxy_pass http://jingrow-bench-jingrow; http2_push_preload on; } location / { rewrite ^(.+)/$ $1 permanent; rewrite ^(.+)/index\.html$ $1 permanent; rewrite ^(.+)\.html$ $1 permanent; location ~ ^/files/.*.(png|jpe?g|gif|css|js|mp3|wav|ogg|flac|avi|mov|mp4|m4v|mkv|webm) { add_header Cache-Control "max-age=31536000"; try_files /$site_name_sxjfjnv/public/$uri @webserver; } location ~* ^/files/.*.(htm|html|svg|xml) { add_header Cache-Control "max-age=31536000"; add_header Content-disposition "attachment"; try_files /$site_name_sxjfjnv/public/$uri @webserver; } try_files /$site_name_sxjfjnv/public/$uri @webserver; } location @webserver { proxy_http_version 1.1; proxy_set_header X-Forwarded-For $REMOTE_ADDR; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Jingrow-Site-Name $site_name_sxjfjnv; proxy_set_header Host $host; proxy_set_header X-Use-X-Accel-Redirect True; proxy_read_timeout 120; proxy_redirect off; proxy_pass http://jingrow-bench-jingrow; http2_push_preload on; } # error pages error_page 502 /502.html; location /502.html { root /home/jingrow/.pyenv/versions/3.10.0/lib/python3.10/site-packages/bench/config/templates; internal; } # optimizations sendfile on; keepalive_timeout 15; client_max_body_size 50m; client_body_buffer_size 16K; client_header_buffer_size 1k; # enable gzip compresion # based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge gzip on; gzip_http_version 1.1; gzip_comp_level 5; gzip_min_length 256; gzip_proxied any; gzip_vary on; gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/font-woff application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component ; # text/html is always compressed by HttpGzipModule } # http to https redirect server { if ($host = jcloud.jingrow.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name jcloud.jingrow.com ; return 301 https://$host$request_uri; }