diff --git a/conf/nginx-docker/nginx.conf b/conf/nginx-docker/nginx.conf index 753ed741c5ded..6929179121f5d 100644 --- a/conf/nginx-docker/nginx.conf +++ b/conf/nginx-docker/nginx.conf @@ -16,8 +16,8 @@ # we need to have main domain for CORS (see nginx-cors includes) map $host $main_domain { - default ...; - ~*.*\.(?[^.]+\.[^.]+) $host_main_domain; + default ...; + ~*.*\.(?[^.]+\.[^.]+) $host_main_domain; } include /etc/nginx/snippets/expires-no-json-xml.conf; @@ -29,7 +29,10 @@ server { # Product Opener needs a root domain + a wildcard for all subdomains server_name ${PRODUCT_OPENER_DOMAIN} *.${PRODUCT_OPENER_DOMAIN}; - access_log /var/log/nginx/${productopener_access_file_prefix}access.log; + # logs location: default is static-off, will be changed to proxy-off + # for requests passed to Apache + access_log /var/log/nginx/static-off-access.log; + error_log /var/log/nginx/static-off-error.log; # static file we serve are in html/ root /opt/product-opener/html/; @@ -41,13 +44,6 @@ server { # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; - location /data/ { - include /etc/nginx/snippets/off.cors-headers.include; - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; - } - # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; @@ -62,7 +58,7 @@ server { # Static files are served directly by NGINX - location ~ ^/files/(.*) { + location ~ ^/(.well-known|files|data|exports|dump)/ { include snippets/off.cors-headers.include; include /etc/nginx/snippets/expiry-headers.include; # fist try in files_resources @@ -71,7 +67,7 @@ server { gunzip on; } - location ~ ^/(.well-known|images|fonts|css|js|rss|resources|foundation|bower_components)/ { + location ~ ^/(images|fonts|css|js|donate|resources)/ { include /etc/nginx/snippets/off.cors-headers.include; include /etc/nginx/snippets/expiry-headers.include; # First attempt to serve request as file, off_web_html acting as an override, @@ -96,7 +92,7 @@ server { } # redirects of some locations - include /etc/nginx/snippets/off.locations-redirects.include; + include /etc/nginx/snippets/off.locations-redirects.include; # Dynamically generated files and CGI scripts are passed # to the Apache + mod_perl server running on the backend container @@ -112,8 +108,10 @@ server { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + access_log /var/log/nginx/proxy-off-access.log; + error_log /var/log/nginx/proxy-off-error.log; set $backend backend; - proxy_pass http://$backend/cgi/display.pl?$request_uri; + proxy_pass http://$backend/cgi/display.pl?$request_uri; } location /nginx_status { @@ -127,7 +125,9 @@ server { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + access_log /var/log/nginx/proxy-off-access.log; + error_log /var/log/nginx/proxy-off-error.log; set $backend backend; - proxy_pass http://$backend; + proxy_pass http://$backend; } } diff --git a/conf/nginx/sites-available/obf b/conf/nginx/sites-available/obf index ccc516014a42d..ea3ef516deb71 100644 --- a/conf/nginx/sites-available/obf +++ b/conf/nginx/sites-available/obf @@ -20,8 +20,8 @@ server { # listen 80 default_server; # listen [::]:80 default_server; - listen 80; - listen [::]:80; + listen 80; + listen [::]:80; server_name openbeautyfacts.org *.openbeautyfacts.org ; @@ -40,29 +40,29 @@ server { listen [::]:443 http2 ssl; include snippets/ssl.openbeautyfacts.org; - include snippets/ssl-params.conf; + include snippets/ssl-params.conf; root /srv/obf/html; access_log /srv/obf/logs/nginx.access2.log; error_log /srv/obf/logs/nginx.error2.log; - # Redirect GET requests to https. POST requests will be transformed - # to GET by most browsers when redirected, and it breaks apps that - # use the API through http. - - if ($scheme = http) { - set $test "A"; - } - if ($request_uri !~ "/api/") { - set $test "${test}B"; - } - if ($request_method = GET) { - set $test "${test}C"; - } - if ($test = ABC) { - return 301 https://$host$request_uri; - } + # Redirect GET requests to https. POST requests will be transformed + # to GET by most browsers when redirected, and it breaks apps that + # use the API through http. + + if ($scheme = http) { + set $test "A"; + } + if ($request_uri !~ "/api/") { + set $test "${test}B"; + } + if ($request_method = GET) { + set $test "${test}C"; + } + if ($test = ABC) { + return 301 https://$host$request_uri; + } gzip on; gzip_min_length 1000; @@ -107,14 +107,14 @@ server { try_files $uri $uri/ =404; } - # GoogleAssociationService made 2500 requests/min to assetlinks.json - # and much less when caching headers are sent - location = /.well-known/assetlinks.json { - include snippets/off.cors-headers.include; - include snippets/expiry-headers.include; - expires 1d; - try_files $uri $uri/ =404; - } + # GoogleAssociationService made 2500 requests/min to assetlinks.json + # and much less when caching headers are sent + location = /.well-known/assetlinks.json { + include snippets/off.cors-headers.include; + include snippets/expiry-headers.include; + expires 1d; + try_files $uri $uri/ =404; + } location / { proxy_set_header Host $host; diff --git a/conf/nginx/sites-available/off b/conf/nginx/sites-available/off index dc1390344b0df..dcbfebeef7666 100644 --- a/conf/nginx/sites-available/off +++ b/conf/nginx/sites-available/off @@ -25,8 +25,8 @@ server { root /srv/off/html; - # enable large uploads - client_max_body_size 20M; + # enable large uploads + client_max_body_size 20M; client_body_timeout 120s; client_header_timeout 120s; @@ -115,8 +115,8 @@ server { # recursive hosts as we are proxying behind a proxy set_real_ip_from 10.0.0.0/8; real_ip_recursive on; - access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s; - error_log /var/log/nginx/proxy-off-error.log; + access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s; + error_log /var/log/nginx/proxy-off-error.log; proxy_pass http://127.0.0.1:8004/cgi/display.pl?; } @@ -126,8 +126,8 @@ server { # recursive hosts as we are proxying behind a proxy set_real_ip_from 10.0.0.0/8; real_ip_recursive on; - access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s; - error_log /var/log/nginx/proxy-off-error.log; + access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s; + error_log /var/log/nginx/proxy-off-error.log; proxy_pass http://127.0.0.1:8004; } diff --git a/conf/nginx/sites-available/off-pro b/conf/nginx/sites-available/off-pro index 43a1bce4ef685..2d4bc0b3dba9c 100644 --- a/conf/nginx/sites-available/off-pro +++ b/conf/nginx/sites-available/off-pro @@ -92,7 +92,7 @@ server { set_real_ip_from 10.0.0.0/8; real_ip_recursive on; access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s; - error_log /var/log/nginx/proxy-off-error.log; + error_log /var/log/nginx/proxy-off-error.log; proxy_pass http://127.0.0.1:8014/cgi/display.pl?; } @@ -103,7 +103,7 @@ server { set_real_ip_from 10.0.0.0/8; real_ip_recursive on; access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s; - error_log /var/log/nginx/proxy-off-error.log; + error_log /var/log/nginx/proxy-off-error.log; proxy_pass http://127.0.0.1:8014; }