breim · November 12, 2019 21:34
diff --git a/nginx.conf b/nginx.conf
 <%
 if (s.forceSsl) {
 %>
    server {

        listen       80;

        server_name  <%-s.publicDomain%>;

        # Used by Lets Encrypt
        location /.well-known/ {
            root <%-s.staticWebRoot%>;
        }

        location / {
            return 302 https://$http_host$request_uri$is_args$query_string;
        }
    }
 <%
 }
 %>


 <%
 if (!s.forceSsl || s.hasSsl) {
 %>

    server {

    <%
    if (!s.forceSsl) {
    %>
        listen       80;
    <%
    }
    if (s.hasSsl) {
    %>
        listen              443 ssl;
        ssl_certificate     <%-s.crtPath%>;
        ssl_certificate_key <%-s.keyPath%>;

        # Mozilla Intermediate configuration. tweak to your needs.
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
        ssl_prefer_server_ciphers on;
    <%
    }
    %>

        client_max_body_size 500m;

        server_name  <%-s.publicDomain%>;

        # 127.0.0.11 is DNS set up by Docker, see:
        # https://docs.docker.com/engine/userguide/networking/configure-dns/
        # https://github.com/moby/moby/issues/20026
        resolver 127.0.0.11 valid=10s;
        # IMPORTANT!! If you are here from an old thread to set a custom port, you do not need to modify this port manually here!!
        # Simply change the Container HTTP Port from the dashboard HTTP panel
        set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;

        location / {

    <%
    if (s.httpBasicAuthPath) {
    %>
            auth_basic           "Restricted Access";
            auth_basic_user_file <%-s.httpBasicAuthPath%>; 
    <%
    }
    %>

            proxy_pass $upstream;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }

        location /.well-known/ {
            root <%-s.staticWebRoot%>;
        }

        error_page 502 /captain_502_custom_error_page.html;
        location = /captain_502_custom_error_page.html {
                root <%-s.customErrorPagesDirectory%>;
                internal;
        }
    }

 <%
 }
 %>
	<%
	if (s.forceSsl) {
	%>
	server {

	listen 80;

	server_name <%-s.publicDomain%>;

	# Used by Lets Encrypt
	location /.well-known/ {
	root <%-s.staticWebRoot%>;
	}

	location / {
	return 302 https://$http_host$request_uri$is_args$query_string;
	}
	}
	<%
	}
	%>


	<%
	if (!s.forceSsl \|\| s.hasSsl) {
	%>

	server {

	<%
	if (!s.forceSsl) {
	%>
	listen 80;
	<%
	}
	if (s.hasSsl) {
	%>
	listen 443 ssl;
	ssl_certificate <%-s.crtPath%>;
	ssl_certificate_key <%-s.keyPath%>;

	# Mozilla Intermediate configuration. tweak to your needs.
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
	ssl_prefer_server_ciphers on;
	<%
	}
	%>

	client_max_body_size 500m;

	server_name <%-s.publicDomain%>;

	# 127.0.0.11 is DNS set up by Docker, see:
	# https://docs.docker.com/engine/userguide/networking/configure-dns/
	# https://github.com/moby/moby/issues/20026
	resolver 127.0.0.11 valid=10s;
	# IMPORTANT!! If you are here from an old thread to set a custom port, you do not need to modify this port manually here!!
	# Simply change the Container HTTP Port from the dashboard HTTP panel
	set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;

	location / {

	<%
	if (s.httpBasicAuthPath) {
	%>
	auth_basic "Restricted Access";
	auth_basic_user_file <%-s.httpBasicAuthPath%>;
	<%
	}
	%>

	proxy_pass $upstream;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	location /.well-known/ {
	root <%-s.staticWebRoot%>;
	}

	error_page 502 /captain_502_custom_error_page.html;
	location = /captain_502_custom_error_page.html {
	root <%-s.customErrorPagesDirectory%>;
	internal;
	}
	}

	<%
	}
	%>