Skip to content

Instantly share code, notes, and snippets.

@ryancoughlin

ryancoughlin/gist:951cec1d80bb3621f4e3b03ab5a109cd

Created April 25, 2025 16:41
Show Gist options
  • Save ryancoughlin/951cec1d80bb3621f4e3b03ab5a109cd to your computer and use it in GitHub Desktop.
Save ryancoughlin/951cec1d80bb3621f4e3b03ab5a109cd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
# Configure for sea-surface-temperature
# points to data.saltyoffshore.com - works!
# a record from IP to data.saltyoffshore.com is created in Cloudflare
# Error log configuration
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/access.log combined;
# Cloudflare IPs for real IP forwarding
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
real_ip_header CF-Connecting-IP;
# SSL configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server {
listen 80;
listen [::]:80;
server_name data.saltyoffshore.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name data.saltyoffshore.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
root /data;
autoindex on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
# add_header 'Cache-Control' 'no-store' always;
}
location /static/ {
alias /static/;
autoindex on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Cache-Control' 'public, max-age=86400' always;
}
location /api/ {
alias /api/;
autoindex on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
# add_header 'Cache-Control' 'public, max-age=300' always;
}
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API subdomain
server {
listen 80;
listen [::]:80;
server_name api.saltyoffshore.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name api.saltyoffshore.com;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
location / {
proxy_pass http://salty-ocean-api:5010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
location = /options {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' '*' always;
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment