Commit 8674e847 authored by Jacob Priddy's avatar Jacob Priddy 👌
Browse files

I hate nginx so much right now

parent a82f469b
# Thers a stupid bug in nginx that's been around for years that makes it so we can't easily put both front and backend
# on the same server. So we'll just do a proxy pass...
# Checkout https://ssl-config.mozilla.org/ for ocnfiguring secure ssl
# Checkout https://ssl-config.mozilla.org/ for configuring secure ssl
# Bug is you cannot use try_files with alias, and has been open for almost 10 years at this point...
upstream localhost.docs {
server 127.0.0.1:80;
}
upstream localhost.api {
server 127.0.0.1:443;
server 127.0.0.1:80;
}
server {
......@@ -71,7 +76,7 @@ server {
}
location /api {
proxy_pass https://localhost.api;
proxy_pass http://localhost.api;
}
location / {
......@@ -82,27 +87,9 @@ server {
server {
server_name localhost.api;
listen 443 ssl;
listen 80;
index index.php index.html;
ssl_certificate /run/secrets/webserver_cert;
ssl_certificate_key /run/secrets/webserver_key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /run/dhparam/dhparam;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_trusted_certificate /run/secrets/root_cert;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/backend/public;
......
......@@ -3,7 +3,8 @@
# Thers a stupid bug in nginx that's been around for years that makes it so we can't easily put both front and backend
# on the same server. So we'll just do a proxy pass...
# Checkout https://ssl-config.mozilla.org/ for ocnfiguring secure ssl
# Checkout https://ssl-config.mozilla.org/ for configuring secure ssl
# Bug is you cannot use try_files with alias, and has been open for almost 10 years at this point...
upstream localhost.api {
server 127.0.0.1:443;
}
......@@ -69,30 +70,11 @@ server {
}
}
server {
server_name localhost.api;
listen 443 ssl;
listen 80;
index index.php index.html;
ssl_certificate /run/secrets/webserver_cert;
ssl_certificate_key /run/secrets/webserver_key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /run/dhparam/dhparam;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_trusted_certificate /run/secrets/root_cert;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /var/www/backend/public;
......
......@@ -14,34 +14,6 @@ return [
*/
'output_folder' => 'public/docs',
/*
* Settings for `laravel` type output.
*/
'laravel' => [
/*
* Whether to automatically create a docs endpoint for you to view your generated docs.
* If this is false, you can still set up routing manually.
*/
'autoload' => false,
/*
* URL path to use for the docs endpoint (if `autoload` is true).
*
* By default, `/doc` opens the HTML page, and `/doc.json` downloads the Postman collection.
*/
'docs_url' => '/doc',
/*
* Middleware to attach to the docs endpoint (if `autoload` is true).
*/
'middleware' => [],
],
/*
* The router to be used (Laravel or Dingo).
*/
'router' => 'laravel',
/*
* The storage to be used when generating assets.
* By default, uses 'local'. If you are using Laravel Vapor, please use S3 and make sure
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment