diff options
Diffstat (limited to 'examples/proxy/nginx')
6 files changed, 345 insertions, 0 deletions
diff --git a/examples/proxy/nginx/sites-common b/examples/proxy/nginx/sites-common new file mode 100644 index 0000000..d906992 --- /dev/null +++ b/examples/proxy/nginx/sites-common @@ -0,0 +1,13 @@ +proxy_read_timeout 60s; +proxy_redirect off; + +proxy_set_header Host $http_host; + +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + +proxy_set_header X-Forwarded-Proto $scheme; + +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection "upgrade"; diff --git a/examples/proxy/nginx/sites.template.scalelite-cluster b/examples/proxy/nginx/sites.template.scalelite-cluster new file mode 100644 index 0000000..395fabe --- /dev/null +++ b/examples/proxy/nginx/sites.template.scalelite-cluster @@ -0,0 +1,77 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server scalelite-api-1:80 max_fails=3 fail_timeout=30s; + server scalelite-api-2:80 max_fails=3 fail_timeout=30s; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings-1:80 max_fails=3 fail_timeout=30s; + server scalelite-recordings-2:80 max_fails=3 fail_timeout=30s; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl; + listen [::]:443 ssl; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /bigbluebutton/api/ { + proxy_pass http://docker-scalelite-api; + + proxy_read_timeout 60s; + proxy_redirect off; + + proxy_set_header Host $http_host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location / { + proxy_pass http://docker-scalelite-recordings; + + proxy_read_timeout 60s; + proxy_redirect off; + + proxy_set_header Host $http_host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/examples/proxy/nginx/sites.template.scalelite-local b/examples/proxy/nginx/sites.template.scalelite-local new file mode 100644 index 0000000..dfb5f97 --- /dev/null +++ b/examples/proxy/nginx/sites.template.scalelite-local @@ -0,0 +1,64 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server $NGINX_HOSTNAME:3000; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings:80; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl; + listen [::]:443 ssl; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /health_check { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } + + location /bigbluebutton/api/ { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } + + location /presentation/ { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location /playback/ { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location / { + proxy_pass http://docker-scalelite-api/health_check; + include /etc/nginx/sites-common; + } +} diff --git a/examples/proxy/nginx/sites.template.scalelite-local-protected b/examples/proxy/nginx/sites.template.scalelite-local-protected new file mode 100644 index 0000000..d53d130 --- /dev/null +++ b/examples/proxy/nginx/sites.template.scalelite-local-protected @@ -0,0 +1,61 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server $NGINX_HOSTNAME:3000; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings:80; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl; + listen [::]:443 ssl; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /health_check { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } + + location /static-resource/ { + rewrite /static-resource(/|$)(.*) /$2 break; + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + internal; + } + + location /playback { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location / { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } +} diff --git a/examples/proxy/nginx/sites.template.scalelite-proxy b/examples/proxy/nginx/sites.template.scalelite-proxy new file mode 100644 index 0000000..c099bcb --- /dev/null +++ b/examples/proxy/nginx/sites.template.scalelite-proxy @@ -0,0 +1,69 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server scalelite-api:3000; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings:80; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl http2; + listen [::]:443 ssl http2; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /health_check { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } + + location /bigbluebutton/api/ { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } + + location /presentation/ { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location /playback/ { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location / { + proxy_pass http://docker-scalelite-api/health_check; + include /etc/nginx/sites-common; + } +} diff --git a/examples/proxy/nginx/sites.template.scalelite-proxy-protected b/examples/proxy/nginx/sites.template.scalelite-proxy-protected new file mode 100644 index 0000000..5a8403a --- /dev/null +++ b/examples/proxy/nginx/sites.template.scalelite-proxy-protected @@ -0,0 +1,61 @@ +#### For <$NGINX_HOSTNAME> + +upstream docker-scalelite-api { + server scalelite-api:3000; +} + +upstream docker-scalelite-recordings { + server scalelite-recordings:80; +} + +server { + server_name $NGINX_HOSTNAME; + + listen 80; + listen [::]:80; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +server { + server_name $NGINX_HOSTNAME; + + listen 443 ssl; + listen [::]:443 ssl; + + ## Configuration for Letsencrypt SSL Certificate + ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem; + + ## Configuration for SSL Certificate from a CA other than LetsEncrypt + #ssl_certificate /etc/ssl/fullchain.pem; + #ssl_certificate_key /etc/ssl/privkey.pem; + + location /health_check { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } + + location /static-resource/ { + rewrite /static-resource(/|$)(.*) /$2 break; + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + internal; + } + + location /playback { + proxy_pass http://docker-scalelite-recordings; + include /etc/nginx/sites-common; + } + + location / { + proxy_pass http://docker-scalelite-api; + include /etc/nginx/sites-common; + } +} |