proxy-docker/conf.d/proxy.conf

# Proxy configuration
#
# Redirect http to https
server {
	listen 80;
	listen [::]:80;
	return 301 https://$host$request_uri;
}

# Default server
server {
	listen 443 		default_server ssl;
	listen [::]:443 	default_server ssl;

	server_name		_;

	# SSL configuration
	#
	ssl_certificate		/etc/ssl/private/slurm.ch.chained.crt;
	ssl_certificate_key	/etc/ssl/private/slurm.ch.key;
	
	ssl on;
	ssl_session_cache	builtin:1000	shared:SSL:10m;
	ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 		'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
	ssl_prefer_server_ciphers on;

	ssl_dhparam		/etc/ssl/private/dhparams.pem;

	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";

        gzip on;
        gzip_proxied any;
        gzip_types
          text/css
          text/javascript
          text/xml
          text/plain
          application/javascript
          application/x-javascript
          application/json;
}


# Apache section
server {
	listen 443;
	listen [::]:443;

	server_name ~^(?<site_id>.+)?\.?slurm\.ch$;

	location / {
		proxy_pass		http://localhost:8000;
		proxy_redirect		off;
		proxy_read_timeout	90;
		proxy_set_header	Host $host;
		proxy_set_header	X-Real-IP $remote_addr;
		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header	X-Forwarded-Host $server_name;
		proxy_set_header	X-Forwarded-Proto $scheme;
	}
}


# Gogs section
server {
	listen 443;
	listen [::]:443;

	server_name git.slurm.ch;

	location / {
		proxy_pass		http://localhost:10080;
		proxy_redirect		off;
		proxy_read_timeout	90;
		proxy_set_header	Host $host;
		proxy_set_header	X-Real-IP $remote_addr;
		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header	X-Forwarded-Host $server_name;
		proxy_set_header	X-Forwarded-Proto $scheme;
	}
}


# Docker section
server {
	listen 443;
	listen [::]:443;

	server_name docker.slurm.ch;

	location / {
		proxy_pass		http://localhost:8080;
		proxy_redirect		off;
		proxy_read_timeout	90;
		proxy_set_header	Host $host;
		proxy_set_header	X-Real-IP $remote_addr;
		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header	X-Forwarded-Host $server_name;
		proxy_set_header	X-Forwarded-Proto $scheme;
	}
}


# SZTM section
server {
	listen 443;
	listen [::]:443;

	server_name sztm.slurm.ch;

	location / {
		proxy_pass		http://localhost:18080;
		proxy_redirect		off;
		proxy_read_timeout	90;
		proxy_set_header	Host $host;
		proxy_set_header	X-Real-IP $remote_addr;
		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header	X-Forwarded-Host $server_name;
		proxy_set_header	X-Forwarded-Proto $scheme;
	}
	location /api {
		proxy_pass		http://localhost:13002;
		proxy_redirect		off;
		proxy_read_timeout	90;
		proxy_set_header	Host $host;
		proxy_set_header	X-Real-IP $remote_addr;
		proxy_set_header	X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header	X-Forwarded-Host $server_name;
		proxy_set_header	X-Forwarded-Proto $scheme;

                rewrite ^/api/?(.*) /$1 break;
	}

        gzip on;
        gzip_proxied any;
        gzip_types
          text/css
          text/javascript
          text/xml
          text/plain
          application/javascript
          application/x-javascript
          application/json;
}