Commit 52303e52 authored by Robin Tissot's avatar Robin Tissot
Browse files

HTTPS Redirect & websockets fixes.

parent 7b91efcd
......@@ -3,8 +3,9 @@ FROM nginx:1.15.0-alpine
RUN rm /etc/nginx/conf.d/default.conf
ARG NGINX_CONF=nginx.conf
ARG SSL_CERT=./certs/fullchain.pem
ARG SSL_KEY=./certs/privkey.pem
ARG SSL_CERT
ARG SSL_KEY
COPY ${NGINX_CONF} /etc/nginx/conf.d/nginx.conf
COPY ${SSL_CERT} /etc/certs/cert.pem
......
......@@ -13,8 +13,6 @@ server {
charset utf-8;
client_max_body_size 150M;
server_name ${SERVERNAME:-localhost};
location /ws/ {
proxy_pass http://websocket;
proxy_http_version 1.1;
......
......@@ -15,7 +15,6 @@ server {
charset utf-8;
client_max_body_size 150M;
server_name ${SERVERNAME:-localhost};
ssl_certificate /etc/certs/cert.pem;
ssl_certificate_key /etc/certs/key.pem;
......@@ -44,6 +43,20 @@ server {
try_files $uri =404;
}
location /ws/ {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location / {
uwsgi_pass escriptorium;
include uwsgi_params;
......@@ -79,7 +92,6 @@ server {
server {
listen 80;
server_name ${SERVERNAME:-localhost};
location /.well-known/acme-challenge {
default_type "text/plain";
......@@ -89,10 +101,10 @@ server {
location = /silent_liveness_check {
access_log off;
return 301 https://$server_name$request_uri;
return 301 https://$host$request_uri;
}
location / {
return 301 https://$server_name$request_uri;
return 301 https://$host$request_uri;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment