Fix nginx stale DNS caching causing backend to appear down after restarts
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 22s
All checks were successful
Deploy with Docker Compose / deploy (push) Successful in 22s
Use Docker's embedded DNS resolver (127.0.0.11) with nginx variables in proxy_pass directives so upstream hostnames are re-resolved at runtime instead of being cached forever at startup. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -9,6 +9,8 @@ http {
|
|||||||
server_tokens off;
|
server_tokens off;
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
|
||||||
|
resolver 127.0.0.11 valid=10s;
|
||||||
|
|
||||||
client_max_body_size 50M;
|
client_max_body_size 50M;
|
||||||
|
|
||||||
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
|
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
|
||||||
@@ -71,6 +73,12 @@ http {
|
|||||||
http2 on;
|
http2 on;
|
||||||
server_name www.$DOMAIN;
|
server_name www.$DOMAIN;
|
||||||
|
|
||||||
|
set $upstream_backend http://$BACKEND_HOST:$BACKEND_PORT;
|
||||||
|
set $upstream_icecast http://$ICECAST_HOST:$ICECAST_PORT;
|
||||||
|
set $upstream_gitea http://$GITEA_HOST:$GITEA_PORT;
|
||||||
|
set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT;
|
||||||
|
set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT;
|
||||||
|
set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT;
|
||||||
|
|
||||||
root /etc/nginx/html;
|
root /etc/nginx/html;
|
||||||
index index.html;
|
index index.html;
|
||||||
@@ -139,7 +147,7 @@ http {
|
|||||||
|
|
||||||
location $BACKEND_ENDPOINT/ws {
|
location $BACKEND_ENDPOINT/ws {
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
@@ -152,7 +160,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/auth/login {
|
location $BACKEND_ENDPOINT/auth/login {
|
||||||
limit_req zone=login burst=3 nodelay;
|
limit_req zone=login burst=3 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -162,7 +170,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/messages/upload {
|
location $BACKEND_ENDPOINT/messages/upload {
|
||||||
limit_req zone=upload burst=3 nodelay;
|
limit_req zone=upload burst=3 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -172,7 +180,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/graphql {
|
location $BACKEND_ENDPOINT/graphql {
|
||||||
limit_req zone=graphql burst=10 nodelay;
|
limit_req zone=graphql burst=10 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -182,7 +190,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/ {
|
location $BACKEND_ENDPOINT/ {
|
||||||
limit_req zone=api burst=20 nodelay;
|
limit_req zone=api burst=20 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -194,7 +202,8 @@ http {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /radio/ {
|
location /radio/ {
|
||||||
proxy_pass http://$ICECAST_HOST:$ICECAST_PORT/;
|
rewrite ^/radio/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_icecast;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -206,7 +215,8 @@ http {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /gitea/ {
|
location /gitea/ {
|
||||||
proxy_pass http://$GITEA_HOST:$GITEA_PORT/;
|
rewrite ^/gitea/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_gitea;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -220,7 +230,8 @@ http {
|
|||||||
location /hasura/ {
|
location /hasura/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$HASURA_HOST:$HASURA_PORT/;
|
rewrite ^/hasura/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_hasura;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -237,7 +248,8 @@ http {
|
|||||||
location /notes/ {
|
location /notes/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$QUARTZ_HOST:$QUARTZ_PORT/;
|
rewrite ^/notes/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_quartz;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
@@ -250,7 +262,8 @@ http {
|
|||||||
|
|
||||||
location = /internal/auth/admin-validate {
|
location = /internal/auth/admin-validate {
|
||||||
internal;
|
internal;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/auth/validate-admin;
|
rewrite ^ /auth/validate-admin break;
|
||||||
|
proxy_pass $upstream_backend;
|
||||||
proxy_pass_request_body off;
|
proxy_pass_request_body off;
|
||||||
proxy_set_header Content-Length "";
|
proxy_set_header Content-Length "";
|
||||||
proxy_set_header Cookie $http_cookie;
|
proxy_set_header Cookie $http_cookie;
|
||||||
@@ -267,7 +280,8 @@ http {
|
|||||||
location /searxng/ {
|
location /searxng/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$SEARXNG_HOST:$SEARXNG_PORT/;
|
rewrite ^/searxng/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_searxng;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|||||||
@@ -9,6 +9,8 @@ http {
|
|||||||
server_tokens off;
|
server_tokens off;
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
|
||||||
|
resolver 127.0.0.11 valid=10s;
|
||||||
|
|
||||||
client_max_body_size 50M;
|
client_max_body_size 50M;
|
||||||
|
|
||||||
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
|
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
|
||||||
@@ -44,6 +46,13 @@ http {
|
|||||||
listen 80;
|
listen 80;
|
||||||
server_name $DOMAIN www.$DOMAIN;
|
server_name $DOMAIN www.$DOMAIN;
|
||||||
|
|
||||||
|
set $upstream_backend http://$BACKEND_HOST:$BACKEND_PORT;
|
||||||
|
set $upstream_icecast http://$ICECAST_HOST:$ICECAST_PORT;
|
||||||
|
set $upstream_gitea http://$GITEA_HOST:$GITEA_PORT;
|
||||||
|
set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT;
|
||||||
|
set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT;
|
||||||
|
set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT;
|
||||||
|
|
||||||
location /uploads/ {
|
location /uploads/ {
|
||||||
alias /uploads/;
|
alias /uploads/;
|
||||||
add_header X-Content-Type-Options nosniff always;
|
add_header X-Content-Type-Options nosniff always;
|
||||||
@@ -65,7 +74,7 @@ http {
|
|||||||
|
|
||||||
location $BACKEND_ENDPOINT/ws {
|
location $BACKEND_ENDPOINT/ws {
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
@@ -78,7 +87,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/auth/login {
|
location $BACKEND_ENDPOINT/auth/login {
|
||||||
limit_req zone=login burst=3 nodelay;
|
limit_req zone=login burst=3 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -88,7 +97,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/messages/upload {
|
location $BACKEND_ENDPOINT/messages/upload {
|
||||||
limit_req zone=upload burst=3 nodelay;
|
limit_req zone=upload burst=3 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -98,7 +107,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/ {
|
location $BACKEND_ENDPOINT/ {
|
||||||
limit_req zone=api burst=20 nodelay;
|
limit_req zone=api burst=20 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -110,7 +119,8 @@ http {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /radio/ {
|
location /radio/ {
|
||||||
proxy_pass http://$ICECAST_HOST:$ICECAST_PORT/;
|
rewrite ^/radio/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_icecast;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -122,7 +132,8 @@ http {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /gitea/ {
|
location /gitea/ {
|
||||||
proxy_pass http://$GITEA_HOST:$GITEA_PORT/;
|
rewrite ^/gitea/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_gitea;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -136,7 +147,8 @@ http {
|
|||||||
location /hasura/ {
|
location /hasura/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$HASURA_HOST:$HASURA_PORT/;
|
rewrite ^/hasura/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_hasura;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -153,7 +165,8 @@ http {
|
|||||||
location /notes/ {
|
location /notes/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$QUARTZ_HOST:$QUARTZ_PORT/;
|
rewrite ^/notes/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_quartz;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
@@ -166,7 +179,8 @@ http {
|
|||||||
|
|
||||||
location = /internal/auth/admin-validate {
|
location = /internal/auth/admin-validate {
|
||||||
internal;
|
internal;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/auth/validate-admin;
|
rewrite ^ /auth/validate-admin break;
|
||||||
|
proxy_pass $upstream_backend;
|
||||||
proxy_pass_request_body off;
|
proxy_pass_request_body off;
|
||||||
proxy_set_header Content-Length "";
|
proxy_set_header Content-Length "";
|
||||||
proxy_set_header Cookie $http_cookie;
|
proxy_set_header Cookie $http_cookie;
|
||||||
@@ -183,7 +197,8 @@ http {
|
|||||||
location /searxng/ {
|
location /searxng/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$SEARXNG_HOST:$SEARXNG_PORT/;
|
rewrite ^/searxng/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_searxng;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -200,6 +215,13 @@ http {
|
|||||||
ssl_certificate /etc/letsencrypt/live/localhost/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/localhost/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/localhost/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/localhost/privkey.pem;
|
||||||
|
|
||||||
|
set $upstream_backend http://$BACKEND_HOST:$BACKEND_PORT;
|
||||||
|
set $upstream_icecast http://$ICECAST_HOST:$ICECAST_PORT;
|
||||||
|
set $upstream_gitea http://$GITEA_HOST:$GITEA_PORT;
|
||||||
|
set $upstream_hasura http://$HASURA_HOST:$HASURA_PORT;
|
||||||
|
set $upstream_quartz http://$QUARTZ_HOST:$QUARTZ_PORT;
|
||||||
|
set $upstream_searxng http://$SEARXNG_HOST:$SEARXNG_PORT;
|
||||||
|
|
||||||
location /uploads/ {
|
location /uploads/ {
|
||||||
alias /uploads/;
|
alias /uploads/;
|
||||||
add_header X-Content-Type-Options nosniff always;
|
add_header X-Content-Type-Options nosniff always;
|
||||||
@@ -221,7 +243,7 @@ http {
|
|||||||
|
|
||||||
location $BACKEND_ENDPOINT/ws {
|
location $BACKEND_ENDPOINT/ws {
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
@@ -234,7 +256,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/auth/login {
|
location $BACKEND_ENDPOINT/auth/login {
|
||||||
limit_req zone=login burst=3 nodelay;
|
limit_req zone=login burst=3 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -244,7 +266,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/messages/upload {
|
location $BACKEND_ENDPOINT/messages/upload {
|
||||||
limit_req zone=upload burst=3 nodelay;
|
limit_req zone=upload burst=3 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -254,7 +276,7 @@ http {
|
|||||||
location $BACKEND_ENDPOINT/ {
|
location $BACKEND_ENDPOINT/ {
|
||||||
limit_req zone=api burst=20 nodelay;
|
limit_req zone=api burst=20 nodelay;
|
||||||
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
rewrite ^$BACKEND_ENDPOINT/(.*)$ /$1 break;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/;
|
proxy_pass $upstream_backend;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -266,7 +288,8 @@ http {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /radio/ {
|
location /radio/ {
|
||||||
proxy_pass http://$ICECAST_HOST:$ICECAST_PORT/;
|
rewrite ^/radio/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_icecast;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -278,7 +301,8 @@ http {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /gitea/ {
|
location /gitea/ {
|
||||||
proxy_pass http://$GITEA_HOST:$GITEA_PORT/;
|
rewrite ^/gitea/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_gitea;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -292,7 +316,8 @@ http {
|
|||||||
location /hasura/ {
|
location /hasura/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$HASURA_HOST:$HASURA_PORT/;
|
rewrite ^/hasura/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_hasura;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -309,7 +334,8 @@ http {
|
|||||||
location /notes/ {
|
location /notes/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$QUARTZ_HOST:$QUARTZ_PORT/;
|
rewrite ^/notes/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_quartz;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
@@ -322,7 +348,8 @@ http {
|
|||||||
|
|
||||||
location = /internal/auth/admin-validate {
|
location = /internal/auth/admin-validate {
|
||||||
internal;
|
internal;
|
||||||
proxy_pass http://$BACKEND_HOST:$BACKEND_PORT/auth/validate-admin;
|
rewrite ^ /auth/validate-admin break;
|
||||||
|
proxy_pass $upstream_backend;
|
||||||
proxy_pass_request_body off;
|
proxy_pass_request_body off;
|
||||||
proxy_set_header Content-Length "";
|
proxy_set_header Content-Length "";
|
||||||
proxy_set_header Cookie $http_cookie;
|
proxy_set_header Cookie $http_cookie;
|
||||||
@@ -339,7 +366,8 @@ http {
|
|||||||
location /searxng/ {
|
location /searxng/ {
|
||||||
auth_request /internal/auth/admin-validate;
|
auth_request /internal/auth/admin-validate;
|
||||||
error_page 401 403 = @auth_denied;
|
error_page 401 403 = @auth_denied;
|
||||||
proxy_pass http://$SEARXNG_HOST:$SEARXNG_PORT/;
|
rewrite ^/searxng/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream_searxng;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|||||||
Reference in New Issue
Block a user