Open-RSC-Docker-Home/etc/nginx/HTTPS_default.conf.BAK

upstream tomcat {
    server tomcat:8080;
}

upstream ghost {
    server ghost:2368;
}

# HTTP
server {
    listen 8080                             default_server;
    listen [::]:8080                        default_server ipv6only=on;
    server_name                             ${NGINX_HOST};

    error_log                               /opt/bitnami/nginx/logs/error.log;
    access_log                              /opt/bitnami/nginx/logs/access.log;

    rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS

}

# HTTPS
server {
    listen      443           ssl http2;
    listen [::]:443           ssl http2;
    server_name               ${NGINX_HOST};

    error_log                 /opt/bitnami/nginx/logs/error.log;
    access_log                /opt/bitnami/nginx/logs/access.log;

    add_header                Strict-Transport-Security "max-age=31536000" always;
    ssl_session_cache         shared:SSL:20m;
    ssl_session_timeout       10m;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
    ssl_stapling              on;
    ssl_stapling_verify       on;
    resolver                  8.8.8.8 1.1.1.1;
    ssl_certificate           /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
    ssl_certificate_key       /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
    ssl_trusted_certificate   /etc/letsencrypt/live/${NGINX_HOST}/chain.pem;

    root /app;
    index index.jsp index.html index.htm index.php;

    client_max_body_size                    100M;

    location / {
        try_files $uri $uri/ =404;
    }

    ####### Proxies #######
    # PHP proxy
    location ~ \.php$ {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass                          http://php;
    }

    # Ghost proxy
    location /blog {
        proxy_pass http://ghost;
        proxy_set_header  Host              $http_host;   # required for docker client's sake
        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_read_timeout                  900;
    }

    # Tomcat proxy
    location ~ \.jsp$ {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass                          http://tomcat;
    }

    # Certbot for HTTPS cert renewal
    location ~ ^/.well-known {
        root /data/letsencrypt/;
    }

}