root/srvrevproxy02_nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backup before adding SMTP stream proxy configuration

Browse Source
This commit is contained in:
root
2026-01-23 11:02:06 +01:00
parent 62d24a96af
commit ef16045880
44 changed files with 2516 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
sites-available/portal.conf.backup Normal file
View File

@@ -0,0 +1,87 @@
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
server {
listen 80;
server_name portal.egonetix.de;
# Redirect all HTTP traffic to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 10.0.0.29:443 ssl http2;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://api-inference.huggingface.co https://api.openai.com; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data:;" always;
# Remove or update unsupported origin trial features.
# For example, comment out or remove these if not using them:
# add_header Permissions-Policy "private-state-token-issuance=(), join-ad-interest-group=(), browsing-topics=()";
# Content Security Policy to allow scripts, inline event handlers, styles, and fonts from trusted sources.
ssl on;
ssl_certificate /etc/letsencrypt/live/portal.egonetix.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portal.egonetix.de/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name portal.egonetix.de;
access_log /var/log/nginx/portal-access_log;
error_log /var/log/nginx/portal-error_log;
root /var/www/html;
index index.html index.php; # Added index.php as potential index file
# PHP Processing Configuration - Updated for PHP 8.1
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# Use PHP 8.1 socket (most common path on Ubuntu 22.04)
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
# Alternative options if the above doesn't work:
#fastcgi_pass unix:/run/php/php8.1-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
# Increase timeout and buffer size for troubleshooting
fastcgi_connect_timeout 300;
fastcgi_read_timeout 300;
fastcgi_send_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 16 16k;
# Set the correct document root
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
# Reverse proxy for KidsAI Explorer API calls
location /api/ {
proxy_pass http://127.0.0.1:3002/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Add CORS headers for API requests
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With" always;
add_header Access-Control-Allow-Credentials true always;
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE";
add_header Access-Control-Allow-Headers "Accept, Authorization, Cache-Control, Content-Type, DNT, If-Modified-Since, Keep-Alive, Origin, User-Agent, X-Requested-With";
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Max-Age 1728000;
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
}
}
}