user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80;
server_name erp.vitox.local;
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
server_name mail.vuthanhdatt.tech;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mail.vuthanhdatt.tech/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mail.vuthanhdatt.tech/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name auth.vuthanhdatt.tech;
location /oauth2/ {
proxy_pass http://localhost:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri;
}
location /oauth2/auth {
proxy_pass http://localhost:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
}
location / {
try_files $uri $uri/ =404;
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in?rd=https://$host$request_uri;
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/auth.vuthanhdatt.tech/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/auth.vuthanhdatt.tech/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name chat.vuthanhdatt.tech;
location / {
proxy_pass http://localhost:8065;
proxy_set_header Host $host;
#proxy_redirect off;
#proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Auth-Request-Redirect $request_uri;
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in?rd=https://$host$request_uri;
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header X-User $user;
proxy_set_header X-Email $email;
auth_request_set $token $upstream_http_x_auth_request_access_token;
proxy_set_header X-Access-Token $token;
}
location /oauth2/ {
proxy_pass http://localhost:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/chat.vuthanhdatt.tech/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/chat.vuthanhdatt.tech/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name wiki.vuthanhdatt.tech;
location / {
proxy_pass http://localhost:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/wiki.vuthanhdatt.tech/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wiki.vuthanhdatt.tech/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name mb.vuthanhdatt.tech;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mb.vuthanhdatt.tech/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mb.vuthanhdatt.tech/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mb.vuthanhdatt.tech) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mb.vuthanhdatt.tech;
return 404; # managed by Certbot
}
server {
if ($host = wiki.vuthanhdatt.tech) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name wiki.vuthanhdatt.tech;
return 404; # managed by Certbot
}
server {
if ($host = chat.vuthanhdatt.tech) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name chat.vuthanhdatt.tech;
return 404; # managed by Certbot
}
server {
if ($host = auth.vuthanhdatt.tech) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name auth.vuthanhdatt.tech;
return 404; # managed by Certbot
}
server {
if ($host = mail.vuthanhdatt.tech) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mail.vuthanhdatt.tech;
return 404; # managed by Certbot
}}
/etc/nginx/nginx.conf config location
nginx -t to validate nginx config
certbot --nginx add https