API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 27th, 2018
39
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 9.23 KB | None | 0 0
raw download clone embed print report
  1. vagrant@bm:/etc/nginx/sites-enabled$ cat bm-client-access-without-password
  2. # Blue Mind client access proxy
  3. server {
  4.   listen   80 default_server;
  5.   include /etc/nginx/bm-servername.conf;
  6.   include /etc/nginx/bm-externalurl.conf;
  7.  
  8.   location / {
  9.     return 301 https://$bmexternalurl/$request_uri;
  10.   }
  11.  
  12.   location /nginx_status {
  13.     stub_status on;
  14.     access_log off;
  15.     allow 127.0.0.1;
  16.     deny all;
  17.   }
  18. }
  19.  
  20. upstream hps {
  21.   ip_hash;
  22.   server 127.0.0.1:8079;
  23. }
  24.  
  25. upstream dav {
  26.   ip_hash;
  27.   server 127.0.0.1:8080;
  28. }
  29.  
  30. upstream webserver {
  31.   ip_hash;
  32.   server 127.0.0.1:8080;
  33. }
  34.  
  35. upstream core {
  36.   ip_hash;
  37.   server 127.0.0.1:8090;
  38. }
  39.  
  40. server {
  41.   listen   443;
  42.   include /etc/nginx/bm-servername.conf;
  43.   include /etc/nginx/bm-externalurl.conf;
  44.  
  45.   ssl  on;
  46.   ssl_certificate  /etc/ssl/certs/bm_cert.pem;
  47.   ssl_certificate_key  /etc/ssl/certs/bm_cert.pem;
  48.  
  49.   ssl_session_timeout  5m;
  50.   # use bettercrypto.org recommanded settings
  51.   ssl_prefer_server_ciphers on;
  52.   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  53.   ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
  54.   ssl_dhparam /etc/nginx/bm_dhparam.pem;
  55.  
  56.   add_header Strict-Transport-Security max-age=15768000; # six months
  57.   add_header X-Frame-Options SAMEORIGIN;
  58.   error_page 401 /errors-pages/401.html;
  59.   error_page 404 /errors-pages/404.html;
  60.   error_page 500 /errors-pages/500.html;
  61.   error_page 502 /errors-pages/502.html;
  62.   error_page 503 /errors-pages/maintenance.html;
  63.   error_page 504 /errors-pages/504.html;
  64.  
  65.   location / {
  66.     if ($request_uri ~ ^/errors-pages) {
  67.       break;
  68.     }
  69.  
  70.     proxy_intercept_errors on;
  71.     proxy_pass http://hps/;
  72.   }
  73.  
  74.   location /errors-pages {
  75.     alias /usr/share/bm-client-access/errors-pages;
  76.   }
  77.  
  78.   location /templates/ {
  79.     proxy_pass http://hps/templates/;
  80.     proxy_intercept_errors on;
  81.   }
  82.  
  83.   location /webmail/images/ {
  84.     gzip             on;
  85.     gzip_min_length  1000;
  86.     gzip_proxied     any;
  87.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  88.     gzip_disable     "MSIE [1-6]\.";
  89.     gzip_comp_level 9;
  90.     proxy_pass http://webserver/webmail/images/;
  91.     proxy_intercept_errors on;
  92.   }
  93.  
  94.   location /webmail/plugins/bm_webmail/ {
  95.     gzip             on;
  96.     gzip_min_length  1000;
  97.     gzip_proxied     any;
  98.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  99.     gzip_disable     "MSIE [1-6]\.";
  100.     gzip_comp_level 9;
  101.     proxy_pass http://webserver/webmail/;
  102.     proxy_intercept_errors on;
  103.   }
  104.  
  105.   location /webmail/ {
  106.     include /etc/bm-webmail/nginx-webmail.conf;
  107.     proxy_pass http://hps/webmail/;
  108.     proxy_intercept_errors on;
  109.   }
  110.  
  111.   location /adminconsole/ {
  112.     gzip             on;
  113.     gzip_min_length  1000;
  114.     gzip_proxied     any;
  115.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  116.     gzip_disable     "MSIE [1-6]\.";
  117.     gzip_comp_level 9;
  118.  
  119.     proxy_pass http://hps/adminconsole/;
  120.     client_max_body_size 10m;  
  121.     proxy_intercept_errors on;
  122.   }
  123.  
  124.   location /setup {
  125.     proxy_pass http://127.0.0.1:8080/setup;
  126.   }
  127.  
  128.   location /bm-push {
  129.     proxy_pass http://127.0.0.1:8080/bm-push;
  130.   }
  131.  
  132.   location /input/ {
  133.     proxy_pass http://127.0.0.1:8080/input/;
  134.   }
  135.  
  136.   location /eventbus {
  137.     proxy_pass http://127.0.0.1:8090/eventbus;
  138.     proxy_http_version 1.1;
  139.     proxy_set_header Upgrade $http_upgrade;
  140.     proxy_set_header Connection "upgrade";    
  141.   }
  142.  
  143.   location /grafana {
  144.     auth_basic            "Blue Mind Setup";
  145.     auth_basic_user_file  /etc/nginx/sw.htpasswd;
  146.     root /usr/share;
  147.     proxy_intercept_errors on;
  148.   }
  149.  
  150.   location /db {
  151.     auth_basic            "Blue Mind Setup";
  152.     auth_basic_user_file  /etc/nginx/sw.htpasswd;
  153.     proxy_pass http://127.0.0.1:9086/db;
  154.     proxy_intercept_errors on;
  155.   }
  156.  
  157.   location /Autodiscover {
  158.     proxy_pass http://webserver/autodiscover;
  159.   }
  160.  
  161.   location /autodiscover {
  162.     proxy_pass http://webserver/autodiscover;
  163.   }
  164.  
  165.   location /Microsoft-Server-ActiveSync {
  166.     include /etc/bm-eas/bm-eas-nginx.conf;
  167.     proxy_pass http://127.0.0.1:8082/Microsoft-Server-ActiveSync;
  168.     proxy_read_timeout 1200s;
  169.     proxy_pass_header Server;
  170.     proxy_http_version 1.1;
  171.     proxy_set_header        X-Real-IP       $remote_addr;
  172.     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  173.   }
  174.  
  175.   location /.well-known/caldav {
  176.     proxy_pass http://dav/.well-known/caldav;
  177.   }
  178.  
  179.   location /.well-known/carddav {
  180.     proxy_pass http://dav/.well-known/carddav;
  181.   }
  182.  
  183.   location /dav {
  184.     proxy_pass http://dav/dav;
  185.     proxy_http_version 1.1;
  186.     client_max_body_size 10m;
  187.     proxy_set_header        X-Real-IP       $remote_addr;
  188.     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  189.   }
  190.  
  191.   location /cal/ {
  192.     gzip             on;
  193.     gzip_min_length  1000;
  194.     gzip_proxied     any;
  195.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  196.     gzip_disable     "MSIE [1-6]\.";
  197.     gzip_comp_level 9;
  198.  
  199.     if ($request_method = PROPFIND) {
  200.        return 400;
  201.     }
  202.  
  203.     proxy_pass http://hps/cal/;
  204.     client_max_body_size 10m;  
  205.     proxy_intercept_errors on;
  206.   }
  207.  
  208.   location /contact/ {
  209.     gzip             on;
  210.     gzip_min_length  1000;
  211.     gzip_proxied     any;
  212.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  213.     gzip_disable     "MSIE [1-6]\.";
  214.     gzip_comp_level 9;
  215.  
  216.     proxy_pass http://hps/contact/;
  217.     client_max_body_size 10m;  
  218.     proxy_intercept_errors on;
  219.   }
  220.  
  221.   location /settings/ {
  222.     gzip             on;
  223.     gzip_min_length  1000;
  224.     gzip_proxied     any;
  225.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  226.     gzip_disable     "MSIE [1-6]\.";
  227.     gzip_comp_level 9;
  228.    
  229.     proxy_pass http://hps/settings/;
  230.     proxy_intercept_errors on;
  231.   }
  232.  
  233.   location /im/ {
  234.     gzip             on;
  235.     gzip_min_length  1000;
  236.     gzip_proxied     any;
  237.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  238.     gzip_disable     "MSIE [1-6]\.";
  239.     gzip_comp_level 9;
  240.  
  241.     proxy_pass http://hps/im/;
  242.     proxy_intercept_errors on;
  243.   }
  244.  
  245.   location /task/ {
  246.     gzip             on;
  247.     gzip_min_length  1000;
  248.     gzip_proxied     any;
  249.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  250.     gzip_disable     "MSIE [1-6]\.";
  251.     gzip_comp_level 9;
  252.  
  253.     proxy_pass http://hps/task/;
  254.     proxy_intercept_errors on;
  255.   }
  256.  
  257.  
  258.   location /chooser/ {
  259.     gzip             on;
  260.     gzip_min_length  1000;
  261.     gzip_proxied     any;
  262.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  263.     gzip_disable     "MSIE [1-6]\.";
  264.     gzip_comp_level 9;
  265.  
  266.     proxy_pass http://hps/chooser/;
  267.     proxy_intercept_errors on;
  268.   }
  269.  
  270.   # core json-rpc
  271.   location /api/ {
  272.     gzip             on;
  273.     gzip_min_length  1000;
  274.     gzip_proxied     any;
  275.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  276.     gzip_disable     "MSIE [1-6]\.";
  277.     gzip_comp_level 9;
  278.  
  279.     proxy_pass http://core$request_uri;
  280.     proxy_http_version 1.1;
  281.     proxy_set_header        X-Real-IP       $remote_addr;
  282.     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  283.     client_max_body_size 10m;
  284.     proxy_buffering off;
  285.   }
  286.  
  287.   location /api/filehosting/ {
  288.     include /etc/bm-webmail/bm-filehosting.conf;
  289.     proxy_pass http://core$request_uri;
  290.     proxy_set_header        X-Real-IP       $remote_addr;
  291.     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  292.     proxy_http_version 1.1;
  293.     proxy_buffering off;
  294.   }
  295.  
  296.   location /api/attachment/ {
  297.     include /etc/bm-webmail/bm-filehosting.conf;
  298.     proxy_pass http://core$request_uri;
  299.     proxy_set_header        X-Real-IP       $remote_addr;
  300.     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  301.     proxy_http_version 1.1;
  302.     proxy_buffering off;
  303.   }
  304.  
  305.   location /fh/ {
  306.     proxy_pass http://127.0.0.1:8080/fh/;
  307.     proxy_http_version 1.1;
  308.     proxy_buffering off;
  309.   }
  310.  
  311.   location /docs/ {
  312.     gzip             on;
  313.     gzip_min_length  1000;
  314.     gzip_proxied     any;
  315.     gzip_types       text/plain application/xml text/css text/javascript text/json application/json;
  316.     gzip_disable     "MSIE [1-6]\.";
  317.     gzip_comp_level 9;
  318.  
  319.     proxy_pass http://hps/docs/;
  320.     client_max_body_size 10m;  
  321.     proxy_intercept_errors on;
  322.   }
  323.  
  324.   location ~ ^/calendar/publish/ {
  325.     proxy_pass http://webserver/cal$request_uri;                                                                                                                                                                                        
  326.     proxy_http_version 1.1;
  327.   }
  328.  
  329.   location /native {
  330.     return 301 /login/native;
  331.   }
  332.  
  333.   # Must be the last directive
  334.   include /etc/nginx/bm-local.d/*.conf;
  335. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!