configurations/ipfs/etc/nginx/sites-available/ipfs-gateway.conf

131 lines
3.3 KiB
Text

upstream gateway {
server 127.0.0.1:8081;
}
server {
server_name ipfs.unitoo.it ipns.unitoo.it; # managed by Certbot
listen 443 default_server ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
proxy_pass_header Server;
proxy_read_timeout 1800s;
error_page 403 /403.html;
location /403.html {
root /var/www/html;
allow all;
}
location /403.png {
root /var/www/html;
allow all;
}
location /400.html {
root /var/www/html;
allow all;
}
location /ipns {
proxy_pass http://gateway;
proxy_set_header Host unitoo.it;
proxy_cache_bypass $http_upgrade;
proxy_intercept_errors on;
allow all;
error_page 400 /400.html;
}
location /ipfs {
proxy_pass http://gateway;
proxy_set_header Host unitoo.it;
proxy_cache_bypass $http_upgrade;
proxy_intercept_errors on;
allow all;
error_page 400 /400.html;
}
location / {
proxy_pass http://localhost:5001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
deny all; # <- Deny other traffic
}
ssl_certificate /etc/letsencrypt/live/ipfs.unitoo.it/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ipfs.unitoo.it/privkey.pem; # managed by Certbot
include snippets/denylist.conf;
}
server {
server_name *.ipfs.unitoo.it *.ipns.unitoo.it;
listen 443 ssl;
proxy_read_timeout 1800s;
error_page 403 /403.html;
location /403.html {
root /var/www/html;
allow all;
}
location /403.png {
root /var/www/html;
allow all;
}
location /400.html {
root /var/www/html;
allow all;
}
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
include snippets/denylist.conf;
location / {
proxy_set_header Host $host;
proxy_set_header X-Ipfs-Gateway-Prefix "";
proxy_pass http://gateway;
}
}
server {
server_name ipfs.unitoo.it ipns.unitoo.it;
listen 80;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always;
add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always;
proxy_pass_header Server;
proxy_read_timeout 1800s;
include snippets/denylist.conf;
location ~ "^/(ipfs|ipns|api)(/|$)" {
proxy_set_header Host unitoo.it;
proxy_set_header X-Ipfs-Gateway-Prefix "";
proxy_pass http://gateway;
}
return 404;
}