atomaka/home-applications
1
0
Fork 0
Code Releases Activity
home-applications/nginx.template.conf
Andrew Tomaka 64a40527df
Migrate to using host network 
In order to use upnp and other discovery services, home assistant needs
to live on our real network and not inside a Docker network. This is
trivial, but triggered an issue with our nginx proxy, which does not
support proxying to containers on the host network.  This is resolved by
adding ANOTHER proxy to transition from the docker "proxy" network to
the host network (simply by pointing at the machines IP address).

HTTP Request
    |
Dynamic Nginx proxy
    |
Static Nginx proxy
    |
Home assistant application
2018-02-28 20:04:31 -05:00

109 lines
3.8 KiB
Text
Raw Blame History

#
# A very simple example configuration showing how to launch Nginx as a non-root
# user without sudo access.
#
# Adjust the paths and other settings for your specific circumstances. They are
# currently configured for transient usage - you'd want to pick more permanent
# locations in the filesystem if intending this to run for a while.
#
# Note that as Nginx is not launched as root, it cannot bind to privileged
# ports lower than 1024.
#
# Usage: nginx -c /path/to/this/nginx.conf
#
daemon off;
# This error log will be written regardless of server scope error_log
# definitions, so we have to set this here in the main scope.
#
# Even doing this, Nginx will still try to create the default error file, and
# log a non-fatal error when it fails. After that things will work, however.
error_log /dev/stdout {{ NGINX_ERROR_LOGLEVEL }};
# The pidfile will be written to /var/run unless this is set.
pid /tmp/nginx.pid;
# user nobody nogroup;
worker_processes {{ NGINX_WORKER_PROCESSES }};
events {
worker_connections {{ NGINX_WORKER_CONNECTIONS }};
multi_accept {{ NGINX_MULTI_ACCEPT }};
}
http {
log_format timed_combined '[$time_local] "$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $request_time $upstream_response_time $remote_addr "$http_x_forwarded_for"';
{% if NGINX_ACCESS_LOG_TO_STDOUT == "true" %}
access_log /dev/stdout timed_combined;
{% else %}
access_log off;
{% endif %}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream main_upstream {
server {{ NGINX_UPSTREAM_SERVER }};
{% if NGINX_UPSTREAM_KEEPALIVE|int > 0 %}
keepalive {{ NGINX_UPSTREAM_KEEPALIVE }};
{% endif %}
}
server {
listen {{ NGINX_SERVER_PORT }};
{% if NGINX_HOSTNAME %}
server_name {{ NGINX_EXTRA_SERVER_NAMES }} {{ NGINX_HOSTNAME }};
{% endif %}
client_max_body_size {{ NGINX_CLIENT_MAX_BODY_SIZE }};
client_body_timeout {{ NGINX_CLIENT_BODY_TIMEOUT }};
fastcgi_read_timeout {{ NGINX_FASTCGI_READ_TIMEOUT }};
proxy_read_timeout {{ NGINX_PROXY_READ_TIMEOUT }};
location = {{ NGINX_HEALTHCHECK_PATH }} {
return 200;
}
location ~ / {
gzip_types {{ NGINX_GZIP_TYPES }};
proxy_pass http://main_upstream;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# https://blog.percy.io/tuning-nginx-behind-google-cloud-platform-http-s-load-balancer-305982ddb340
keepalive_timeout {{ NGINX_KEEPALIVE_TIMEOUT }};
keepalive_requests {{ NGINX_KEEPALIVE_REQUESTS }};
{% if NGINX_CORS_DOMAINS %}
if ($request_method ~* "(GET|POST|PUT|DELETE)") {
add_header "Access-Control-Allow-Origin" {{ NGINX_CORS_DOMAINS }};
}
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" {{ NGINX_CORS_DOMAINS }};
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, DELETE";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
{% endif %}
}
}
{% if NGINX_HOST_REWRITE_ENABLED %}
server {
listen {{ NGINX_SERVER_PORT }};
server_name {{ NGINX_HOST_REWRITE_SERVER_NAMES }};
return 301 $scheme://{{ NGINX_HOSTNAME }}$request_uri;
}
{% endif %}
}
View git blame Copy permalink