GeoNetAgent, LDAPWeb, server-audit, server-connection
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

78 lines
2.9 KiB

# zammad.gisportal.id → Zammad (Docker)
# Deploy: /etc/nginx/conf.d/production/zammad.conf on 10.100.1.24
#
# NOTE: Adjust upstream port after docker compose up (default zammad-docker-compose exposes 8080)
upstream zammad_backend {
server 127.0.0.1:8093;
keepalive 8;
}
limit_req_zone $binary_remote_addr zone=zammad_general:10m rate=30r/s;
server {
listen 80;
server_name zammad.gisportal.id;
return 301 https://zammad.gisportal.id$request_uri;
}
server {
listen 443 ssl;
server_name zammad.gisportal.id;
include /etc/nginx/conf.d/ssl.conf;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
client_max_body_size 50m;
# CORS for FE PWA my.gisportal.id — /api/ only (adjust after token flow defined)
location /api/ {
if ($http_origin = "https://my.gisportal.id") {
add_header Access-Control-Allow-Origin "https://my.gisportal.id" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" always;
add_header Access-Control-Max-Age 3600 always;
}
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin "https://my.gisportal.id" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Requested-With" always;
add_header Access-Control-Max-Age 3600 always;
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
limit_req zone=zammad_general burst=50 nodelay;
proxy_pass http://zammad_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 120s;
}
location / {
limit_req zone=zammad_general burst=50 nodelay;
proxy_pass http://zammad_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 120s;
# WebSocket (Zammad live updates)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}