load_module modules/ngx_http_js_module.so; load_module modules/ngx_http_zip_module.so; worker_processes auto; pid /tmp/nginx.pid; events { worker_connections 768; multi_accept on; } http { client_body_temp_path /tmp/client_body 1 2; fastcgi_temp_path /tmp/fastcgi 1 2; proxy_temp_path /tmp/proxy; uwsgi_temp_path /tmp/uwsgi; scgi_temp_path /tmp/scgi; sendfile on; client_body_buffer_size 128k; client_max_body_size 0; client_header_buffer_size 1k; large_client_header_buffers 4 16k; send_timeout 600s; keepalive_timeout 600s; client_body_timeout 600s; tcp_nopush on; tcp_nodelay on; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; js_import /etc/nginx/js/decode.js; map $time_iso8601 $date { ~([^+]+)T $1; } map $time_iso8601 $time { ~T([0-9:]+)\+ $1; } #INFO: [nginx][2023-11-14 09:20:29] 127.0.0.1 - -"GET / HTTP/1.1" 500 177 "-" "Mozilla/5.0 (X11; Linux x86_64)"rt=0.000 uct="-" uht="-" urt="-" log_format romm_log 'INFO: [nginx][$date $time] $remote_addr - $remote_user ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' 'rt=$request_time uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time"'; access_log /dev/stdout romm_log; error_log /dev/stderr; gzip on; gzip_proxied any; gzip_vary on; gzip_comp_level 6; gzip_buffers 16 8k; gzip_min_length 1024; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; # include /etc/nginx/conf.d/*.conf; # include /etc/nginx/sites-enabled/*; upstream wsgi_server { server unix:/tmp/gunicorn.sock; } server { root /var/www/html; listen 8080; server_name localhost; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; location / { try_files $uri $uri/ /index.html; proxy_redirect off; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods *; add_header Access-Control-Allow-Headers *; } # Static files location /assets { try_files $uri $uri/ =404; } # OpenAPI for swagger and redoc location /openapi.json { proxy_pass http://wsgi_server; } # Backend api calls location /api { proxy_pass http://wsgi_server; proxy_request_buffering off; proxy_buffering off; } location /ws { proxy_pass http://wsgi_server; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # Internally redirect download requests location /library { internal; alias /romm/library; } # This location, and the related server at port 8081, are used to serve files when # using the `mod_zip` module. This is because the `mod_zip` module does not support # calculating CRC-32 values when using subrequests pointing directly to internal # locations that access the filesystem. # TODO: If that gets fixed, this workaround can be removed, and the `/library` location # can be used directly (also removing the server at port 8081). # Related issue: https://github.com/evanmiller/mod_zip/issues/90 location /library-zip { internal; rewrite ^/library-zip/(.*)$ /library/$1 break; proxy_pass http://localhost:8081; # Proxy buffering must be disabled, for the module to correctly calculate CRC-32 values. proxy_buffering off; } # Internal decoding endpoint, used to decode base64 encoded data location /decode { internal; js_content decode.decodeBase64; } } server { listen 8081; server_name localhost; location /library { alias /romm/library; } } }