4.6 KiB
4.6 KiB
| tags | date | linked | |
|---|---|---|---|
|
2023-09-04 |
Этот сервер позволяет
noteshare-migrate:
image: upagge/noteshare-migrations:latest
networks:
note-share:
volumes:
- ./noteshare/database:/database/
environment:
- DATABASE_URL=file:/database/db.sqlite
# Backend server for managing saved notes
noteshare-backend:
image: upagge/noteshare-backend:latest
restart: always
hostname: noteshare-backend
container_name: noteshare-backend
networks:
note-share:
volumes:
- ./noteshare/database:/database/
environment:
- DATABASE_URL=file:/database/db.sqlite
- FRONTEND_URL=https://notes.struchkov.dev
- CLEANUP_INTERVAL_SECONDS=600
- NODE_ENV=production
# Rate limit for uploading notes
- POST_LIMIT_WINDOW_SECONDS=86400
- POST_LIMIT=50
# Rate limit for downloading notes
- GET_LIMIT_WINDOW_SECONDS=60
- GET_LIMIT=20
depends_on:
- noteshare-migrate
noteshare-frontend:
image: upagge/noteshare-frontend:latest
restart: always
hostname: noteshare-frontend
container_name: noteshare-frontend
networks:
note-share:
environment:
- NODE_ENV=production
depends_on:
- noteshare-backend
server {
listen 80;
listen [::]:80;
server_name notes.struchkov.dev;
location ~ /.well-known/acme-challenge {
allow all;
root /temp;
}
location / {
return 301 https://notes.struchkov.dev$request_uri;
}
}
#server {
# server_name www.struchkov.dev;
# return 301 $scheme://struchkov.dev$request_uri;
#}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name notes.struchkov.dev;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Referrer-Policy "no-referrer";
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "sameorigin";
add_header X-Xss-Protection "1; mode=block";
proxy_hide_header X-Powered-By;
ssl_certificate /etc/letsencrypt/live/struchkov.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/struchkov.dev/privkey.pem;
ssl_buffer_size 4k;
ssl_dhparam /etc/nginx/ssl/dhparam-notes.pem;
ssl_protocols SSLv3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_ecdh_curve secp384r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 24h;
ssl_session_tickets off;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_cache nginxcash;
proxy_cache_valid 1d;
proxy_cache_valid 404 1h;
proxy_cache_revalidate on;
proxy_buffering on;
proxy_cache_background_update on;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_cache_min_uses 2;
client_body_buffer_size 128k;
proxy_pass http://noteshare-frontend:3000;
}
location = /api/note {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_cache nginxcash;
proxy_cache_valid 1d;
proxy_cache_valid 404 1h;
proxy_cache_revalidate on;
proxy_buffering on;
proxy_cache_background_update on;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_cache_min_uses 2;
client_body_buffer_size 128k;
limit_except GET POST DELETE {
deny all;
}
proxy_pass http://noteshare-backend:8080/api/note;
}
}