migrate to cloudflare and disable self managed https

burrito-project · Sep 15, 2024 · 44d6ae4 · 44d6ae4
1 parent ae31d9a
commit 44d6ae4
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 24 deletions.
diff --git a/docker/prod/nginx/nginx.conf b/docker/prod/nginx/nginx.conf
@@ -1,43 +1,21 @@
 server {
     listen 80;
     server_name ${DOMAIN_NAME};
-
-    location / {
-        return 301 https://$host$request_uri;
-    }
-}
-
-server {
-    listen 443 ssl;
-    server_name ${DOMAIN_NAME};
+    error_log /var/log/nginx/burrito.error.log;
     client_max_body_size 4G;
 
-    # error_log /var/log/nginx/burrito.error.log;
-
-    ssl_certificate     /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
-
-    ssl_session_timeout 5m;
-    ssl_session_tickets off;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_prefer_server_ciphers off;
-    ssl_ciphers 'HIGH:!aNULL:!MD5';
-    ssl_session_cache shared:le_nginx_SSL:10m;
-
     location / {
         proxy_pass http://burrito_server:6969;
         proxy_http_version 1.1;
         proxy_read_timeout 360s;
         proxy_buffering off;
         proxy_redirect off;
 
-        add_header Cache-Control "no-cache, must-revalidate";
-
         proxy_set_header Host $host;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Proto http;
     }
 }
diff --git a/docker/prod/nginx/nginx.ssl.conf b/docker/prod/nginx/nginx.ssl.conf
@@ -0,0 +1,41 @@
+server {
+    listen 80;
+    server_name ${DOMAIN_NAME};
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name ${DOMAIN_NAME};
+    client_max_body_size 4G;
+
+    # error_log /var/log/nginx/burrito.error.log;
+
+    ssl_certificate     /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+
+    ssl_session_timeout 5m;
+    ssl_session_tickets off;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers off;
+    ssl_ciphers 'HIGH:!aNULL:!MD5';
+    ssl_session_cache shared:le_nginx_SSL:10m;
+
+    location / {
+        proxy_pass http://burrito_server:6969;
+        proxy_http_version 1.1;
+        proxy_read_timeout 360s;
+        proxy_buffering off;
+        proxy_redirect off;
+
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}