mirror of https://github.com/zulip/zulip.git
157 lines
4.2 KiB
Plaintext
157 lines
4.2 KiB
Plaintext
upstream staging {
|
|
server staging0.zulipchat.net:443;
|
|
|
|
keepalive 10000;
|
|
}
|
|
|
|
upstream prod {
|
|
server prod0.zulipchat.net:443;
|
|
|
|
keepalive 10000;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
include /etc/nginx/zulip-include/certbot;
|
|
}
|
|
|
|
server {
|
|
listen www.zulipstaging.com:443 http2;
|
|
server_name www.zulipstaging.com;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;
|
|
|
|
location / {
|
|
return 301 https://zulipstaging.com$request_uri;
|
|
}
|
|
|
|
include /etc/nginx/zulip-include/certbot;
|
|
}
|
|
|
|
server {
|
|
# The listen needs to be `www.zulipstaging.com` since bare zulipstaging.com
|
|
# is not a CNAME and thus has the public IP inside EC2
|
|
listen www.zulipstaging.com:443 http2;
|
|
server_name zulipstaging.com *.zulipstaging.com;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;
|
|
|
|
location / {
|
|
proxy_pass https://staging/;
|
|
include /etc/nginx/zulip-include/proxy;
|
|
}
|
|
|
|
# We don't need /api/v1/events/internal, because that doesn't go through the loadbalancer.
|
|
location /json/events {
|
|
proxy_pass https://staging;
|
|
include /etc/nginx/zulip-include/proxy_longpolling;
|
|
}
|
|
|
|
location /api/v1/events {
|
|
proxy_pass https://staging;
|
|
include /etc/nginx/zulip-include/proxy_longpolling;
|
|
}
|
|
|
|
include /etc/nginx/zulip-include/certbot;
|
|
}
|
|
|
|
server {
|
|
# The listen needs to be `www.zulipchat.com` since bare zulipchat.com
|
|
# is not a CNAME and thus has the public IP inside EC2
|
|
listen www.zulipchat.com:443 http2;
|
|
server_name www.zulipchat.com zulipchat.com www.zulip.com;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;
|
|
|
|
location / {
|
|
return 301 https://zulip.com$request_uri;
|
|
}
|
|
|
|
location /static {
|
|
# The app loads static files from https://zulipchat.com/static,
|
|
# so skip the redirect for those.
|
|
proxy_pass https://prod;
|
|
include /etc/nginx/zulip-include/proxy;
|
|
}
|
|
|
|
include /etc/nginx/zulip-include/certbot;
|
|
}
|
|
|
|
server {
|
|
# The listen needs to be `www.zulipchat.com` since bare zulipchat.com
|
|
# is not a CNAME and thus has the public IP inside EC2
|
|
listen www.zulipchat.com:443 default_server http2;
|
|
server_name *.zulipchat.com zulip.com *.zulip.com;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;
|
|
|
|
location / {
|
|
proxy_pass https://prod;
|
|
include /etc/nginx/zulip-include/proxy;
|
|
}
|
|
|
|
location /json/events {
|
|
proxy_pass https://prod;
|
|
include /etc/nginx/zulip-include/proxy_longpolling;
|
|
}
|
|
|
|
location /api/v1/events {
|
|
proxy_pass https://prod;
|
|
include /etc/nginx/zulip-include/proxy_longpolling;
|
|
}
|
|
|
|
include /etc/nginx/zulip-include/certbot;
|
|
}
|
|
|
|
server {
|
|
listen chat.fhir.org:443 http2;
|
|
server_name chat.fhir.org;
|
|
ssl_certificate /etc/letsencrypt/live/chat.fhir.org/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/chat.fhir.org/privkey.pem;
|
|
|
|
location / {
|
|
proxy_pass https://prod;
|
|
include /etc/nginx/zulip-include/proxy;
|
|
}
|
|
|
|
location /json/events {
|
|
proxy_pass https://prod;
|
|
include /etc/nginx/zulip-include/proxy_longpolling;
|
|
}
|
|
|
|
location /api/v1/events {
|
|
proxy_pass https://prod;
|
|
include /etc/nginx/zulip-include/proxy_longpolling;
|
|
}
|
|
|
|
include /etc/nginx/zulip-include/certbot;
|
|
}
|
|
|
|
server {
|
|
listen uploads.zulipusercontent.net:443 http2;
|
|
server_name uploads.zulipusercontent.net;
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/letsencrypt/live/uploads.zulipusercontent.net/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/uploads.zulipusercontent.net/privkey.pem;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:9292;
|
|
include /etc/nginx/zulip-include/proxy;
|
|
}
|
|
|
|
include /etc/nginx/zulip-include/certbot;
|
|
}
|