zulip/puppet/zulip_ops/files/nginx/sites-available/loadbalancer

157 lines
4.2 KiB
Plaintext

upstream staging {
server staging0.zulipchat.net:443;
keepalive 10000;
}
upstream prod {
server prod0.zulipchat.net:443;
keepalive 10000;
}
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
include /etc/nginx/zulip-include/certbot;
}
server {
listen www.zulipstaging.com:443 http2;
server_name www.zulipstaging.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;
location / {
return 301 https://zulipstaging.com$request_uri;
}
include /etc/nginx/zulip-include/certbot;
}
server {
# The listen needs to be `www.zulipstaging.com` since bare zulipstaging.com
# is not a CNAME and thus has the public IP inside EC2
listen www.zulipstaging.com:443 http2;
server_name zulipstaging.com *.zulipstaging.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;
location / {
proxy_pass https://staging/;
include /etc/nginx/zulip-include/proxy;
}
# We don't need /api/v1/events/internal, because that doesn't go through the loadbalancer.
location /json/events {
proxy_pass https://staging;
include /etc/nginx/zulip-include/proxy_longpolling;
}
location /api/v1/events {
proxy_pass https://staging;
include /etc/nginx/zulip-include/proxy_longpolling;
}
include /etc/nginx/zulip-include/certbot;
}
server {
# The listen needs to be `www.zulipchat.com` since bare zulipchat.com
# is not a CNAME and thus has the public IP inside EC2
listen www.zulipchat.com:443 http2;
server_name www.zulipchat.com zulipchat.com www.zulip.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;
location / {
return 301 https://zulip.com$request_uri;
}
location /static {
# The app loads static files from https://zulipchat.com/static,
# so skip the redirect for those.
proxy_pass https://prod;
include /etc/nginx/zulip-include/proxy;
}
include /etc/nginx/zulip-include/certbot;
}
server {
# The listen needs to be `www.zulipchat.com` since bare zulipchat.com
# is not a CNAME and thus has the public IP inside EC2
listen www.zulipchat.com:443 default_server http2;
server_name *.zulipchat.com zulip.com *.zulip.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/zulipchat.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zulipchat.com/privkey.pem;
location / {
proxy_pass https://prod;
include /etc/nginx/zulip-include/proxy;
}
location /json/events {
proxy_pass https://prod;
include /etc/nginx/zulip-include/proxy_longpolling;
}
location /api/v1/events {
proxy_pass https://prod;
include /etc/nginx/zulip-include/proxy_longpolling;
}
include /etc/nginx/zulip-include/certbot;
}
server {
listen chat.fhir.org:443 http2;
server_name chat.fhir.org;
ssl_certificate /etc/letsencrypt/live/chat.fhir.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.fhir.org/privkey.pem;
location / {
proxy_pass https://prod;
include /etc/nginx/zulip-include/proxy;
}
location /json/events {
proxy_pass https://prod;
include /etc/nginx/zulip-include/proxy_longpolling;
}
location /api/v1/events {
proxy_pass https://prod;
include /etc/nginx/zulip-include/proxy_longpolling;
}
include /etc/nginx/zulip-include/certbot;
}
server {
listen uploads.zulipusercontent.net:443 http2;
server_name uploads.zulipusercontent.net;
ssl on;
ssl_certificate /etc/letsencrypt/live/uploads.zulipusercontent.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/uploads.zulipusercontent.net/privkey.pem;
location / {
proxy_pass http://127.0.0.1:9292;
include /etc/nginx/zulip-include/proxy;
}
include /etc/nginx/zulip-include/certbot;
}