ssl_certificate /etc/letsencrypt/live/domain.kz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.kz/privkey.pem; #socket.io connections (from OH) NEED ip_hash routing, all other connections will be cookie or round robin upstream socketapp { ip_hash; server 127.0.0.1:3000; server 172.20.1.38:3000; server 127.0.0.1:3001; server 172.20.1.38:3001; } #Connections that need to be proxied, need same entries as "socketapp" upstream proxyapp { server 127.0.0.1:3000; server 172.20.1.38:3000; server 127.0.0.1:3001; server 172.20.1.38:3001; } #all other connections to serve openHAB-Cloud requests (not proxied) upstream webapp { server 127.0.0.1:3002; server 172.20.1.38:3002; server 127.0.0.1:3003; server 172.20.1.38:3003; } #redirect http -> https server { listen 80 default_server; listen [::]:80 default_server; server_name domain.kz home.domain.kz; return 301 https://$server_name$request_uri; } #Full proxy for home.domain.kz server { listen 443 ssl; server_name home.domain.kz; charset utf-8; access_log /var/log/nginx/home.openhab.org-access.log; error_log /var/log/nginx/home.openhab.org-error.log; client_max_body_size 300m; root /var/www/html; location ~ /.well-known { allow all; } #proxy redirects include sites-available/redirects.conf; location / { set $upstream_server proxyapp; #if we have a cookie, try using this server #also, ifIsEvil https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ #for why we use this as little as possible if ($http_cookie ~ "CloudServer=(\S+)\%3A(\d+).*") { set $upstream_host $1; set $upstream_port $2; set $upstream_server "${upstream_host}:${upstream_port}"; } proxy_pass http://$upstream_server; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto https; proxy_intercept_errors on; recursive_error_pages on; error_page 307 = @handle_proxy; #if this server is down we need to try a new upstream error_page 500 501 502 503 504 = @proxy_down; } } # Main myopenhab.org requests server { listen 443 ssl; server_name domain.kz; charset utf-8; access_log /var/log/nginx/my.openhab.org-access.log; error_log /var/log/nginx/my.openhab.org-error.log; client_max_body_size 300m; root /var/www/html; location ~ /.well-known { allow all; } #local file locations location /css { alias /home/ubuntu/openhab-cloud/public/css; } location /js { alias /home/ubuntu/openhab-cloud/public/js; } location /img { alias /home/ubuntu/openhab-cloud/public/img; } location /bootstrap { alias /home/ubuntu/openhab-cloud/public/bootstrap; } location /font-icons { alias /home/ubuntu/openhab-cloud/public/font-icons; } location /fonts { alias /home/ubuntu/openhab-cloud/public/fonts; } location /js-plugin { alias /home/ubuntu/openhab-cloud/public/js-plugin; } location /staff/js-plugin { alias /home/ubuntu/openhab-cloud/public/js-plugin; } location /downloads { alias /home/ubuntu/openhab-cloud/public/downloads; } #OH Socket.io Connections (from OH) location /socket.io { proxy_pass http://socketapp; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto https; } #proxy redirects include sites-available/redirects.conf; #Proxied Connections (from clients) location ~ ^/(rest|images|static|rrdchart.png|chart|openhab.app|WebApp|CMD|cometVisu|proxy|greent|jquery|classicui|ui|basicui|paperui|doc|start|icon|habmin|remote|habpanel|ifttt/v1/actions/command){ set $upstream_server proxyapp; #if we have a cookie, try using this server #also, ifIsEvil https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ #for why we use this as little as possible if ($http_cookie ~ "CloudServer=(\S+)\%3A(\d+).*") { set $upstream_host $1; set $upstream_port $2; set $upstream_server "${upstream_host}:${upstream_port}"; } proxy_pass http://$upstream_server; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto https; proxy_intercept_errors on; recursive_error_pages on; error_page 307 = @handle_proxy; #if this server is down we need to try a new upstream error_page 500 501 502 503 504 = @proxy_down; } #All other non proxy connections location / { proxy_pass http://webapp; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ; proxy_set_header X-Forwarded-Proto https; } }