From e445e72059eb8d3f42663ececeffe52507b329e7 Mon Sep 17 00:00:00 2001
From: Administrator <admin@example.com>
Date: Mon, 5 Sep 2022 19:50:43 +0300
Subject: [PATCH] ssl

---
 nginx/nginx-prod/nginx-prod.conf | 117 ++++++++++++++++++++++++++++++-
 1 file changed, 116 insertions(+), 1 deletion(-)

diff --git a/nginx/nginx-prod/nginx-prod.conf b/nginx/nginx-prod/nginx-prod.conf
index 6362c89..1a3cc0e 100644
--- a/nginx/nginx-prod/nginx-prod.conf
+++ b/nginx/nginx-prod/nginx-prod.conf
@@ -12,6 +12,25 @@ http {
         }
     }
 
+    server {
+        listen      443 ssl http2;
+        listen      [::]:443 ssl http2;
+        server_name gitlab.sprinthub.ru;
+
+        ssl_certificate     /etc/nginx/fullchain.pem;
+        ssl_certificate_key /etc/nginx/privkey.pem;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-refferer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+        location / {
+            proxy_pass http://dev.sprinthub.ru:1234/;
+        }
+    }
+
     server {
         listen      80;
         server_name swarmpit.sprinthub.ru;
@@ -21,12 +40,50 @@ http {
         }
     }
 
+    server {
+        listen      443 ssl http2;
+        listen      [::]:443 ssl http2;
+        server_name swarmpit.sprinthub.ru;
+
+        ssl_certificate     /etc/nginx/fullchain.pem;
+        ssl_certificate_key /etc/nginx/privkey.pem;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-refferer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+        location / {
+            proxy_pass http://app:8080/;
+        }
+    }
+
     server {
         listen      80;
         server_name rabbitmq.sprinthub.ru;
 
         location / {
-            proxy_pass http://rabbitmq:15671/;
+            proxy_pass http://rabbitmq:15672/;
+        }
+    }
+
+    server {
+        listen      443 ssl http2;
+        listen      [::]:443 ssl http2;
+        server_name swarmpit.sprinthub.ru;
+
+        ssl_certificate     /etc/nginx/fullchain.pem;
+        ssl_certificate_key /etc/nginx/privkey.pem;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-refferer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+        location / {
+            proxy_pass http://rabbitmq:15672/;
         }
     }
 
@@ -39,6 +96,25 @@ http {
         }
     }
 
+    server {
+        listen      443 ssl http2;
+        listen      [::]:443 ssl http2;
+        server_name minio.sprinthub.ru;
+
+        ssl_certificate     /etc/nginx/fullchain.pem;
+        ssl_certificate_key /etc/nginx/privkey.pem;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-refferer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+        location / {
+            proxy_pass http://minio:9001/;
+        }
+    }
+
     server {
         listen      80;
         server_name battleship.sprinthub.ru;
@@ -48,6 +124,25 @@ http {
         }
     }
 
+    server {
+        listen      443 ssl http2;
+        listen      [::]:443 ssl http2;
+        server_name battleship.sprinthub.ru;
+
+        ssl_certificate     /etc/nginx/fullchain.pem;
+        ssl_certificate_key /etc/nginx/privkey.pem;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-refferer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+        location / {
+            proxy_pass http://battleship-nginx:1236/;
+        }
+    }
+
     server {
         listen      80;
         server_name dev.sprinthub.ru;
@@ -56,4 +151,24 @@ http {
             proxy_pass http://sprint-nginx:1235/;
         }
     }
+
+    server {
+        listen      443 ssl http2;
+        listen      [::]:443 ssl http2;
+        server_name dev.sprinthub.ru;
+
+        ssl_certificate     /etc/nginx/fullchain.pem;
+        ssl_certificate_key /etc/nginx/privkey.pem;
+
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header Referrer-Policy "no-refferer-when-downgrade" always;
+        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
+
+        location / {
+            proxy_pass http://sprint-nginx:1235/;
+        }
+    }
+
 }
\ No newline at end of file