infra/nginx/nginx-prod/nginx-prod.conf

events {}

http {
    client_max_body_size 50m;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    server {
        listen 80;
        server_name gitlab.sprinthub.ru;

        location / {
            proxy_pass http://dev.sprinthub.ru:1234/;
        }
    }

    server {
        listen 80;
        server_name *.sprinthub.ru;
        return 301 https://$host$request_uri;
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name gitlab.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://dev.sprinthub.ru:1234/;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name swarmpit.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://dev.sprinthub.ru:888/;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name portainer.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://dev.sprinthub.ru:8888/;
        }

        location /api/websocket/ {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
            proxy_pass http://dev.sprinthub.ru:8888/api/websocket/;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name swarmpit.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://dev.sprinthub.ru:15672/;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name minio.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://dev.sprinthub.ru:9001/;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name grafana.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://dev.sprinthub.ru:3000/;
        }

        location /api/live/ws {
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
            proxy_pass http://dev.sprinthub.ru:3000/api/live/ws;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name battleship.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://battleship-nginx:1236/;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name dev.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://sprint-nginx:1235/;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name exchange.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://exchange-nginx:1237/;
        }
    }

    server {
        listen      443 ssl http2;
        listen      [::]:443 ssl http2;
        server_name b-jokes.sprinthub.ru;

        ssl_certificate     /etc/nginx/fullchain.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-refferer-when-downgrade" always;
        add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;

        location / {
            proxy_pass http://b-jokes-nginx:1238/;
        }
    }

}