kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
414a5cf3d6d2ad593309509ad21bf027454730f9
silo/deployments/nginx/nginx.conf
forbes-0023 fb13795ef7 feat(deployments): add all-in-one Docker Compose stack with OpenLDAP 
Add docker-compose.allinone.yaml with five services:
- PostgreSQL 16 with auto-applied migrations
- MinIO for S3-compatible file storage
- OpenLDAP (bitnami/openldap:2.6) with memberOf overlay and
  preconfigured silo-admins/silo-users/silo-viewers groups
- Silo API server built from Dockerfile
- Nginx reverse proxy (optional, via --profile nginx)

Add scripts/setup-docker.sh interactive helper that generates
deployments/.env and deployments/config.docker.yaml with random
credentials. Supports --non-interactive for CI.

Add deployments/ldap/ LDIF init scripts for memberOf overlay and
Silo role groups. Add deployments/nginx/ reverse proxy configs.
2026-02-12 08:58:55 -06:00

104 lines
3.1 KiB
Nginx Configuration File
Raw Blame History

# Silo Nginx Reverse Proxy (Docker)
#
# HTTP reverse proxy with optional HTTPS. To enable TLS:
# 1. Uncomment the ssl server block below
# 2. Mount your certificate and key in docker-compose:
# volumes:
# - /path/to/cert.pem:/etc/nginx/ssl/cert.pem:ro
# - /path/to/key.pem:/etc/nginx/ssl/key.pem:ro
# 3. Uncomment the HTTP-to-HTTPS redirect in the port 80 block
upstream silo_backend {
server silo:8080;
}
# HTTP server
server {
listen 80;
listen [::]:80;
server_name _;
# Uncomment the next line to redirect all HTTP traffic to HTTPS
# return 301 https://$host$request_uri;
location / {
proxy_pass http://silo_backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# SSE support
proxy_set_header Connection "";
proxy_buffering off;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 300s;
# File uploads (CAD files can be large)
client_max_body_size 100M;
}
# Health check endpoint for monitoring
location /nginx-health {
access_log off;
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
# Uncomment for HTTPS (mount certs in docker-compose volumes)
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
#
# ssl_certificate /etc/nginx/ssl/cert.pem;
# ssl_certificate_key /etc/nginx/ssl/key.pem;
#
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
# ssl_prefer_server_ciphers off;
# ssl_session_timeout 1d;
# ssl_session_cache shared:SSL:10m;
# ssl_session_tickets off;
#
# # Security headers
# add_header X-Frame-Options "SAMEORIGIN" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header Referrer-Policy "strict-origin-when-cross-origin" always;
#
# location / {
# proxy_pass http://silo_backend;
# proxy_http_version 1.1;
#
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Port $server_port;
#
# proxy_set_header Connection "";
# proxy_buffering off;
#
# proxy_connect_timeout 60s;
# proxy_send_timeout 60s;
# proxy_read_timeout 300s;
#
# client_max_body_size 100M;
# }
#
# location /nginx-health {
# access_log off;
# return 200 "OK\n";
# add_header Content-Type text/plain;
# }
# }
Reference in New Issue View Git Blame Copy Permalink