admin/gw-svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v4.0.0.1

Browse Source
This commit is contained in:
ponzischeme89
2026-05-19 23:36:58 +12:00
parent 5172588488
commit a7f8a619b1
68 changed files with 4486 additions and 1430 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nginx/goodwalk.co.nz.svelte.conf.example
+53 -7
View File
@@ -16,7 +16,7 @@ server {
server {
listen 80;
server_name onboarding.goodwalk.co.nz;
server_name clients.goodwalk.co.nz onboarding.goodwalk.co.nz;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
@@ -24,13 +24,13 @@ server {
}
location / {
return 301 https://onboarding.goodwalk.co.nz$request_uri;
return 301 https://clients.goodwalk.co.nz$request_uri;
}
}
server {
listen 80;
server_name admin.goodwalk.co.nz;
server_name cp.goodwalk.co.nz admin.goodwalk.co.nz;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
@@ -38,7 +38,7 @@ server {
}
location / {
return 301 https://admin.goodwalk.co.nz$request_uri;
return 301 https://cp.goodwalk.co.nz$request_uri;
}
}
@@ -70,6 +70,8 @@ server {
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" always;
client_max_body_size 2m;
gzip on;
gzip_vary on;
@@ -113,6 +115,16 @@ server {
return 404;
}
location = /api/health {
access_log off;
set $goodwalk_mail_api goodwalk_svelte_mail_api:8000;
proxy_pass http://$goodwalk_mail_api/health;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_connect_timeout 2s;
proxy_read_timeout 5s;
}
location /api/submit {
if (-f /etc/nginx/conf.d/maintenance.flag) {
return 503;
@@ -152,6 +164,16 @@ server {
ssl_certificate /etc/letsencrypt/live/onboarding.goodwalk.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/onboarding.goodwalk.co.nz/privkey.pem;
return 301 https://clients.goodwalk.co.nz$request_uri;
}
server {
listen 443 ssl;
server_name clients.goodwalk.co.nz;
ssl_certificate /etc/letsencrypt/live/clients.goodwalk.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/clients.goodwalk.co.nz/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
@@ -163,6 +185,8 @@ server {
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" always;
client_max_body_size 2m;
gzip on;
gzip_vary on;
@@ -176,6 +200,16 @@ server {
deny all;
}
location = /api/health {
access_log off;
set $goodwalk_mail_api goodwalk_svelte_mail_api:8000;
proxy_pass http://$goodwalk_mail_api/health;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_connect_timeout 2s;
proxy_read_timeout 5s;
}
location /api/onboarding-submit {
if (-f /etc/nginx/conf.d/maintenance.flag) {
return 503;
@@ -222,10 +256,10 @@ server {
server {
listen 443 ssl;
server_name admin.goodwalk.co.nz;
server_name cp.goodwalk.co.nz;
ssl_certificate /etc/letsencrypt/live/admin.goodwalk.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin.goodwalk.co.nz/privkey.pem;
ssl_certificate /etc/letsencrypt/live/cp.goodwalk.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cp.goodwalk.co.nz/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
@@ -238,7 +272,9 @@ server {
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy "no-referrer" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" always;
add_header X-Robots-Tag "noindex, nofollow" always;
client_max_body_size 2m;
gzip on;
gzip_vary on;
@@ -252,6 +288,16 @@ server {
deny all;
}
location = /api/health {
access_log off;
set $goodwalk_mail_api goodwalk_svelte_mail_api:8000;
proxy_pass http://$goodwalk_mail_api/health;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_connect_timeout 2s;
proxy_read_timeout 5s;
}
# Auth endpoints proxied to mail-api (verify / login / logout).
location /api/auth/ {
set $goodwalk_mail_api goodwalk_svelte_mail_api:8000;
nginx/nginx.conf
+99 -2
View File
@@ -14,14 +14,27 @@ server {
server {
listen 80;
server_name onboarding.goodwalk.co.nz;
server_name clients.goodwalk.co.nz onboarding.goodwalk.co.nz;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
return 301 https://clients.goodwalk.co.nz$request_uri;
}
}
server {
listen 80;
server_name cp.goodwalk.co.nz admin.goodwalk.co.nz;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://cp.goodwalk.co.nz$request_uri;
}
}
@@ -72,6 +85,18 @@ server {
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
return 301 https://clients.goodwalk.co.nz$request_uri;
}
server {
listen 443 ssl;
server_name clients.goodwalk.co.nz;
ssl_certificate /etc/letsencrypt/live/clients.goodwalk.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/clients.goodwalk.co.nz/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
@@ -89,6 +114,78 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/auth/ {
rewrite ^/api/auth/(.*)$ /auth/$1 break;
proxy_pass http://mail-api:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://app:3000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 443 ssl;
server_name admin.goodwalk.co.nz;
ssl_certificate /etc/letsencrypt/live/admin.goodwalk.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin.goodwalk.co.nz/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
return 301 https://cp.goodwalk.co.nz$request_uri;
}
server {
listen 443 ssl;
server_name cp.goodwalk.co.nz;
ssl_certificate /etc/letsencrypt/live/cp.goodwalk.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cp.goodwalk.co.nz/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header Referrer-Policy no-referrer always;
add_header X-Robots-Tag "noindex, nofollow" always;
gzip on;
gzip_types text/plain text/css application/javascript application/json image/svg+xml;
location /api/auth/ {
rewrite ^/api/auth/(.*)$ /auth/$1 break;
proxy_pass http://mail-api:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/owner/ {
rewrite ^/api/owner/(.*)$ /owner/$1 break;
proxy_pass http://mail-api:8000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://app:3000;
proxy_http_version 1.1;