From f01cd1d53306d0e84259f76ff0cca33f6b443792 Mon Sep 17 00:00:00 2001
From: Guillaume Pellerin <guillaume.pellerin@parisson.com>
Date: Wed, 30 Jun 2021 01:15:53 +0200
Subject: [PATCH] update nginx prod conf

---
 etc/nginx.conf | 113 ++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 83 insertions(+), 30 deletions(-)

diff --git a/etc/nginx.conf b/etc/nginx.conf
index 251b89db..d917a3a9 100644
--- a/etc/nginx.conf
+++ b/etc/nginx.conf
@@ -1,37 +1,90 @@
-# the upstream component nginx needs to connect to
-upstream django {
-    # server unix:///path/to/your/mysite/mysite.sock; # for a file socket
-    server unix:///var/run/teleforma.sock; # for a web port socket (we'll use this first)
-    }
+upstream crfpa-docker {
+  server unix:///srv/crfpa-docker/app/run/wsgi.sock;
+}
 
 server {
-    # the port your site will be served on
-    listen      80;
-    # the domain name it will serve for
-    server_name 127.0.0.1; # substitute your machine's IP address or FQDN
-    charset     utf-8;
-
-    # max upload size
-    client_max_body_size 75M;   # adjust to taste
-
-    # Django media
-    location /media  {
-        alias /media/podcast/archives/;  # your Django project's media files - amend as required
-        #autoindex on;
-    }
+  listen 80;
+  listen [::]:80;
+  server_name e-learning.crfpa.pre-barreau.com;
 
-    location /static {
-        alias /var/www/static/; # your Django project's static files - amend as required
-    }
+  return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
+}
+
+server {
+  include ssl.conf;
+    ssl_certificate /etc/letsencrypt/live/e-learning.crfpa.pre-barreau.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/e-learning.crfpa.pre-barreau.com/privkey.pem; # managed by Certbot
 
-    # Finally, send all non-media requests to the Django server.
-    location / {
-        uwsgi_pass  django;
-        include     /etc/nginx/uwsgi_params; # the uwsgi_params file you installed
-        #uwsgi_pass_request_body on;
-        }
+  server_name e-learning.crfpa.pre-barreau.com; 
 
-    error_log /var/log/nginx/teleforma-error.log;
-    access_log /var/log/nginx/teleforma-access.log;
+  #access_log /var/log/nginx/e-learning.crfpa.pre-barreau.com-access.log;
+  access_log off;
+  error_log  /var/log/nginx/e-learning.crfpa.pre-barreau.com-error.log;
 
+  charset utf-8;
+  client_max_body_size 4096M;
+
+  root /var/www/html/;
+  
+  location / {
+    if (-f $document_root/maintenance/index.html) {
+      return 503;
     }
+    uwsgi_pass crfpa-docker;
+    include uwsgi_params;
+    uwsgi_read_timeout 60s; 
+    uwsgi_send_timeout 60s;
+  }
+
+  error_page 503 @maintenance;
+  location @maintenance {
+    rewrite ^(.*)$ /maintenance/index.html break;
+  }
+
+  location /ws/ {
+    proxy_pass http://localhost:9004/ws/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+  }
+
+  location /media/ {
+    alias /srv/crfpa-docker/var/media/;
+  }
+
+  location /media/Pre-Barreau/ {
+    alias /srv/crfpa-docker/var/media/Pre-Barreau/;
+    limit_rate_after 16m;
+    limit_rate 256k;
+    #internal;
+  }
+
+  location /media/items/ {
+    alias /srv/crfpa-docker/var/media/items/;
+    internal;
+  }
+
+
+  location /static/ {
+    alias /srv/crfpa-docker/var/static/;
+  }
+
+  location /favicon.ico {
+    alias /srv/crfpa/var/static/telemeta/images/favicon.ico;
+  }
+
+  location /robots.txt {
+    return 200 "User-agent: *\nDisallow: /";
+  }
+
+  location /room {
+        deny all;
+        return 404;
+  }
+}
-- 
2.39.5