paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-07 07:23:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dd7cf27735f5c56fc49a268611d901b300936579
zulip/puppet/kandra/files/nginx/sites-available/zulip
Alex Vandiver 77a121082b kandra: Add localhost access to internal APIs on port 80. 
This parallels 02d3fb7666.
2024-09-25 10:08:27 -07:00

35 lines
1016 B
Plaintext
Raw Blame History

server {
# If coming from localhost, we do allow access to internal
# APIs over HTTP.
listen 127.0.0.1:80;
listen [::1]:80;
location /api/internal/ {
include /etc/nginx/zulip-include/api_headers;
include uwsgi_params;
}
}
include /etc/nginx/zulip-include/trusted-proto;
include /etc/nginx/zulip-include/s3-cache;
include /etc/nginx/zulip-include/upstreams;
include /etc/zulip/nginx_sharding_map.conf;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# This server is behind an ALB, which does not check the
# certificate validity:
# https://kevin.burke.dev/kevin/aws-alb-validation-tls-reply/
#
# Snakeoil verts are good for 10 years after initial creation, but
# the ALBs don't even check expiration. ¯\_(ツ)_/¯
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
server_name zulipchat.com *.zulipchat.com;
include /etc/nginx/zulip-include/app;
}
Reference in New Issue View Git Blame Copy Permalink