This repository has been archived by the owner on May 25, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfilehive_nginx.conf
executable file
·180 lines (150 loc) · 7.33 KB
/
filehive_nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
map $status $status_title {
400 "Bad Request";
401 "Unauthorized";
403 "Forbidden";
404 "Not Found";
405 "Method Not Allowed";
406 "Not Acceptable";
407 "Proxy Authentication Required";
408 "Request Timeout";
409 "Conflict";
410 "Gone";
411 "Length Required";
412 "Precondition Failed";
413 "Payload Too Large";
414 "URI Too Long";
415 "Unsupported Media Type";
416 "Range Not Satisfiable";
417 "Expectation Failed";
418 "I'm a teapot";
421 "Misdirected Request";
422 "Unprocessable Entity";
423 "Locked";
425 "Too Early";
426 "Upgrade Required";
428 "Precondition Required";
429 "Too Many Requests";
431 "Request Header Fields Too Large";
451 "Unavailable For Legal Reasons";
500 "Internal Server Error";
501 "Not Implemented";
502 "Bad Gateway";
503 "Service Unavailable";
504 "Gateway Timeout";
505 "HTTP Version Not Supported";
506 "Variant Also Negotiates";
507 "Insufficient Storage";
508 "Loop Detected";
510 "Not Extended";
511 "Network Authentication Required";
default "Unknown Error";
}
map $status $status_message {
400 "The server cannot or will not process the request due to an apparent client error.";
401 "The client must authenticate itself to get the requested response.";
403 "The server understood the request, but is refusing to fulfill it. You probably are missing permissions.";
404 "The server cannot find the requested resource.";
405 "The method specified in the request is not allowed for the resource identified by the URI.";
406 "The resource identified by the request is only capable of generating response entities that have content characteristics not acceptable according to the accept headers sent in the request.";
407 "The client must first authenticate itself with the proxy.";
408 "The server timed out waiting for the request.";
409 "The request could not be completed due to a conflict with the current state of the resource.";
410 "The requested resource is no longer available and will not be available again.";
411 "The request did not specify the length of its content, which is required by the requested resource.";
412 "The server does not meet one of the preconditions that the requester put on the request.";
413 "The server cannot process the request because the request payload is too large.";
414 "The URI requested by the client is too long.";
415 "The server cannot process the request because the media type requested by the client is not supported.";
416 "The client has asked for a portion of the file (byte serving), but the server cannot supply that portion.";
417 "The server cannot meet the requirements of the Expect request-header field.";
418 "This code was defined in 1998 as one of the traditional IETF April Fools' jokes.";
421 "The request was directed at a server that is not able to produce a response.";
422 "The request was well-formed but was unable to be followed due to semantic errors.";
423 "The resource that is being accessed is locked.";
425 "The server is unwilling to risk processing a request that might be replayed.";
426 "The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field.";
428 "The origin server requires the request to be conditional.";
429 "The user has sent too many requests in a given amount of time.";
431 "The server is unwilling to process the request because its header fields are too large.";
451 "The server is denying access to the resource as a consequence of a legal demand.";
500 "The server encountered an unexpected condition that prevented it from fulfilling the request.";
501 "The server does not support the functionality required to fulfill the request.";
502 "The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.";
503 "The server is currently unable to handle the request due to a temporary overload or maintenance of the server.";
504 "The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI.";
505 "The server does not support the HTTP protocol version used in the request.";
506 "The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.";
507 "The method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request.";
508 "The server detected an infinite loop while processing the request.";
510 "The client needs to update to a newer version of the protocol to access the requested resource.";
511 "The client needs to authenticate to gain network access.";
default "Sorry, something weird hapened.";
}
server {
# Those variables are needed for the configuration, edit them to fit your config if edited.
# please note that you will need to replace your value of static_path (if edited) in the location block because nginx does not support variable in location block.
# DO NOT ADD A TRAILING SLASH.
set $static_path "/filehive-internal/static";
set $login_path "/filehive-internal/login";
set $filehive_ip "127.0.0.1";
set $filehive_port 80;
# 0 disable the check, pass it in MegaBytes, different from filehive that is is Bytes
set $filehive_max_upload_file_size 0;
# The directory where filehive files are located (no trailing slash)
set $filehive_installation_dir "/path/to/filehive";
# The path of the dir in your filehive config
set $filehive_dir "/path/to/dir/";
listen 443 ssl ;
listen [::]:443 ;
server_name example.com;
# Path to your ssl_certificates
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
access_log /path/to/access.log;
error_log path/to/error.log;
root $filehive_dir;
client_max_body_size $filehive_max_upload_file_sizeM;
# Location block for the protected directory
location / {
if (-f $request_filename) {
rewrite ^ /__internal$uri last;
}
proxy_pass http://$filehive_ip:$filehive_port;
}
location /__internal {
rewrite ^/__internal(?<realurl>/.*)$ $realurl break;
auth_request /auth;
auth_request_set $auth_status $upstream_status;
try_files $uri =404;
}
error_page 400 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /nginx-error-template.html;
error_page 401 /nginx-401-error-template.html;
location /nginx-401-error-template.html {
add_header Set-Cookie "lastVisited=$realurl;Path=/" always;
ssi on;
internal;
auth_basic off;
root $filehive_installation_dir/src/public/errors;
}
location /nginx-error-template.html {
ssi on;
internal;
auth_basic off;
root $filehive_installation_dir/src/public/errors;
}
location /filehive-internal/static {
alias $filehive_installation_dir/src/public;
}
# Location block for the auth endpoint
location = /auth {
# Define the authentication server
internal;
proxy_pass http://$filehive_ip:$filehive_port$request_uri;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header If-Modified-Since "";
}
}